Consent-Based Social Security Number Verification Helps to Reduce Synthetic IDs

With the headlines swirling about data breaches and the sensitive information that is being sold on the dark web, it may seem like the most basic level of identification — the Social Security number — is simply a liability, something the fraudsters can find at a moment’s notice and use against us.

As Early Warning Vice President and Product Line Leader for Risk Insights Paramita Bhattacharjee told PYMNTS, the Social Security number can be an effective line of defense for financial institutions (FIs) seeking to ensure that account opening requests and applications for financial products are being presented by people who are who they say they are.

 

She pointed to an Aite Group study in February that noted 85% of FIs experience fraud during the account opening process, but consent-based Social Security number verification is having a positive impact amid the great digital shift.

“With the shift toward digital technology, it’s becoming increasingly difficult to confidently validate a consumer’s identity,” Bhattacharjee said. “And fraudsters are obviously getting more sophisticated.”

The conversation came against a backdrop in which synthetic identity fraud has been on the rise as more commerce shifts online. In one conduit toward establishing these fake profiles, the cybercriminals have been able to take Social Security numbers, leveraging them in an effort to create composite identities.

Introducing the eCBSV

But, as Bhattacharjee noted, the Social Security Administration (SSA) has introduced an electronic consent feature — known as eCBSV — with its real-time verification solution. In terms of mechanics, the solution allows FIs and other organizations to verify that data — chiefly, an individual’s name, Social Security number and birthdate — match SSA records (or that they don’t, which may raise red flags that fraudsters are trying to pass themselves off as legitimate).

The result is that FIs, connecting to the SSA’s eCBSV service through Early Warning’s application programming interface (API), are reassured that they are interacting with legitimate customers. Bhattacharjee noted that Early Warning was selected as one of 10 initial “permitted entities” to participate in the eCBSV service, and banks/credit unions (segmented by low, medium and high volumes of activity) can layer other identity-proofing functionalities (their own and Early Warning’s) to shore up their decisioning activities.

Bhattacharjee explained that when it returns a “yes” or “no” match on the Social Security number, the service does not provide confirmation of the individual’s identity. Other data attributes can help FIs determine that identity with certainty.

The consent feature is reflective of identity verification trends that accelerated during the pandemic due to a spike in online account openings.

“Consumers are being empowered, and want to be empowered, to control their data,” said Bhattacharjee, noting that they’ll only share their information if they’re confident that the data is secure.

At the same time, they demand a streamlined experience when it comes to interacting with their FIs — no matter if security efforts take place through consumer permission, identity verification through authentication using credentials, device identification, behavioral metrics, biometrics and deployment of artificial intelligence (AI) or machine learning (ML) technologies for identity assertion.

Bhattacharjee said we’re headed toward an age when decentralized identity will give consumers power over their identity credentials, perhaps through a self-owned digital identity wallet. Decentralized identity could eventually become the norm for any number of verticals beyond financial services, such as healthcare, government payments or benefits (such as food stamps), she added.

In that scenario, when a consumer needs to prove their identity — say, for a loan application or to verify their age in the bar — it wouldn’t involve pulling out different documents or a license.

“All a consumer would need to do is deploy their wallet with previously verified, personal identifiable information ready to share,” Bhattacharjee said.