By Dan Barta, Principal Solutions Architect, SAS Global Security Intelligence Practice


Analytics and artificial intelligence uncover the real challenge – synthetic identities

The financial services industry won't soon forget the headlines of 2021, when a 63-year-old New Jersey jeweller was charged with leading a fraud ring that colluded with merchants getting kickbacks. One of the largest credit card fraud schemes prosecuted by the US Department of Justice, this one involved more than 7,000 fake identities and 25,000 fraudulent credit cards obtained through banking application fraud, resulting in more than $200 million in losses.

Early-detection analytics can redefine the odds of discovering banking application fraud. For example, in our work here at SAS by having an Asia Pacific bank, network analysis found:

  • 60,000 contact telephone numbers referencing immigration agents.
  • 5,000 contact numbers referencing casinos.
  • 2,500 telephone numbers referencing the bank branch at which the application was made.
  • 1,500 numbers referencing a meat processing plant.

These signs pointed to fraudsters flying underneath the radar with high-volume, low-value credit applications. Using SAS(R) software, the financial institution found four times more banking application fraud, worth $3 million a month, compared to its former techniques.

The analytic techniques that help detect banking application fraud also make an application for other credit-granting organisations, such as telcos, online retailers and auto finance organisations.

Synthetic identities: The gold standard for banking application fraud

Fraudulent applications can start with stolen or manipulated identities, however the preferred approach is to use synthetic identities – a mix of fabricated credentials not associated with a real person. Hence, nobody complains about a new unauthorised account, credit card or line of credit.

This dissociation from a real person makes banking application fraud with synthetic identities particularly attractive to fraudsters – and more challenging to detect. Gartner estimates that synthetic identities are behind 20 % of credit charge-offs and 80 % of credit fraud losses.

A common pattern in the US is to create fake Social Security numbers or have them off the “dark web” – preferably SSNs of the deceased or children, unlikely to notice unauthorised credit activity. Once an identity is created, the fraudster builds the look of a real person by:

  • Applying for credit, which triggers a credit agency record whether the identity is real or not.
  • Adding the synthetic identity being an authorised user on an existing account, which might itself be a sham.
  • Getting merchants, real or fake, to collude in creating bogus credit accounts and credit bureau reports.

For all three approaches, the underlying theme is the same: The fraudster exploits the expertise of the credit industry – banks, other creditors and credit bureaus – to build a credible identity to get into yet more credit. That's banking application fraud at its core.

How to detect bust-out fraud

That Nj ringleader and his associates had honed the art of a bust-out scheme: open a credit line for a fake identity, cultivate a good history for that account, then grab the big payoff. In insider terms, it's “make up,” “pump up” and “run up and cash out.”

Analytics and machine learning are empowering banks and other creditors to fight back more effectively – and earlier in the game. The trick is that the best analytical methods will be different depending on available data, the kind of fraud and the phase of the endeavour. Multiple methods used together can very effectively find fraud while managing false positives.

At the make-up stage, the fraudster manufactures identities and uses them to gain access to credit. Financial institutions can see the seeds of future fraud by:

  • Monitoring application data to determine if the same information or device is being reused across multiple identities that otherwise appear unrelated.
  • Assessing consider your experience for existing or closed accounts that shared exactly the same data element, such as device ID, address or SSN.
  • Searching for “proof of life,” well-rounded details for that identity, such as driver's license, voter registration or property ownership.
  • Analysing the social networking to spot unusual or suspicious connections (or lack thereof) among applicants, devices, accounts, credit files and application data.

At the pump-up stage, the fraudster uses credit lines in a normal fashion, making small purchases and paying off the account each month, thereby creating the appearance of good credit, which is often used to request further credit.

Even though the fraudster is building a good credit file, it is possible to identify suspicious or high-risk activity on these accounts through rules and models. For example:

  • Are payments from the same source (bank and account) getting used to pay otherwise unrelated accounts?
  • Is the same device being used to access and/or make payment on what appear to be unrelated accounts?
  • Are credit lines fully used soon after account opening?
  • Is the financial institution offering the credit line increases, or are the requests coming from the “customer”?
  • Given the demographic data on the credit application, would the credit-holder be likely to purchase from the type of merchants where the account is being used?

At the run-up and cash-out stage, the fraudster (or organised fraud ring) maxes out the cards and disappears. In some instances, the fraudster will make a final payment having a counterfeit check and quickly max out the accounts before the bank realises the payment is worthless. This results in an even higher loss than the credit limit on the card.

It could be optimal to uncover the scheme prior to the run-up and cash-out stage. Rules and models can detect late-breaking indicators, such as:

  • Increased transaction frequency.
  • Repeatedly maxing out a credit line and paying it off in full without carrying a balance.
  • Payment on a card significantly before the payment due date.
  • Payment by check when prior payments were made online.
  • Network association with other accounts showing high-risk activity.

If a charge-off occurs, forensic research into the account can help you tune the rules and models for ever-greater precision and support smart collection efforts. You can use the experience from previous scenarios as inputs for unsupervised or supervised machine learning, in which the algorithm finds and learns from patterns within the data. By uncovering what you didn't know to look for, machine learning has been shown to detect more fraud, even rare events that don't follow common patterns.

On the positive side, fraud detection analytics can also affirm legitimate applications that can then be fast-tracked to approval for a more positive customer experience, lower friction and fewer abandonments. With better application screening, good customers get expedited service, and bad ones are detected before they cash out.

Related post