​When many credit unions were figuring out how to protect their institutions and survive during the COVID-19 pandemic of 2020, several credit unions decided to take decisive action to support the members outside of the CU walls.  With the pandemic creating a perfect storm of vulnerability for many members, especially the older members, it was apparent that everyone was facing an avalanche of attacks.  
 
Some credit unions have boldly stepped up their commitment to help members in this unique and unprecedented time by providing their members with services that protect against the tidal wave of ID theft & fraud happening around them.  Members saw these highly effective and protective services as an added value from their credit union as they became included with their checking accounts for just a nominal monthly fee. Typically, these new protective services' retail value was worth at least (10) ten times more than the account level fee, which resulted in member acceptance rates of over 90% ….thus generating non-interest income as well.
 
With more ID fraud and theft happening outside of credit and finances, these services were just what members needed to stay protected against all forms of cyber assaults from hackers and other ID thieves. Dark web monitoring and fully managed ID theft recovery services included in these strategic services to members also assured the members of an ultimate safety net against any form of ID theft or fraud…financial or non-financial.   The amount of COVID-19 related scams, schemes, and fraud happening in 2020 was beyond anyone's imagination.  So these special actions by credit unions were well received by members as powerful means to defend their identities.
 
Unfortunately, 2021 is not forecasted to be any better. The Experian Data Breach Forecast predicts that this will be the year of the 'Cyber-demic.'  It is hard to believe that 2021 could surpass the horrific ID fraud loss seen in 2020.  Leading up to the start of the pandemic, the annual recorded consumer ID fraud loss was $13 billion. By the end of 2020, the figure had more than tripled to a record of $43 billion.  And according to the 2021 Javelin Strategy & Research Report, the total combined consumer and business fraud loss in the country was $56 billion, demonstrating how consumers (your members) faced a double dose of physical and financial harm during the pandemic.
 
Credit unions that implemented protective ID programs in 2020 also positioned their members for a defense against the 2021 continuation of the same potential attacks and more. Your members are already facing a massive amount of unemployment benefits fraud.  There was $63 billion lost to fraudulent unemployment claims in 2020, and if things don’t change, 2021 is trending towards a nationwide loss of $300 billion. In addition, the ID Theft Resource Center already calculates that the 1st quarter of 2021 saw a 564% increase over the 4th quarter 2020 for breached records….and that does not include the announcement in early April 2021 of 500 million LinkedIn users who were breached.
 
In mid-March 2021 the FBI issued a statement on the sharp rise in Phishing scams, and the statistics show that consumers (members) still need to be made aware of these attacks. Each time a credit union implements a protective ID program, they also provide thorough education and awareness updates.  This action is critical to ensure that members fully understand the dangers they face from some very sophisticated criminals and to fully appreciate the protection they now receive from their credit union. 
 
With the recent report by Canalys showing that more data records were breached in the past 12 months than in all the previous 15 years combined, it is clear that the cyber-demic is in full force.  And, unfortunately, it will continue according to all major predictors.   So, at what point does it make sense to implement the kind of protective services your members need in these times of heightened risks? Clearly, members are willing to accept and appreciate these services when presented with a robust value proposition by their credit union.  And clearly, these are the kind of services that set credit unions apart from other financial institutions…..going the extra mile for their members.

As if 2020 wasn’t bad enough, we have entered 2021 with another looming danger that continues to expand and wreak havoc in your members’ lives. I call it the “cyber-demic,” a cyber-warfare that’s spreading like we haven’t seen before, caused by hackers who are leveraging COVID-19 to steal, sell and damage your members’ identities. Even more unsettling is that unlike the pandemic, there’s no vaccine to slow down these attacks that are rapidly spreading and will continue to haunt individuals and businesses alike.

A detailed article from TechRepublic about the 2021 Experian Data Breach forecast painted a grim picture of what’s yet to come:

• Hackers are likely to target digital usage from more remote working.
• Hackers may target the ecosystem of the COVID-19 vaccines.
• COVID-19 tracing apps create a new surface for hackers to exploit.
• The expansion of 5G will present increased vulnerabilities.
• The rush to adopt digital and telehealth services puts the health care industry at an even greater risk for attacks.

What is your credit union doing to support your members in the midst of these 2021 predictions? Your members face significant risks on several fronts, and attacks can strike without any warning.
As COVID-19 continues to headline the news, the vaccine rollout will present opportunities for criminals to prey on the fear, confusion and misinformation that your members are confronting. The advent of contract tracing organizations is creating new avenues for criminals to steal your members’ personal health information (PHI) – for example, thieves may pretend to be contract tracers to maximize the amount of information they can steal. Health records continue to be the most valuable data to resell on the black market, a trend that opens your members up to vicious attacks of all kinds.

With COVID-19 protocols requiring more and more of your members to set up work-from-home environments, along with the evolution of the 5G network, cyber-hackers have numerous opportunities to attack. These technological hacking geniuses know all the vulnerabilities of home networking. The extensive connectivity of 5G technology makes your members more vulnerable to being caught off guard. According to the 2021 Experian Data Breach Industry Forecast, with the technological control of a house’s security and other devices, criminals will more regularly hold a household hostage in exchange for money, valuable information or just for the potential fame.

Add to all of this the fundamental uncertainty of day-to-day restrictions and potential new mandates on the public, and it is easy to understand why your members are wondering how to best protect their lives, families and assets. Credit unions have always demonstrated their ability to step forward and provide sound financial advice and guidance in uncertain times. And now, more than ever, members need extra support and guidance from their credit union.

Have you considered new ways to protect members outside the walls of your credit union with new services that could include ID theft and fraud recovery, and robust protective monitoring? This monitoring could include Dark Web monitoring to alert members when their non-financial data (i.e. PHI) is being attacked or used against them. You could also offer members mobile phone protection and perhaps some well-positioned discount programs to save them money. These kinds of services are available, and several components can extend to their whole family. Bringing these enhanced services goes a long way to increase member engagement and generate non-interest income, and it’s something hundreds of credit unions are doing today.
​
Cybersecurity preparedness has been a mantra of the NCUA for over seven years. Yes, the vulnerabilities of data breaches are ever-present for credit unions, and fraud is getting worse all the time. But the “front-line” targets beyond the credit union are your members, and they require serious help. Why not heed the cyber-demic warnings of the 2021 Experian Data Breach Industry Forecast and do what other financial institutions aren’t doing – bring more protection and guidance to members to expand their faith and trust in their faithful credit union?

Over the past nine months, our country has experienced an unprecedented pandemic that featured a transmittable virus that spread "like wildfire" to millions of Americans.  Unfortunately, the world's criminals have preyed upon this fast-spreading viral disease to create the spread of criminal activity that has moved as swiftly as the virus itself.

With October being National Cybersecurity Month, it is disheartening to say that Americans, including thousands of your members, face the worst ever epidemic of ID theft & fraud.  It is a tidal wave of criminal attacks hitting your members from so many directions, which makes them defenseless if they are in the sights of the bad guys.  

We've seen the warnings for all of these attacks coming from so many sources.  The FBI, CIA, Homeland Security, and other national watchdogs have been trying to expose the criminals and their many forms of assault on innocent individuals.   

In March, we saw the first signs of attack coming via the Phishing email avalanche that hit Americans with a 600% increase in just one month. 

Then in April, we were all alerted to the several devious ways that crooks were creating Stimulus Check Scams against Americans (including your members) who were desperately in need of the funds to stay afloat.

There was a critical alert announced in May from several Federal Agencies that the coronavirus pandemic was helping to facilitate "malicious attempts leveraging stimulus-themed emails and text messages to obtain personally identifiable information and bank account details from individuals." The IRS, Homeland Security, and Secret Service, among others, are particularly concerned about the intrusions happening within healthcare organizations and are encouraging heightened controls, especially on teleworkers operating in unsecured places. 

In May, the Institute on Aging also released a warning about criminals aggressively targeting the elderly.  Elders, who maintain the vast majority of the nations' wealth and face more isolation from being the pandemic's highest risks, have become an appealing prey for cybercriminals. Elder members need some focused attention at this time and it would benefit credit unions to show them some special support. 

A Beazley study released in June also indicated that businesses are also highly targeted by sophisticated thieves. Phishing scams and the confusion of the virus have made it an excellent opportunity to drive up ransomware attacks on a wide variety of industries.  Credit Union members are also affected, as many of them are consumers, employees, and owners of these vulnerable businesses. 

Perhaps one of the most alarming warnings came in June by the FBI, when they announced that there had been significant attacks on mobile banking apps and fake banking apps developed by criminals.  COVID-19 has caused more people (your members) to bank remotely and has increased mobile banking usage. According to the FBI, "Hackers are increasingly aiming at mobile banking app users to steal credentials and commander bank accounts."

In light of this mountain of evidence that credit union members are facing unprecedented levels of risk for ID theft and fraud events, the question becomes, "What will credit unions do to help them?" The answer starts with an awareness campaign that educates members about what is happening around them with cyber hacking, phishing emails, stimulus scams, and various fraud attacks.  Now is the time to create an "eye's wide open" moment for members to be on guard and ready to defend themselves.

Of course, credit unions can go the extra mile for members, which is what credit unions are known for, and incorporate protective ID theft and fraud services as part of their member-owned accounts.  Hundreds of credit unions nationwide have begun to provide their members with this "ultimate safety net of protection."  Programs are readily available to make this happen while also providing the opportunity to generate much needed non-interest income to offset growing fraud loss, pandemic-related revenue gaps, and secure funding to maximize institutional protection as well.  

All of this being said….wouldn’t NOW be a good time to give members a positive solution to fight this spreading crime wave?  Where else would you want your members to go than the credit union they trust?

It is that time of year when students' vulnerability for ID theft attacks goes up exponentially as they head back to school. And this year, they face a dramatically more substantial threat posed by the increased time they spend online taking virtual classes. 

The criminals are always excited about the idea of capturing student information and using it as a means to attack them or their parents. Thieves can also potentially gain access to all kinds of financial data from school applications and financial aid documents passing through the internet.  Or they might gain access to the students' computers and steal files of personal & financial data. The COVID-19 crisis has definitely made students a prime target (COVID-19 scams targeting college students) for those preying upon our fears and the significant distractions from this national emergency. 

So what can credit unions provide in the way of services to help create a safer environment for students and their parents (your members)?  There would be nothing quite as powerful as an extensive array of ID Theft & Fraud Protective services.  These are the type of services to provide your members' families a means to detect attacks and effortless recovery solutions in case thieves make it past defensive measures.  Many credit unions have implemented these kinds of protective services with targeted programs that incorporate these services and generated substantial non-interest income. 
 
Again, with the new distance learning that has affected most many states, your members face an ominous risk for phishing attacks and hacking attacks like never before.   Your credit union is also operating at a higher risk in this COVID-19 environment.  A recent study by Beazley Insurance indicates that financial institutions and the healthcare industry are prime targets of phishing scams, which has resulted in a 25% increase in ransomware in the 1st quarter of 2020 alone. 
 
What can credit unions do to protect themselves in these unsettling times?  Some solutions that protect your members from ID theft & fraud also come with protection for the credit union, such as data breach recovery & restoration services. Although every financial institution is responsible for having a robust incident response plan, it is wise to have another set of expert eyes on the situation to ensure that your credit union addresses every aspect of a breach response.  

As the country continues its battle against the COVID-19 pandemic, there is a war being waged against consumers by criminals who are finding insidious and ingenious ways to wreak havoc.

​Researchers at Barracuda Networks noted a 667 percent increase in phishing emails during March alone. These emails were malicious attempts to lure consumers into clicking on dangerous links and subsequently downloading computer viruses that lead to malware, ransomware, and individual ID theft attacks.

By the middle of this past April, the Federal Trade Commission had received over 17,000 complaints. It determined that criminals had already stolen more than $13 million in COVID-19 related scams and attacks.

Several U.S. federal agencies are posting alerts on nearly a weekly basis to warn consumers (your members) about aggressive attacks designed to prey upon the fear and distraction related to the COVID-19 crisis. In May, the Feds issued a joint warning with the Department of Homeland Security Cybersecurity and Infrastructure Security Agency, Department of the Treasury, the IRS, and the Secret Service about COVID-19 CARES Act payment fraud scams.

In June, the FBI has made it clear that hackers are now targeting mobile banking app users to steal their credentials and commandeer bank accounts.  Now is the beginning of a dangerous time for anyone who thinks the bad guys aren’t going to find a way to take over our phones and all the personal data they store.

Based on this continuous news about attacks on your members, credit union executives have an excellent opportunity to come to the aid of their members when it counts the most. Why not take this moment to bring members a source of protection from their credit union that they could not afford anywhere else?

Now is the opportune time to bring your members a suite of ID theft and fraud protection & recovery services that provide them and their families, the ultimate safety net against the avalanche of attacks happening around them.  Search out the best resource for this kind of protection and give your members a positive message during this time when good news is seldom being heard.

In December 2019, an article in CPO Marketing acknowledged that the FBI had issued a warning to the auto industry about being a target for cyberattacks. The U.S. automotive industry has become a target for cybercriminals because of the vast amount of personal data it contains. It is rare when you hear the FBI single out a particular industry followed with substantial warnings like this one, which says, "Automotive companies need to develop proactive defensive security measures to deal with all of the risks highlighted by the FBI warning." And ditto for the credit unions who work with auto dealers to be on guard and extend protections to their members.

Although this FBI warning went out to the auto industry, it affects more than just dealers. Credit unions who offer auto loans and members who receive financing are also at risk. The article mentioned above, clearly states that “In particular, when an enterprise shares data or partners with other organizations, it needs to be aware not only of the risk directly posed to its systems but the risk to its partners’ systems as well.”  The financial data of members is a part of the automotive industry’s growing risks, and members should be aware so that they can ask the auto dealers how their data is protected.  

Members also need to understand that identity theft is not just happening on debit or credit card transactions. Criminals are using stolen data to go beyond the typical financial transactions to pull off much more significant crimes.  For example, cyber thieves who use stolen identities for medical fraud and to make big-ticket purchases can create nightmares and years of torment for the victims. 

Compounding this specific attack on the auto industry and indirectly, your credit union, the COVID-19 pandemic has made the auto industry and other businesses even more susceptible to attacks, establishing an entirely new dynamic to the threats that already existed. Cyber thieves are using this time as an opportunity to attack while dealerships and other companies are hyper-focused on managing the effects of the coronavirus. As a result, another FBI warning has emerged about coronavirus scams and the need for vigilance and awareness as these attacks increase.

The current state of the world and anticipated new attacks are hitting very close to home for the credit union world, and it warrants a serious new assessment of your credit unions' overall cybersecurity preparedness. There is a new magnitude of fear and distraction within consumers (your members), and unfortunately, this creates the perfect feeding ground for criminals to attack.
Also, imagine the level of criminal activity that will happen when millions of Americans are sent government funds as part of the coronavirus stimulus package. It won’t take the ingenious criminals long to find a way to intercept funds or deceive recipients in some calculated scheme.  
 
All of this allows credit unions to be purposeful in reacting to the FBI warnings and to demonstrate their commitment to looking after their members' well-being. Many credit unions are putting into place a strategy of ID theft protection that provides a heightened level of protection for the whole credit union and its members in a manner that also increases member engagement.

In closing, it is another fantastic opportunity for credit unions to show how they care for their members beyond the walls of the institution and how they differentiate themselves in the financial industry.  Bring your members solutions that demonstrate the understanding of their growing risks and offer some expanded education & awareness.  They may not immediately connect the FBI’s warnings to the auto industry or about the COVID-19 pandemic to threats that pertain to them, so a credit union centric reminder could be just what members might need.  And giving the members a powerful, positive message in this time of fear and trepidation will solidify your relationship with them during the worst of times. Thus, making way for long-term success when the good times return.  

We are facing an unprecedented time in our lives with the coronavirus upon us and people taking every imaginable precaution to “be safe” and survive the aftermath.  Having three sisters who are nurses and who love to give advice, the basic practices of good hygiene are essential and the best way to avoid this virus.  That is as far as this article will go on any medical aspects of this issue.

With the wave of fear going on, it might be a great opportunity for credit unions to look at the financial aspects of this unprecedented time and determine what other ways that members could be supported. 

Understanding that the healthcare industry is the leading industry for data breach and ID theft related issues (medical ID theft & fraud), perhaps it might be prudent to look for ways to protect members as they find themselves possibly spending more time in urgent care facilities or hospitals.  Criminals know that these healthcare operations are extremely distracted by the potential number of patients which could unfold….hopefully not….but these operations need to be prepared. For an example, in 2019, 40 million Americans were affected by health data breaches.

Members might really appreciate a symbol of protection and concern from their credit union at this time. Although you can’t provide a medical solution to offer, you could provide basic protection against the threats of medical fraud attacks and provide increased member awareness to be on guard. For those credit unions who might already have ID theft & fraud protection incorporated into services it is a fantastic time to remind members of these powerful services.

The coronavirus scams are already in full swing from the criminals and we can all expect it to only get worse as people continue to get bombarded with every imaginable negative news associated with this pandemic…driving up fear and uncertainty.

There are a wide variety of packaged solutions out on the market that incorporate fully managed ID theft & fraud recovery together with strong dark web monitoring to give members the ultimate safety net against criminal medical fraud & ID theft attacks.  If nothing else, incorporating these kinds of services signifies to members the intent to be protective in whatever means possible….and help calm fears.  It might even be practical to provide these services at no cost to the members for an extended period of time, thus showing a sensitivity to the economic effects of all of this as well.

These unprecedented times call for unprecedented action and credit unions have a powerful voice with their members to guide them and offer a positive message of identity protection and safety while they are dealing with the potential medical dangers at the same time.  Any kind of positive news at this time could be received by members in the most significant way and remind them how credit unions uniquely go beyond their walls to enhance the lives of those they serve.

Over the past year, we have seen a continued incline in data breach events. A few years ago, it was not uncommon for a data breach to make news headlines once every month or two. In 2019, that began to change. The public announcement of a new data breach has become a weekly occurrence. That's because there was a 17% increase in data breach events in 2019 over 2018.

Not too surprisingly, 2020 has started with a series of breach announcements, which is indicating another record year for attacks. But, in addition to the increased frequency of breach events, the growing number of breaches involving "harmless" data is another notable trend that many people have shrugged off as just being annoying. Breaches like the one from Microsoft, which exposed 250 million customer records, didn't alarm as many people because it lacked the SSNs, birth dates, and credit card data that have impacted other breaches, such as those from the healthcare industry. 

The recent wave of data breach activities that involve data such as email addresses, mailing addresses, phone numbers, and passwords are the breaches that can be the most dangerous because they're the ones that many consumers ignore and fail to react proactively. Many consumers (your members) do not realize that a non-financial data breach can be just as detrimental because a hacker only needs a small bit of personal data to cause havoc on someone's identity.

Your members need to be aware that criminals are keenly interested in this "non-financial" data to allow them access to more critical data. For example, the stolen Instagram passwords of 419 million users could be the gateway to financial and other sensitive accounts since over 60% of adults use the same login credentials for multiple accounts, and 44% of consumers change their passwords once a year or less.

Hackers also use inconsequential data from breaches such as PhotoSquared App, Estée Lauder, and Arizona Department of Education to round out the data that they previously collected from the same individuals.  The breach events of Equifax and Capital One exposed almost every adult (147+ million) US citizen's social security number. Having a closer to complete data file on a person allows criminals to do more damage, which is why there has been such a dramatic increase in New Account and Account Takeover Fraud in the past five years (138% higher in 2019 than in 2014).

Credit Unions have a significant Member-centric focus that sets them apart from other financial institutions. So wouldn’t it be credit union-centric to provide members with education, awareness, and protective services against ID theft & fraud events, unlike other financial institutions?  Fighting the ever-increasing complacency of consumers (members) can add another differentiating factor for your credit union.   Hundreds of credit unions are implementing value- rich ID theft recovery & monitoring programs for members that set them apart in ways that enhance member engagement and can also generate non-interest income.  
​
Members are often confused and bewildered about how to combat the risks that they know they are facing with the rapid advancement of data technologies. Cell phones and other mobile devices are especially a concern since they are typically the storing mechanism for everything about an individual. This is particularly true of the Millennial generation.   Now is the opportune time for credit unions to investigate the introduction of member protective services and education/awareness programs that will help members protect ALL of their data - even their seemingly "harmless" personal information. Because as we know, there's no such thing as a "harmless" data breach.

​Over the past couple of years there has been an average of 15 million or more people attacked by an ID theft or fraud event in the United States.  Last year, the average cost to individuals facing these events had DOUBLED from 2017 to 2018. Yet, are consumers doing enough to protect themselves as their vulnerability to these events grows from the endless avalanche of data breaches?
​
Our society has created great ways to deal with other personal dangers like car accidents, heart attacks, and home fires. We willingly spend thousands of dollars per year to have protective services & insurance in place, just in case these calamities might occur in our lives. 
Interestingly, we are much more likely to experience an ID theft or fraud event than many other common catastrophes: 

• almost (3) three times more likely to have an ID theft or fraud happen to us than a car accident*;
• about (20) twenty times more likely to have an ID theft or fraud happen to us than a heart attack or stroke**; 
• and more than (40) forty times more likely to have an ID theft or fraud happen to us than a fire or flood at our home***.

The average amount we pay for car insurance nationally is $935 per year. For health insurance the average American pays between $3,600 and $9,000 annually. And homeowners pay on average $1,083 per year for their homeowners insurance. Yet, millions of Americans have no plan or protection in place for managing the fallout from an ID theft or fraud event.   

The FTC reports that 64% of Americans have had their data compromised from a data breach and 31.7% of these breach victims end up having an ID theft or fraud event happen to them. This number has continued to increase over the years despite the availability of so many ID theft companies offering protective services. Jon Iannarelli, a retired FBI Special Agent and well-known presenter on cybersecurity has stated, “Nearly every company will experience a data breach. It’s no longer a question of if it’s going to happen, it’s when.” And, as quoted years ago by Mark Pribish, a recognized ID theft and data breach expert, this simple fact remains: “no company or service can ever guarantee an individual will not become a victim of an ID theft event.”  With the number and magnitude of data breaches happening over the past several years (i.e. Equifax, Uber, US Government, Marriott, etc.) it is nearly certain that the majority of consumers, your credit union members, will become a victim of ID theft or a fraud event.  Add to this, the most recent data breach by Capital One, affecting 100 million consumers, and it is clear that some kind of member ID protection service needs to be considered.  

Just like a heart attack, car accident or natural disaster, there are steps that individuals can take to lessen the likelihood of becoming a victim, but there are no fail-proof ways of completing avoiding the occurrence. This is why consumers have medical, auto and homeowners insurance - to help them financially recover in the event of such misfortunate happenings. And, this is why it’s imperative that consumers have similar recovery protection from ID theft and other fraud events.

So, credit unions have an opportunity to ramp up their focus on this growing problem and distinguish themselves by how they protect their members. Credit unions should pursue programs & services that are available to provide much needed awareness & education to members about the growing dangers they face.  And there are services available that can provide invaluable safety nets of protection for members with incredible value propositions.  

Imagine being able to bring your members full recovery and restoration services for any kind of ID theft or fraud at rates as low as $4 or $5 per month, which would also include all forms of monitoring.  In sharp contrast to what they pay for auto insurance or homeowners insurance, this is an unparalleled value that will further engage members and solidify their loyalty to your credit union. 

The value of your members protecting their identities should be far greater than many other things that they gladly pay a higher monthly cost for, such as Netflix, Amazon Prime and ATM Fees outside of the credit union and CO-OP network.  A little education and awareness makes this clear to members and allows the credit union, who they trust, a means to now protect their members from the fast growing dangers associated with an identity theft or fraud event…affording them true peace of mind.
 
Sources: 
*Insurance Information Institution
**Bloom, Ester. CNBC; “Here’s How Much the Average American Spends on Healthcare”
***ValuePenguin
Federal Trade Commission Consumer Sentinel Network Data Book 2018

Synthetic identity theft is a growing threat to credit unions—costing financial institutions billions of dollars. It’s a type of fraud in which a criminal uses fake information, sometimes combined with real (usually stolen) data, to create a fictitious identity. This made-up identity is used to open fraudulent accounts and make fraudulent purchases.

Credit unions and other financial institutions often fall prey to synthetic identity theft since much of the information criminals provide them with is legitimate. Synthetic identity theft allows the criminal to steal from lenders by opening credit card, auto loan and other accounts. In January, Accenture PLC listed synthetic-identity fraud as one of the biggest threats facing financial institutions in 2018.

Synthetic identity theft may account for five percent of uncollected debt and up to 20 percent of credit losses, or $6 billion in 2016, according to some industry analysts. The problem is even more acute with auto loans. TransUnion says a record $355 million in outstanding credit-card balances was owed by people who it suspects didn’t exist in 2017, up more than 8x from 2012.
Synthetic identity fraud exploits a weakness in America’s consumer-credit system. Lenders often consider a loan applicant legitimate if the applicant has a credit report at one of the three credit bureaus. But a new “credit file”—essentially a precursor to a credit report—often gets created when someone simply applies, even if the loan gets denied. If one lender approves a loan for the fictitious individual, that information can make the file a full-fledged credit report.

How a “Phantom Borrower” is Born:

• Scammer applies for loan using fake identity
• Query to credit-reporting firm reveals no borrowing history. Applicant likely gets rejected
• Query results in a new 'credit file,' a precursor to a credit report. Suddenly, a new identity has been born
• Scammer applies for more loans, expanding credit file, giving lenders perception that applicant is real
  
  

TransUnion and Experian say it is difficult to distinguish between a “phantom borrower” and a real borrower who’s applying for credit for the first time and has identifying information that isn’t on file.

One of the reasons that more criminals are using the synthetic identity scam is because lenders have gotten better at protecting against traditional identity theft, which often involves using stolen data about real consumers. When bypassing actual consumers, scammers send fewer “red flags.”

While individuals probably won’t get a high-spending-limit card or large loan without a repayment history, some identity scammers pay bills promptly to qualify for higher limits, then default on larger loans or when credit card has been “maxed out”. It then costs financial institutions a myriad of hours to track down individuals who don’t exist.

Fortunately for lenders, synthetic identity fraud detection and prevention strategies have evolved, as well. Digital technology, neural networks and predictive analytics powered by machine learning and artificial intelligence are helping to more quickly scan large databases like those generated by data-furnishing front companies.
​
Protecting Your Credit Union from Synthetic ID Theft
Synthetic identity can cost a credit union thousands of dollars and numerous unrecoverable hours. Protecting your credit union from synthetic identity requires strong security and recovery programs.

1. Implement Strong Security Processes 
   The use of biometrics and cross-referenced background checks for identity verification can help stop synthetic identity thieves. Take extra precautions when applicants have no credit history.
   
   
2. Provide Fully Managed ID Recovery 
   Give account holders the right tools and support to keep them safe from synthetic identity theft. In the event their information is ever compromised, they’ll want to know that their credit union is there to help. Implement a Fully Managed Recovery (FMR) program that puts members’ service first and will act on their behalf during the entire identity restoration process.

​
Having greater cybersecurity preparedness needs to be the top priority for credit unions. This will help credit unions avoid becoming victims of synthetic identity fraud, as well as will create the basis for the ultimate response to any data breach or identity theft when it happens. Strong cybersecurity preparedness isn’t cheap, so credit unions must search and find solutions that also generates new income streams while delivering cybersecurity preparedness.

Source: "The New ID Theft: Thousands of Credit Applicants Who Don’t Exist” WSJ, 6 March. 2018.