Shocking but true are the facts that 95 percent of fraudulent synthetic identities are missed by legacy security measures when remotely onboarding new accounts, and the price tag for charge-offs resulting from successful synth ID attacks hovers around $15,000 per incident.
Synthetic identity fraud thrives in part because Big Fraud itself is now a massive global “industry” with access to the best tech stolen money can buy. We’re talking hyper-villains.
“Sophisticated criminals can mimic legitimate customers’ credentials using synthetic and stolen identities, easily side-stepping legacy models of security that look for dated signs of suspicious behavior,” according to PYMNTS April 2021 Financial Fraud Prevention Playbook, a Featurespace collaboration. “That means FIs with tight security may only flag legitimate customers while sophisticated fraudsters advance through their systems unimpeded.”
With legacy systems failing to detect pandemic-era cybercrooks, it is advances in data — and behavioral analytics in particular — that’s putting banks, financial institutions (FIs) and brands on the offensive with new tech tools that “see” synthetic IDs for they are, and other attack types as well.
The Problem With Synthetic IDs
While the new Financial Fraud Prevention Playbook examines a variety of attack types including account takeover (ATO), application fraud and authorized push payments (APP) fraud, synth ID gets a good deal of attention as it’s a preferred vector at a time of mass remote onboarding.
Within synth ID fraud are tactics that all players must know about and defend against.
“Fraudsters use a variety of methods to slip past legacy security models. One such method is piggybacking, which involves adding a synthetic identity as an authorized user to a legitimate account after private data has been used to gain access. This allows cybercriminals to utilize consumer data to open new credit accounts and make purchases with impunity until consumers notice. Once fraudsters have used consumers’ information to make purchases and develop new authorized users for legitimate accounts, they resell the information on the dark web for as little as $200,” per the Playbook.
Combatting that “requires a rethink of defense strategies. Legacy security models are ineffectual in their efforts to address synthetic identity fraud and other advanced cybercrimes. The Federal Reserve reports that traditional security protocols miss between 85 percent and 95 percent of fraudulent synthetic identities when processing new accounts or purchases.”
Agile security models are the order of the day, where “unified ML-based systems that monitor transactions and manage fraud detection automate the enaction of intuitive exemption threshold values that limit false positives during strong customer authentication implementation while maintaining high security,” the Playbook states.
Prediction And Detection Outsmarting Fraudsters
In addition to designing jurisdictional-aware compliance models, optimizing data use is crucial to detection and prevention in a climate of global cat-and-mouse with sophisticated fraudsters.
Among the insightful interviews in the April edition of the Financial Fraud Prevention Playbook is Beate Zwijnenberg, chief information security officer at ING, who told PYMNTS, “The evolving variety of threats demands more advanced prediction and detection. Technology is being used to monitor the threats and security trends in the ‘outside world.’ Based on these analyses and predictions, we continuously improve the preventive and detective measures in the organization. The focus shifts from purely technical solutions to a stronger focus on detecting behavioral patterns.”
Systems that can “identify explainable anomalies, whether consumer mistakes or innocuous shifts in behaviors” are enabling FIs to maintain performance and keep data secure, while “Card, application and payment fraud should be managed through a single approach that is agile enough to catch high-volume, low-value irregularities as well as one-off, high-value theft.”
As the April Playbook concludes, “Preventing fraud and protecting consumer data and the integrity of transactions requires a comprehensive security model that anticipates and blocks breaches before they happen. Embracing a fraud-prevention solution that employs deep behavior analytics can help FIs sidestep security landmines while ensuring that legitimate transactions are processed seamlessly.”