Fraudsters create synthetic identities to impersonate legitimate businesses and can bust out with thousands of dollars in credit before being caught. In this month’s Monetizing Digital Intent Tracker, Angie Dobbs, VP of fraud and risk at financial software company Wave, explains how behavioral analytics can uncover when synthetic identities are in play before they cause harm.
Identity fraud is one of the most pervasive types of cybercrime, and bad actors are growing increasingly sophisticated in the schemes they use to perpetrate it. One of the most dangerous threats is synthetic identity fraud, which entails bad actors constructing new identities from scratch rather than stealing existing personal information.
Synthetic identity fraud can be particularly hard to catch, as it leaves no victim to report a stolen identity. Businesses must instead rely on ironclad identity verification measures, but even these cannot be deployed in isolation, said Angie Dobbs, vice president of fraud and risk at financial software company Wave.
“Identity verification is really key, but you can’t just rely upon that,” she said in a recent interview with PYMNTS. “Layering things like more robust ID verification and behavioral analytics enables you to look at the activity of how users are navigating our platform, offering a triangulated approach that leverages multiple data sources as well.”
Dobbs offered PYMNTS an inside look into what makes synthetic identity fraud so dangerous and how harnessing behavioral analytics can help businesses minimize its threat.
The Synthetic Identity Threat
One of the key challenges posed by synthetic identity fraud is that it is difficult to detect in the first place. The lack of a victim to report a stolen identity means there is no giveaway that fraud is taking place, and the fact that bad actors are creating new accounts from scratch renders traditional authentication methods, such as passwords, ineffective.
“The tricky part with synthetic identity fraud is it’s really difficult to determine whether it’s true identity theft or synthetic without being able to dig into the credit file and the data that you have to try and locate the real identity and verify that there’s no victim,” Dobbs said. “It’s a data science problem, in and of itself, in actually being able to determine if this is a credit loss or synthetic identity fraud.”
The types of synthetic identity fraud that bad actors wage against Wave can vary greatly, Dobbs explained. The most common types involve fraudsters leveraging artificial intelligence (AI) programs en masse to impersonate business owners.
“We tend to see synthetic ID farms, which is when a fraudster has created a synthetic identity to assume the role of a business owner,” she said. “Sometimes, they will take over an actual business that has an online presence and a working website, but leveraging a synthetic identity instead of the true identity of the real business owner that they’re taking over.
“Then, they’ll open a series of credit cards at various financial institutions with various other synthetic identities and they’ll make fictitious invoices.”
Stopping this synthetic identify fraud requires defensive systems that use behavioral analytics in addition to other technologies to weed out fraudsters from legitimate customers.
Leveraging Analytics to Protect Employees and Customers
Dobbs said there are some telltale signs of malfeasance when it comes to synthetic identity fraud, as bad actors perpetrating these scams enter and access data differently than legitimate customers do. Analytical models, in particular, are key to identifying these clues and separating bad actors from good customers.
“Within these [analytics] models, we’re looking at behavioral characteristics,” she explained. “Wave is quite complex, so very few users come in and just process a payment right there. They’re clicking around, they’re trying to figure out how to use various tools. By looking at how good users navigate your site and then how some of the fraudsters are navigating your site, you can start to separate those two populations.”
Even the ways in which users enter basic identifying data can provide key insights into their legitimacy. Good customers tend to enter information manually and with few mistakes, for example, while fraudsters either run into typos or enter their synthetic information in clumps.
“One interesting area that I highly recommend is things like keystroke analysis,” Dobbs said. “How do good users tend to fill out their application versus someone who’s copy-pasting or autofilling multiple applications one after the other?”
Synthetic identity fraud is likely to grow more sophisticated in the coming years as fraudsters develop more advanced tools to wage this fraud on a larger scale. Behavioral analytics will be key to keeping them at bay.