How Community Banks Can Fight Synthetic Identity Fraud

By now, we’ve heard countless times that the pandemic accelerated digital transformation within the banking world. With so much emphasis on the customer experience, internal efficiency and the rise of AI, it’s easy to focus on the positives that technology brings to the table.

Another less positive trend emerged during the pandemic, too, which has shown no signs of slowing: synthetic identify fraud. While community banks have an advantage in knowing their customers well, the rise in online account opening and digital branches has increased the risk of fraudsters working their way into the financial system using synthetic identities. 

Community banks can be proactive, however, and use technology to identify suspicious patterns and behavior. 

What is synthetic identity fraud?

Synthetic identity fraud combines a real social security number with a fake name and address, creating a new digital identity. The fraudster then begins a lengthy process of building credit under the new identity before finally “busting out” and maxing out credit cards or writing fraudulent checks and disappearing. 

According to a report by Socure, a digital identity verification solution, losses related to synthetic identity fraud are estimated to be nearly $2.5 billion in 2023 and could double to $5 billion in 2024.

Fraudsters go to great lengths to create synthetic IDs with falsified documentation, because it’s a lucrative operation. Criminals will create anywhere from hundreds to thousands of synthetic IDs. 

In 2019, the Federal Reserve released a whitepaper on synthetic identity fraud where it noted that gaps in credit reporting allow these “new” identities to be established. When the fraudster applies for credit for the first time, a credit profile is created that becomes “proof” of existence for future credit applications. 

Fraudsters will also use a method called “piggybacking,” where they’re added as an authorized user on a legitimate person’s credit card, allowing the fraudster to build credit before applying for their own. 

The people most likely to have their social security numbers stolen and used in a synthetic identity fraud scheme are the elderly, the homeless and children—people who don’t regularly check their available credit or credit reports. They might be lured into disclosing a social security number, or the numbers are purchased on the dark web.

Technology solutions for synthetic fraud

Unlike traditional fraud, synthetic identity fraud can be difficult to detect, since financial activities can look legitimate until the “bust out” occurs. Because of this, the number of cases in any financial institution are likely underreported. 

Community banks can use technology to aid in detecting and preventing synthetic identity fraud. “Banks can put various controls in place,” says Anand Naik, CEO and co-founder of Sequretek, a cybersecurity solution provider. He notes that banks can use 24/7 monitoring and detection solutions that identify anomalies.

Community banks can implement two levels of monitoring: First, on behalf of the customers, they can look for signs that the customer might be the victim of synthetic identity fraud. Second, on behalf of the bank itself, they can look across all accounts for abnormal activity.

Ideally, synthetic identity fraud can be detected before an account is opened. In an August 2021 supervisory letter, the Fed noted that customer and identity verification methods that detect fraudulent activities are effective in minimizing risk. 

Fraudsters can be more easily identified when applications for new accounts are enriched with third-party data to confirm a person’s identity. Solutions include comparing driver’s licenses against DMV records. 

There are also tools that can detect if multiple applications are received from the same IP address, indicating that a single person is using multiple identities. Banks can set their own thresholds for account opening risk and determine when an applicant should be blocked or re-verified. 

The human element in reducing risk

At the end of the day, financial institutions bear the losses from synthetic identity fraud. Without detection, banks can face check fraud, maxed-out credit lines and more. 

Bank employees should be taught to look for signs of synthetic identity fraud and how to tell the difference between potential synthetic identity fraud, a fraudulent claim from a legitimate customer and a legitimate claim from a legitimate customer. 

Community banks could also provide education to their customers, raising awareness about synthetic identity fraud. Customers can take steps to monitor and freeze credit reports of family members that may be potential victims.

Overall, it can be a precarious situation for banks. “There’s a fine balance of customer advocacy and doing right by your customer and the customer trying to steal from you,” says Steven Estep, assistant vice president of operational risk at ICBA. “By using some of the technology that’s out there, that will hopefully enable them to do that seamlessly, frictionlessly. Because the last thing they want is to hold up legitimate customers.”