Synthetic fraud, also known as synthetic identity theft, is the act of criminals (fraudsters) who create new identities to steal money, data, or both. In 2019, it was labeled the fastest-growing financial crime and, unfortunately, shows no signs of slowing down. And it can happen in a number of ways, too.
One real-world example comes from South Bend, Indiana, where a credit union lost $200,000 earlier this year to synthetic fraud. In this case, fraudsters applied for loans online. The credit union followed standard security protocol and PCI compliance measures — performed background checks, assessed credit scores, and everything else necessary. It wasn’t until the payments stopped that the credit union realized the applicants didn’t even exist!
If you think it can’t happen to your business, think again. It’s estimated that synthetic fraud will cost lenders more than $6 billion a year. And of the 61% of fraud losses for large banks, 20% were synthetic identity fraud.
So, what does this mean for your business? We’re sharing the ins and outs of synthetic fraud and how you can stay protected from this booming crime.
How synthetic identity fraud works
In the non-business world, the first step for synthetic fraudsters is to create a fake identity. This is typically done to get money, work or live in the U.S., or establish a separate (and better) credit history. So, how do they do it?
Typically, fraudsters create a fake name and birthdate but use very real data to do it — like unused social security numbers from children who don’t have a credit history or a presence in any database. They then use this info to apply for credit cards or lines of credit, max them out, then fall off the grid entirely.
In the enterprise realm, the process is very similar. But instead of Social Security numbers, it involves acquiring an Employer Identification Number (EIN). Fraudsters may also use additional data like websites, forms of payment, and mailing addresses so they can begin applying for business lines of credit and checking accounts.
Their end goal? To cash out by stopping all payments on synthetic individual and business accounts and then using or liquidating all funds for what’s called a “bust-out.” Synthetic fraud can also escalate to the creation of shell companies to apply for greater business lines of credit. These shell companies have “synthetic” employees who are also eligible for lines of credit.
Why it’s a major problem
Beyond fraudsters stealing money from people and businesses, it’s how they get the information to do it in the first place. Thanks to an onslaught of data breaches over the past several years, private information like names, addresses, birthdates, social security numbers, EINs, and more are all out there for criminals to easily snatch up. This is relevant in the healthcare and payment card industry, where identity data and privacy need to be protected (especially if your enterprise is subject to HIPAA compliance). With any of that kind of information, fraudsters can easily “synthesize” an identity, then apply for and build lines of credit.
For enterprises, synthetic fraud can hit them hard in a couple of ways. First, credit lines can be extended and racked up under the fraudsters EINs or “shell corps,” which can back down on the company when the criminals bust out. Second, enterprises may be more vulnerable to entering partnerships with these synthetic companies. As a result, they’re left with unpaid bills or a massive loss of funds in partnerships and expenses.
Bottom line? Financial institutions stand to lose a lot of money to synthetic fraud. And current technology — including a lack of a ‘paper trail’ — can’t detect this crime, making businesses even more vulnerable to losses.
How to prevent synthetic security fraud
As cybersecurity experts and investigators look for ways to combat synthetic fraud, there are steps your business can take in the meantime to prevent this from happening to you.
- Expand security awareness training to help identify suspicious activity and act accordingly
- Establish a comprehensive cybersecurity program with an evolution roadmap by investing in robust data protection and governance solutions to keep business and employee information secure
- Leverage artificial intelligence and machine-learning based solutions to be able to detect and mitigate new, unknown (zero-day) threats.Undergo routine security assessments to identify vulnerabilities and gaps in your processes and systems
Take steps to prevent synthetic fraud with Sanity Solutions
The truth is, we can’t assume that any business is exempt from any cybercrime — including synthetic fraud. Because of that, it’s absolutely crucial to have a strategic, long-term plan in place to protect your employees, your data, and maintain business continuity. At Sanity Solutions, we’ll work with key stakeholders to develop an innovative strategy for your business. Ready to get started? Get in touch with us today.