Identity theft and payment fraud aren’t new problems. For years, the retail industry has struggled with fraudulent purchases via stolen credit cards or other payment data. This trend has become worse as we move more of our financial lives online.
Once compromised, ones and zeros can crisscross the globe at the speed of light — going through subsequent stages of duplication and manipulation.
Thanks to fraud management technology and PCI data security, merchants, banks and regulators can often prevent these types of data breaches — and consumers can monitor their credit histories to spot any abuse.
But there’s a new threat on the horizon, one that doesn’t involve hacking legitimate credit card accounts. Known as synthetic ID fraud, the long-term impact of this emerging trend could inflict lasting damage on the payment and retail industries.
Synthetic ID Fraud in a Nutshell
With traditional ID theft, speed is of the essence. Thieves have a very small window during which to rack up charges. That’s because victims will eventually learn of the breach, especially if they actively monitor their credit histories.
With synthetic ID fraud, however, the con game unfolds over a much longer timescale. Criminals still use stolen information from living, breathing people — usually in the form of Social Security numbers. But this data is pulled from children, elderly and those who don’t really need or actively monitor their credit histories.
With these stolen Social Security numbers, the thieves create elaborate back stories, complete with:
- Fake addresses
- Social media profiles
- Burner phones
They nurture these newly minted IDs over many months, sometimes years. When the time is right, these criminals begin amassing tens of thousands of dollars in fraudulent charges before shutting down that account.
And then they disappear … without a trace.
Preventing Synthetic ID Fraud
Measuring the true impact of synthetic ID fraud is difficult since so much of it happens under the radar. By some estimates, this type of theft generates $6 billion in direct monetary losses every year. If those numbers are true, synthetic ID fraud is almost as expensive as online fraud (with its $6.4 billion in yearly losses).
However, the total damage could be much higher. After all, banks, merchants and regulators waste considerable resources chasing people who don’t exist. So, it’s not surprising that the payment and retail industries continue to look for ways to prevent synthetic ID fraud.
Below are some of the most promising strategies so far.
1. In-person verification
Banks could require all new customers to open accounts in person. This strategy can help reduce ID fraud, but it does ultimately hurt the user experience.
In-person verification is also incredibly time-consuming, especially for big box banks that focus primarily on speed, automation and standardization.
2. Universal credit monitoring
Synthetic ID fraud works by targeting those who don’t actively monitor their credit history — e.g., minors and retirees. However, credit agencies could expand their coverage to every American with a Social Security number, including newborns.
This approach has its drawbacks. Equifax and Facebook have both already shown the dangers of centralizing too much sensitive data in one location.
3. Artificial intelligence
Artificial intelligence (AI) might be the most promising lead of all. With this approach, machines would scour reams of data looking for telltale digital footprints of potential ID theft.
For example, an AI algorithm could compare the IP addresses and financial activity of individual users against their social media activity and waking hours. Machines could also use facial recognition to detect bad actors. Stock images and random photos pulled from the Internet would no longer work when creating fake profiles online.
Of course, this approach opens a host of privacy concerns for end users. Moreover, not everyone uses social media. In fact, many Americans aren’t online at all, meaning there are limitations to what artificial intelligence can do.
The beauty, however, is that machines can spot inconsistencies that would take humans hours — if not centuries — to detect. With $6 billion on the line, artificial intelligence may be the industry’s most effective weapon against synthetic ID fraud.
Preventing Synthetic ID Fraud (As a Merchant)
As a retailer, there are common sense strategies you can use to protect yourself from “normal” fraud. But synthetic ID fraud is a different animal.
- No one knows how many fake IDs are currently in circulation. You might already have some in your payment environment — and not even know it.
- Each of these fraudulent accounts can be activated and brought into service at any time, such as digital versions of the Manchurian Candidate.
In other words, there isn’t a whole lot you can do to prevent this type of abuse from affecting your business.
For now — but we’ll continue to update you as solutions and best practices emerge.
Meantime, if you have questions about payment security, credit card fraud or PCI compliance, schedule a free consultation with our merchant services team today.