The Rise of Synthetic Identity Fraud in a Pandemic Era Published December 5, 2020
Synthetic identity fraud has always been a significant concern for commercial lenders, but the era of COVID-19 has increased those concerns considerably.
The increase in digital transactions and, for some, financial desperation has driven a large number of fraud-related cases. Total identity fraud losses reached 16.9 billion dollars in 2019 according to a 2020 Identity Fraud Study. In the first half of 2020, there have been more than 70,000 fraud reports related to COVID-19 stimulus funding according to the Federal Trade Commission.
Concerns around the coronavirus global pandemic have only increased occurrences of synthetic identity fraud, which is already one of the fastest-growing types of financial crime in the United States.
Recent Commercial Breaches + Identity Theft
Large data breaches and identity theft happen often, which makes synthetic identity fraud easier than ever. Some of the large data breaches that have occurred in the last year include:
- First American Financial Corp. – in 2019, this Fortune 500 real estate title insurance leaked hundreds of millions of documents including bank account numbers, mortgage records, and social security numbers. The leak included 885 million files.
- TrueDialog — this American communications company had a database leak of almost a billion entries of sensitive data including full names, email addresses, passwords, and addresses.
- Marriott International – after a significant data breach in 2018, Marriott has had another large data breach in 2020 affecting approximately 5.2 million guests. Exposed data included contact information, birthdays, and linked affiliate data (airline loyalty program numbers, for example).
Unfortunately, these are only a handful of the significant security breaches that have exposed consumer’s personal and financial data for fraudsters to use in the creation of synthetic identities.
What is Synthetic Identity Fraud?
Synthetic identities are created by fraudsters who manufacture a fictitious identity with a combination of stolen, but real identity elements.
The fraud process begins when the perpetrator applies for credit with various lenders using the synthetic identity information. Over time, a new credit profile shows up within the credit bureaus and data aggregators giving the appearance of being a real identity to commercial lenders. The fraudulent credit profile grows until eventually credit is issued.
This phantom crime not only costs commercial lenders billions of dollars in credit losses, but countless hours are wasted chasing around non-existent identities that often appear as credit losses instead of fraud losses.
Credit Bureau Solution Vulnerabilities
To combat synthetic identity fraud, common identity verification solutions rely upon borrower application data and the frequency of those applications within credit bureaus and data aggregators. However, once a fraudulent or synthetic business has created a credit file within these data sources, it is nearly impossible to identify or remove.
Looking at these public data sources merely tells you if a fraudulent or synthetic business applied for credit numerous times. It does not verify with confidence whether or not the identity is real.
This inherently flawed process is the byproduct of relying upon credit bureaus as both the source of credit creation and fraud mitigation.
Using Tax Data to Verify Borrowers and Identify Synthetic Identities
All businesses are required to comply with tax law by filing tax returns and making payments to the IRS. Ask any business owner to go down the list of rigorous and comprehensive tax requirements, and their responses will include:
- Registering with the IRS to get an Employer Identification Number (EIN)
- Withholding and depositing employee taxes
- Filing quarterly and annual returns
These are the requirements associated with real businesses with real names that match their EINs in the IRS database.
It’s not reasonable for a fraudulent business to create a fraudulent business record with the IRS because of the time, effort, and cost to keep up with building and maintaining an IRS tax account. In other words, fraudulent and synthetic businesses don’t and won’t file taxes. As a result, validated IRS records don’t consist of synthetic identities.
Fighting synthetic identity fraud doesn’t have to mean using data sources filled with fraudulent records and running around chasing identities that don’t even exist. Tax Guard uses tax data to verify business identities directly with the IRS. By doing so, commercial lenders can be confident that a prospective borrower is a tax-paying entity.
Matching a business name to IRS records has a two-pronged benefit:
- It’s a better way to identify high-risk borrowers, and
- It also allows for a potential reduction in credit losses
To measure the credit implications of identity-verifying IRS tax data, we evaluated more than 100,000 commercial loan applications against our database of identity elements. We found that match failures were not a frequent occurrence, but when identified, these borrowers are 300% more likely to default.
In this cat-and-mouse game of fraud detection, there is no silver bullet to stay ahead of every tactic. However, by keeping your finger on the pulse of a business’ federal tax standing, you’ll be making the most confident lending decision possible.