How to Fight Synthetic Identity Fraud with IRS Data Published October 8, 2019
Synthetic identity fraud is one of the most significant and problematic threats facing commercial lenders today. According to the U.S. Federal Trade Commission, it’s the fastest-growing and hardest-to-detect form of identity theft.
A recent study reported that synthetic identity fraud cost lenders as much as $6 billion in 2016 and was determined responsible for 5% of charged-off accounts and up to 20% of credit losses. According to another study, between 2014 and 2018, there was between $4 billion and $8 billion in losses connected to synthetic identity theft problems alone.
A new reality has emerged, making synthetic identity fraud the predominant tactic for fraudsters.
What is Synthetic Identity Fraud?
Synthetic identities are created by fraudsters who manufacture a fictitious identity with a combination of stolen, but real identity elements.
The fraud process begins when the perpetrator applies for credit with various lenders using the synthetic identity information. Over time, a new credit profile shows up within the credit bureaus and data aggregators giving the appearance of being a real identity to commercial lenders. Eventually, the fraudulent credit profile grows until credit is issued.
This phantom crime not only costs commercial lenders billions of dollars in credit losses, but countless hours are wasted chasing around non-existent identities that often appear as credit losses instead of fraud losses.
The Synthetic Identity Treasure Trove
The explosion of synthetic identity fraud can be attributed to the proliferation of recent identity theft incidents. As a result, creating synthetic identities is easier than ever.
A quick perusal of data breach-related news shows that breaches have been occurring at an alarming rate:
- Equifax – Last year in what was the mother of all breaches, the credit bureau, Equifax, sustained a breach resulting in nearly 150 million identities leaked to the dark web.
- Experian – Another major credit bureau, Experian, suffered a major breach in fall 2015 when hackers were able to steal the personal information of 15 million consumers who had applied for T-Mobile wireless service.
- Marriott – In November 2018, Marriott hotels announced that the data of up to 500 million of their guests had been compromised. According to Marriott, the hackers accessed guests complete reservation information – including names, addresses, phone numbers, email addresses, dates of birth, etc.
Unfortunately, these are hardly isolated incidents. According to Fraud.org, a nonprofit advocacy organization that tracks data breaches, the list of companies involved in breaches is seemingly endless and continues to grow – to the tune of 1 billion records exposed.
It’s not surprising that fraudsters have made the creation of synthetic identities a weapon of choice.
Vulnerabilities of the Credit Bureau Solution
To combat synthetic identity fraud, common identity verification solutions rely upon borrower application data and the frequency of those applications within credit bureaus and data aggregators. However, once a fraudulent or synthetic business has created a credit file within these data sources, it is nearly impossible to identify or remove.
Looking at these public data sources merely tells you if a fraudulent or synthetic business applied for credit numerous times. It does not verify with confidence whether or not the identity is real.
This inherently flawed process is the byproduct of relying upon credit bureaus as both the source of credit creation and fraud mitigation.
Tax Data Is the Most Reliable Data Source to Verify Borrowers
The answer begins with a new data source – IRS tax information.
All businesses are required to comply with tax law by filing tax returns and making payments to the IRS. Ask any business owner to go down the list of rigorous and comprehensive tax requirements, and their responses will include:
- Registering with the IRS to get an Employer Identification Number (EIN)
- Withholding and depositing employee taxes
- Filing quarterly and annual returns
These are the requirements associated with real businesses with real names that match their EINs in the IRS database.
It’s not reasonable for a fraudulent business to create a fraudulent business record with the IRS because of the time, effort, and cost to keep up with building and maintaining an IRS tax account. In other words, fraudulent and synthetic businesses don’t and won’t file taxes. As a result, validated IRS records don’t consist of synthetic identities.
So how can a commercial lender improve their business verification and fraud prevention toolkit?
Using Tax Data to Weed Out Synthetic Identities
Fighting synthetic identity fraud doesn’t have to mean using data sources filled with fraudulent records and running around chasing identities that don’t even exist.
Tax Guard’s IDCheck solution uses IRS data to instantly verify business identities directly with the IRS. By doing so, commercial lenders can be confident that a prospective borrower is real.
Matching a business name to IRS records has a two-pronged benefit:
- It’s a better way to identify high-risk borrowers, and
- It also allows for a potential reduction in credit losses
To measure the credit implications of identity-verifying IRS tax data, we evaluated more than 100,000 commercial loan applications against our database of identity elements. We found that match failures were not a frequent occurrence, but when identified, these borrowers are 300% more likely to default.
In this cat-and-mouse game of fraud detection, there is no silver bullet to stay ahead of every tactic. However, by keeping your finger on the pulse of identity verification tools like IDCheck, you’ll be making the most confident lending decision possible.
Learn more about Tax Guard’s IDCheck product and discover how Tax Guard can help you fight synthetic identity fraud throughout your lending process.