The ongoing global pandemic has forced the rapid expansion of ecommerce and a general migration toward digital transactions. Unfortunately, Covid-19 also may be fueling an increase in so-called synthetic identity fraud.
With synthetic identity fraud, criminals use a combination of real and made-up information — social security numbers, email addresses, physical addresses — to create a “new” identity that might be used to apply for credit cards and loans or purchase goods online.
The synthetic or fake identities “might look like a new person, kind of new to the world, new to the market. There is, maybe, enough information out there to validate that it’s a true individual … or it might look like somebody who has just recently changed their last name or changed their address. So there are enough pieces to the puzzle where it’s compelling to say, ‘This is a real person.’ And then [the fraudsters] get access to credit and leverage that for fungible goods online,” said Eric Haller, executive vice president and general manager of identity, fraud, and DataLabs at Experian.
In January 2019, a McKinsey & Company article described synthetic identity fraud as “the fastest-growing type of financial crime in the United States, accounting for 10 to 15 percent of charge-offs in a typical unsecured lending portfolio.”
Now, thanks to Covid-19, some experts fear synthetic fraud could be expanding.
Impact on Merchants
This form of fraud is, for the most part, upstream from many merchants. But it could still have an impact on ecommerce in three ways.
First, merchants offering their own credit accounts could suffer direct losses.
Second, sellers that work with third-parties to finance big-ticket items could have liability depending on the agreement.
Third, fraud at scale raises the cost of doing business for everyone.
Finally, since at least some of the information used to create synthetic identities is real, retailers should ensure their systems are not breached and, thus, do not disclose shoppers’ personal information.
Picking Out Synthetic Identities
Synthetic identity fraud can be difficult for existing fraud prevention systems to recognize since these fake identities are created to look real.
“When you are [building models for fraud detection], you look for things that look like the problem and then you model to predict or target [that problem], and say, ‘This is what the problem looks like. This is the problem. I’ve seen it before,’” explained Haller.
“But with synthetic identities, the problem is identity information and how it is being manipulated. It shows up as a loss. A lender may say, ‘I underwrote this person in the bank, and I lost all of this money on them.’ So it really doesn’t look much different than a bad credit risk.”
In short, it is difficult to develop detection models because it is difficult to recognize it as fraud at all.
Haller’s company, Experian, uses machine learning to identify the ways crooks are manipulating the made-up data. Experian then targets fake identities with a recently-released synthetic id detection product. But even this approach requires a significant amount of data collection and effort to compare information from several sources and look for subtle, statistical differences.
Others in the industry are taking similar approaches. Even the U.S. Federal Reserve System has worked with stakeholders around the industry to fight this particularly nuanced form of fraud.
False Positives
As with other forms of fraud prevention, wrongly suspecting good customers is also a risk with synthetic id detection.
“No artificial intelligence system is perfect. You are going to have false positives. Somebody you think is high risk turns out to be trustworthy. So the question becomes what happens to those valuable consumers. Whether you’re an ecommerce merchant or a bank, you don’t want to lose a customer over that,” said Haller, adding, “There is a lot more value in selling the product to somebody who looks like a fraudster if you can validate in some way that they’re not. So these types of AI systems are typically used as the first or second line of defense.”
In this scenario, the fraud detection service with its sophisticated AI will flag a customer or transaction as high risk. But it will be up to the retailer, for example, to decide how to manage that risk. In some cases, this might include reaching out to the customer to verify he is real. This extra step will create friction in the sales process, but for some businesses that added friction might be worth the effort.