Explore newer verification tools that can handle applications at high volume
Jump to ↓
| Growth of Frankenstein identity fraud |
| What can government agencies do? |
 |
The threat of synthetic ID fraud — often colorfully called Frankenstein fraud because, like the legendary monster, it’s composed of parts of other identities that have been stitched together into a fraudulent composite — has been accelerating as private and public organizations move into the digital age. Synthetic ID fraud creates fabricated identities using names, addresses, birthdates, and Social Security Numbers (SSNs) from different people. Once assembled, the fabricated ID can be used to apply for bank accounts, credit, loans, and government benefits.
Interestingly, synthetic ID fraud is facilitated by a paradox: More information is asked of us now from private and public entities because verification in the digital age has become more crucial. However, as these bits of information are gathered and stored, they become more susceptible to theft, often on a grand scale.
Mass theft of personally identifiable information (PII), typically on the dark web, is now the primary means by which the main ingredients of digital fraud attempts are obtained. Consumers routinely get notifications of breaches of public and private servers, warning that their PII may have been compromised. The individual can do little about this except monitor their credit reports vigilantly. They cannot prevent it, and often the misuse of their information is not easily visible to them.
Fraudsters also continue to obtain PII through means of personal theft (rummaging through personal documents) or through conning information from a target using a pretext, such as posing as a government agency or financial organization representative, often by phone or increasingly via realistic-looking emails and web portals.
Growth of Frankenstein identity fraud
One reason synthetic ID theft in the commercial sector has grown is that committing fraud using physical credit cards has become more difficult with the adoption of EMV-chip cards. Not surprisingly, as financial institutions begin to tighten up on banking and credit fraud, fraudsters may see diverting government benefits as a more popular route.
Government agencies that seek to protect the more fraud-vulnerable populations that they serve may find it a difficult task. Anyone’s information can be used to cobble together synthetic identities — children, the elderly, and people with unstable housing are often targeted often because these individuals are less likely to regularly access credit file reports and detect suspicious activity. For example, 1 million children had their PII used in fraud in 2017.
Making things more difficult for government agencies, SSN assignments are now randomized rather than being tied to state location, make quick location checks useless in detecting fraud. The Federal Reserve estimates that 40% of synthetic IDs use post-randomized SSNs, and some unscrupulous brokers even sell currently unassigned SSNs on the dark web as well.
When government agencies are the target, SSNs are a linchpin. Synthetic ID fraud is successful simply because it exercises a degree of methodical deception and patience, even harnessing the power of previous failures. Once a fake identity is established, fraudsters can use it to obtain goods and services quickly.
Worse yet, credit reporting agencies can play an unwitting support role in synthetic ID fraud by solidifying a synthetic ID once it is established, making it even harder for agencies to flag or tag. Once established, the new ID can be used to apply for easier forms of credit, establish accounts, and gain access credentials, like to government benefits.
Unfortunately, legitimate government benefit applicants and real SSN holders activating their rightful benefits only find out about the theft when their own benefits are delayed or denied.
 |
What can government agencies do?
Government agencies can leverage next-generation digital screening approaches to take a more preventive stance against fraud and digital impersonation by creating comprehensive identity verification solutions that use a variety of personal characteristics — not just stable IDs. This can prevent fraud early in the process, which helps both the agency and the legitimate applicant.
Agencies and watchdog groups can monitor social media and the dark web for indications that their agency is being targeted, and note the emerging methods used by fraudsters, which are often discussed online by ID theft victims and even sometimes by fraudsters themselves.
Finally, government agencies need to be deliberate about what security upgrades are right for their mandate and their user base. Newer, faster verification methods, such as behavioral biometrics, can collect additional personalized data which also must be secured. Agencies also should ensure that this data is not subject to breach during a cyberattack, accessible to outside commercial interests, or otherwise misused.
Agency leaders need to ask themselves whether their agency is working with third-party vendors that have a record of good practices regarding client data security. Also, they should determine if their database is siloed or shared with other agencies.
As today’s rise of Frankenstein fraud demonstrates, new and increasingly sophisticated fraud techniques require that government agencies undertake these needed steps and security upgrades in order to uphold their core purpose — serving the public.
For more on how ID verification can help fight against sophisticated fraud, read our white paper, Maximizing trust and customer experience: Leveraging identity verification for faster benefits delivery.
 |
Thomson Reuters is not a consumer reporting agency and none of its services or the data contained therein constitute a ‘consumer report’ as such term is defined in the Federal Fair Credit Reporting Act (FCRA), 15 U.S.C. sec. 1681 et seq. The data provided to you may not be used as a factor in consumer debt collection decisioning, establishing a consumer’s eligibility for credit, insurance, employment, government benefits, or housing, or for any other purpose authorized under the FCRA. By accessing one of our services, you agree not to use the service or data for any purpose authorized under the FCRA or in relation to taking an adverse action relating to a consumer application.
