How to conquer synthetic identity fraud
“No single organization can stop synthetic identity fraud on its own,” reports The Federal Reserve. “Fraudster tactics continually evolve to stay a step ahead of detection—and the most sophisticated fraudsters can operate at scale in organized crime rings, generating significant losses for the payments industry. It is imperative that payments industry stakeholders work together, share information and keep up with the threat.”
Synthetic fraud is today’s fastest-growing type of financial crime. To make matters worse, up to 95% goes undetected by regular fraud models, as these actors behave, act and look like regular customers that neither the human eye nor highly complex computer vision methods would have detected.
With synthetic fraud being so difficult to detect, what can we do to defeat it? Well, like many things in life, the solutions are right in front of us, and sometimes so simple we cannot see it.
The secret is putting aside our innate competitive drive to focus on teamwork, collaboration and partnership. Businesses must pivot toward protecting one another and implementing safer ecosystems that can improve equitability and access across demographics and socioeconomic levels.
How might putting aside our competitive drive to focus on the greater good work? Here are a few examples of this in action.
Would anyone have guessed a year ago that Apple and Google would collaborate to enable notifications across platforms? When the pandemic started, “contact tracing” become a part of our everyday language used to discuss COVID-19.
Given the urgent need to find solutions to protect people and get society back up and running, Apple and Google worked together to launch a comprehensive solution that includes APIs and operating system-level technology to assist in enabling contact tracing. Through close cooperation and collaboration, the power of technology was used to help countries around the world slow the spread of COVID-19 and accelerate the return of everyday life.
To address vaccination verification, a coalition of more than 200 members, including Microsoft, Oracle and Salesforce, began working together with healthcare workers to release global standards for mobile apps that verify whether someone has had a COVID-19 vaccine. The Vaccination Credential Initiative standards will incorporate digitally verified clinical data with a name and birthdate that can also be displayed as machine-readable QR codes.
In the sharing economy, Uber and Lyft announced they will share information about drivers deactivated for serious offenses. This project was the first time the two companies have collaborated to safeguard customers and address inappropriate behavior.
As within each of these examples, the same concept applies in fighting identity fraud, which we cannot defeat entity by entity, individual by individual—but as a unified, global consortium working to detect fraud.
Moving past archaic ecosystems
Of course, an entire industry has sprung up around identity management. Each organization is vying for its piece of the pie and touting its proprietary approach. And while there’s no doubt that we each have something unique to offer, by compartmentalizing our solutions in this way, we’ve been denying one another the opportunity to solve this problem once and for all.
To move past archaic ecosystems that require people to be physically present to verify their identity—like those we face at the DMV, or in the voting booth, or when closing on a property, we have to create trusted partnerships that allow us to curate technology and mash up verification systems in a way that feels seamless to consumers.
My thinking on this may seem big-picture and blue-sky—that together we can build a more secure and inclusive world—but it’s rooted in powerful use cases. Twitter relaunched its public verification program for users that are notable, authentic and active across six criteria categories. This new process allows Twitter to become a more secure and inclusive platform that can add dedicated verification categories from user suggestions.
To safeguard Uber drivers in LATAM, the company implemented a program that requires users who request to pay in cash to scan an official identification such as their voting credentials, national ID, passport or driver’s license for verification. A similar rider verification feature was implemented in the U.S. to help keep rideshare drivers safe from carjackings.
The most exciting and important things happening in identity verification right now are because companies are laying down their arms to deliver platforms driven by collaboration that prioritize the greater good.
We can’t afford to wait to collaborate
Collaboration around identity management is especially important today for two reasons.
First, the COVID-19 pandemic created an environment where people are more concerned about cyberattacks than terrorist attacks. And they have to worry about protecting not only their own identity but their children’s, as we saw children emerge as one of the biggest identity theft targets during the pandemic.
The arrival of our truly physical-digital existence has forced identity protection to the forefront of our minds and amplified the need to understand how, through technology, our identities and behavior can be used to equalize and authenticate our access to all of life’s experiences.
Second, there’s been an exceptional rise in all types fraud, including synthetic. Tackling this will require an intelligent, coordinated defense against cybercriminals employing new and more sophisticated techniques. Not unlike a police database that tracks criminals in different states, there’s a need for platforms where companies can anonymously share data signatures about bad actors with one another so that fraudulent activity becomes much easier to detect.
According to the Aite Group, 72% of financial services firms surveyed believe synthetic identity fraud is a much more pressing issue than identity theft, and the majority plan to make substantive changes in the next two years. With collaboration driving that change, we have seen some cases of increasing synthetic fraud detection by more than 100% and the ability to catch overall forged documents by 8% in certain platforms. These significant reductions in risk and losses, where total operational loss can exceed $1,000 USD per incident, may reduce total operational loss by millions for many businesses.
This fight needs a consortium—members of the public and private sector, friends and foes who will join together. Fighting identity fraud should no longer be a siloed task for risk and compliance departments in highly regulated industries. Rather, it’s a multichannel, age- and industry-agnostic threat that’s best tackled entity by entity, individual by individual.
Enterprises have for too long taken a siloed approach to digital identity processes. Fraudsters know how debilitating silos can be, which is why they not only seek to exploit them in the businesses they attack but also avoid them in their own activities by embracing networks. Today, we have an opportunity to accelerate unification and adaptive identity processes to create a more secure and inclusive world that beats fraudsters at their own game.