In my previous post I looked at what was driving synthetic identity fraud and discussed the difficulties in classifying both first-party fraud and synthetic identity fraud. Now let’s take a deeper dive into how banks and telecoms organizations can accurately identify such frauds without putting unnecessary barriers in the way of legitimate customers.
An inherent challenge with first-party fraud is sorting out fictional customers from real ones without reducing business. Banks and telecoms need to make it easier for customers to sign up, buy merchandise online, take out loans, open bank accounts, and use credit cards. Processes are designed to encourage new business.
Thieves defeat these processes with high-volume attacks and synthetic identities. Without analysis, these fabricated customers look enough like the real thing to breeze through sign-up and customer onboarding.
Most companies are reluctant to impose controls that may stop fraud, but which will also dissuade legitimate prospects and customers. With non-intrusive application and account analysis and scoring, however, much of the first-party and synthetic identity fraud being conducted could be identified and stopped.
What to Do
- Learn to recognize the differences between unintentional bad debt and intentional bad debt, or fraud. With the right analytics, patterns of intentionality can become very evident, such as linked accounts used to pay fake bills for each other or to mimic payroll deposits.
- Accurately categorize fraud as fraud, rather than bad debt, and as first-party fraud or synthetic identity fraud. This will help you to begin identifying patterns and common traits in the schemes fraudsters use.
- Define rules and models and perform link analysis to examine data for known patterns. These tell-tale signs include phone numbers, names, email addresses, and other identifiers that crooks will use again and again to apply for loans, credit cards, accounts, and mobile subscriptions.
- Improve sign-up and origination processes with these analyses. By doing this you can monitor for links between, for example, declined applications for credit risk and new applications where some of the same information is used.
- When faced with insufficient evidence to determine fraud at the application stage, despite some supporting evidence, tag these suspicious accounts. Once an account is opened and credit extended, the account can be scrutinized more closely and regularly to look for suspicious account activity such as sudden shifts in usage patterns, mailing address changes, or falling into arrears early.
Act Now — Before the Criminals Do
COVID-19 will likely increase the financial stresses people face, making them more likely to commit first-party fraud. For those fraudsters with established synthetic identities hidden in account portfolios, the additional stresses from the global pandemic may make now an attractive time to ‘bust out’.
At the same time, organizations keen to increase their customer base have had to increasingly look to digital channels, as face-to-face interactions have been curtailed. Increased criminal activity coupled with the shift to remote and unfamiliar account opening processes could have a severe impact on those organizations that don’t take all the protective steps they can.
In my next post I will look at the ways in which fraudsters play the long game – hiding in account portfolios for months if not years. For more information, see our white paper Combatting First-Party and Synthetic Identity Fraud, which covers the five best practices you need to combat these crimes.