Spoiler alert: If you are watching Game of Thrones (GoT), but aren't fully caught up, you may want to read this later!
In the past 6-12 months, synthetic identity fraud has skyrocketed and has been one of the hottest topics in the financial crimes domain. At the same time, whether it’s Game of Thrones or The Walking Dead, zombies have surged in popularity to play starring roles on television over the past decade.
What do these two statements have to do with each other? Let me explain, because the time for the army of zombie synthetic identities may be nigh.
What Is a Zombie Synthetic Identity?Many of us remember 2013 when the FBI announced that they had dismantled a major criminal ring committing credit card fraud. Eighteen people had fabricated more than 7,000 synthetic identities and stolen over $200 million. This story was near and dear to my heart as I personally helped identify and investigate portions of this very fraud ring for a client. I also helped identity and investigate a number of other synthetic identity rings – it was an exciting and rewarding time that solidified my career commitment to fighting fraud.
As the years passed by, fraud evolved to target lower hanging fruit (as it always does). We fought (and continue to fight) the growth of card not present (CNP) fraud that followed the rise in e-commerce. Next followed a surge in account takeover and identity theft as data breaches make personally identifying information a commodity on the Dark Web. More recently, the race has been to detect fraud in emerging faster payment schemes (real-time payments).
But now, in 2019, it’s déjà vu as more and more of my conversations with clients have centered around synthetic identities hitting up cards, auto, telco, and other vulnerable product lines. And while a lot of information regarding “how and where” synthetics are created – including my own recent interview with Detective Jessie Gossman where he shared his experiences in law enforcement fighting synthetics and detailed e-book on the topic which describes the process of creating synthetics – we should also be considering the zombie synthetic and what to do about it.
For those of you familiar with the credit bureaus, you know that derogatory information such as late payments, collections, or charge offs are legally required to be purged from your record after 7 years and cannot be used in credit risk decisioning. While this may be a good thing for consumer protection, it’s not so great for fraud prevention because it opens the flood gates for first-party fraudsters – whether with true, manipulated, or synthetic identities – to commit the same schemes they may have 7 years prior. Bad customers can come back from the dead as zombie synthetic identities.
For synthetics that were never tagged as frauds and instead strategically hid themselves in the bad debt book (analysts estimate that 20% of the bad debt book is actually fraud!) this presents a pernicious problem. In addition to the financial loss, banks will have the double whammy in OpEx of once again trying to collect on someone who does not exist. Hence the new army of White Walkers (or technically army of Wights as my colleague recently pointed out). And don’t forget the lesson learned from the FBI: If 18 people can fabricate 7,000 identities, there are some Night Kings among us.
How to Stop the Zombie Synthetic Identity ApocalypseWhat can you do to stop the zombie apocalypse?
- Become Arya Stark. The challenge with this idea is I’m not sure we have the time to take her intensive multi-year immersion assassin training course.
- Layer your fraud controls. There is no all-seeing, all-knowing three-eyed raven to help us - not that Bran has been much help anyways. No one data source, shared negative list, consortium or issuer-specific model, ruleset, or investigative capability will solve the synthetic fraud issue. It will be combinations of these capabilities that maximize detection rates and minimize false positives because each are attuned to their own strengths.
- Fight identity fraud across the customer lifecycle. We all want to stop fraud at the earliest point possible (point of customer origination), but we also need to consider how we can mitigate losses downstream of applications as we continuously monitor our portfolios for evolving fraud rings, strategically detect fraud on the events level of non-monetary and monetary payment transactions, and conduct post-mortem investigations to ensure the same fraud cannot hit us again through accurate tagging and evolution of our strategies.
- Address the continuum of credit risk and fraud. Because so much fraud is hidden on the bad debt book, it is a problem that requires cross-functional collaboration. Credit risk, fraud, and yes – I’ll say it – AML compliance areas must work together, with shared technology, to fight the problem.
PS: Should I trademark the term zombie synthetic? Remember, you heard it here first!