The growing threat of Synthetic ID fraud and how behavioral biometrics enables organizations to stop it before the damage is done
Prior to the COVID-19 pandemic, the financial services industry was experiencing a significant increase in synthetic ID fraud. Per a report published by Aite-Novarica Group, US credit card synthetic identity losses were expected to increase by over 55% from $580M in 2015 to a projected $1.3B in 2020. However, due to the COVID-19 pandemic, many fraudsters shifted their focus to easier ways of maximizing their ROI, such as taking advantage of taxpayer funded Paycheck Protection Loans (PPP). In an article written by frankonfraud.com, it is mentioned that up to 15% of all PPP loans may have been fraud, which equates to $76B of potential money stolen. Fraudsters have also taken the opportunity during the pandemic to increase their efforts on social engineering scams. Per the FCC, the industry saw a wide variety of social engineering tactics, such as robocall scams re: health and financial concerns, text scams on false advertisements for cures or bogus tests, vaccine scam calls with intent to steal valuable personal or financial information, and more.
However, as the world continues to open back up and COVID-19 relief programs subside, fraudsters are turning their attention back to Synthetic ID fraud. According to an article published by Aite-Novarica Group, Synthetic ID fraud for unsecured U.S. credit products is expected to grow from $1.8B in 2021 to $2.42B in 2023. Further, fraud executives are expressing that synthetic ID fraud is a top concern, according to the recent survey completed by Aite-Novarica Group below:
Not only do we expect to see an increase in synthetic ID fraud, but we also expect to see an increase in sophistication by fraudsters to stay ahead of traditional controls used to detect synthetic ID fraud. In this frankonfraud.com article, it is noted that “In 2021, identity thieves proved they could defeat Driver’s License checks with realistic-looking masks. They proved they could fake their credit history with virtually undetectable fake tradelines. And they were given a plethora of online tools such as generated.photos to create an endless array of fake images for identities.” It was also noted in this article by pymnts.com that “FIs traditional fraud detection approaches failed to flag between 85 percent and 95 percent of credit applicants believed to be using synthetic IDs”.
With synthetic ID fraud on the rise and the increase of sophistication used by fraudsters to circumvent traditional fraud controls, it is imperative that organizations invest in tools, such as behavioral biometrics, to stay ahead of this threat. Here at BehavioSec, organizations are using our deep behavioral biometrics technology to effectively detect synthetic id fraud applications, real-time, before any damage is done. If a synthetic ID is used to successfully open an account (i.e. credit cards, personal loans, etc.), the risk is significant to an organization because a fraudster’s intent is to access those funds and not pay them back. BehavioSec mitigates this risk by analyzing and identifying behaviors that are consistent with synthetic ID fraud during the application process. Specifically, BehavioSec analyzes how a user physically interacts with a mobile device or desktop computer, such as how familiar a user is with entering PII (name, address, SSN, DOB, email, phone, etc.). A genuine user typically enters his/her PII that is consistent with behaviors of data familiarity and long-term memory. However, a fraudster’s behavior typically indicates he/she is not familiar with the data being entered and is using short term memory.
Source: BehavioSec customer
We also detect other high-risk behaviors such as copy and pasting of PII, where a fraudster is working off a list of synthetic IDs to open multiple accounts. Further, fraudsters may demonstrate advanced knowledge of the application process and navigate pages very differently than a genuine user, such as using advanced key combos, or we may see BOTs used to automate and scale their attacks.
Source: BehavioSec R&D
BehavioSec also helps improve the onboarding experience, reduce friction for genuine users, and reduce false positives/manual reviews for fraud ops teams by identifying genuine behaviors. BehavioSec passively collects all this information, with no additional steps for the user to take, and provides organizations with highly accurate risk scores and factors to make informed, real-time, decisions on how to proceed with the session or application.
BehavioSec is trusted by the largest financial institutions and fortune 100 companies across the globe, where we protect over 200M users and 30B transactions on an annual basis. BehavioSec customers have seen tremendous success with our New Account Fraud solution, which detects synthetic ID fraud as well as other new account fraud types such as ID theft and bot/automation attacks. Our customers have experienced over 96% accuracy in detecting new account fraud while reducing false positives by over 80%. If you would like to learn more, please contact me at email@example.com, check out my youtube talk about Synthetic ID fraud, or visit our website at www.behaviosec.com.