Synthetic Fraud Can Haunt Credit Unions

Republished from CCUL's CU Weekly dated September 10, 2018. By James McCabe.

Synthetic identity theft is a growing threat to credit unions—costing financial institutions billions of dollars. It’s a type of fraud in which a criminal uses fake information, sometimes combined with real (usually stolen) data, to create a fictitious identity. This made-up identity is used to open fraudulent accounts and make fraudulent purchases.

Credit unions and other financial institutions often fall prey to synthetic identity theft since much of the information criminals provide them with is legitimate. Synthetic identity theft allows the criminal to steal from lenders by opening credit card, auto loan and other accounts. In January, Accenture PLC listed synthetic-identity fraud as one of the biggest threats facing financial institutions in 2018.

Synthetic identity theft may account for five percent of uncollected debt and up to 20 percent of credit losses, or $6 billion in 2016, according to some industry analysts. The problem is even more acute with auto loans. TransUnion says a record $355 million in outstanding credit-card balances was owed by people who it suspects didn’t exist in 2017, up more than 8x from 2012.
Synthetic identity fraud exploits a weakness in America’s consumer-credit system. Lenders often consider a loan applicant legitimate if the applicant has a credit report at one of the three credit bureaus. But a new “credit file”—essentially a precursor to a credit report—often gets created when someone simply applies, even if the loan gets denied. If one lender approves a loan for the fictitious individual, that information can make the file a full-fledged credit report.

How a “Phantom Borrower” is Born:

• Scammer applies for loan using fake identity
• Query to credit-reporting firm reveals no borrowing history. Applicant likely gets rejected
• Query results in a new 'credit file,' a precursor to a credit report. Suddenly, a new identity has been born
• Scammer applies for more loans, expanding credit file, giving lenders perception that applicant is real
  
  

TransUnion and Experian say it is difficult to distinguish between a “phantom borrower” and a real borrower who’s applying for credit for the first time and has identifying information that isn’t on file.

One of the reasons that more criminals are using the synthetic identity scam is because lenders have gotten better at protecting against traditional identity theft, which often involves using stolen data about real consumers. When bypassing actual consumers, scammers send fewer “red flags.”

While individuals probably won’t get a high-spending-limit card or large loan without a repayment history, some identity scammers pay bills promptly to qualify for higher limits, then default on larger loans or when credit card has been “maxed out”. It then costs financial institutions a myriad of hours to track down individuals who don’t exist.

Fortunately for lenders, synthetic identity fraud detection and prevention strategies have evolved, as well. Digital technology, neural networks and predictive analytics powered by machine learning and artificial intelligence are helping to more quickly scan large databases like those generated by data-furnishing front companies.
​
Protecting Your Credit Union from Synthetic ID Theft
Synthetic identity can cost a credit union thousands of dollars and numerous unrecoverable hours. Protecting your credit union from synthetic identity requires strong security and recovery programs.

1. Implement Strong Security Processes 
   The use of biometrics and cross-referenced background checks for identity verification can help stop synthetic identity thieves. Take extra precautions when applicants have no credit history.
   
   
2. Provide Fully Managed ID Recovery 
   Give account holders the right tools and support to keep them safe from synthetic identity theft. In the event their information is ever compromised, they’ll want to know that their credit union is there to help. Implement a Fully Managed Recovery (FMR) program that puts members’ service first and will act on their behalf during the entire identity restoration process.

​
Having greater cybersecurity preparedness needs to be the top priority for credit unions. This will help credit unions avoid becoming victims of synthetic identity fraud, as well as will create the basis for the ultimate response to any data breach or identity theft when it happens. Strong cybersecurity preparedness isn’t cheap, so credit unions must search and find solutions that also generates new income streams while delivering cybersecurity preparedness.

Source: "The New ID Theft: Thousands of Credit Applicants Who Don’t Exist” WSJ, 6 March. 2018.