Beating the Synthetic Identity Fraudsters: Machine Learning Vs. Automated Fraud

This Boston, US, based cyber fraud detection company combines Machine Learning (ML) software, which looks for suspicious patterns, with human expertise in the loop to better identify and predict one of the most crushing problems in the financial industry, Synthetic Identity Fraud (SIF).

Cyber hackers impersonating real people in sophisticated and increasingly automated fashion is becoming the worst kind of threat to financial institutions today. Not only are they impersonating people to gain access to an account to steal money, but they are also increasingly creating synthetic identities.

Read more: {Fintech Launch: Finch} A Vision to Financially Empower American Millennials and Help Close the Wealth Gap

SIF is a complex form of identity theft, where fake identities are created from real identity elements from real people, who have been compromised on the dark web.

To find out more about the devastating impact of SIF, The Tech Panda had a detailed chat with Greg Woolf, the CEO of FiVerity, a leading provider of cyber fraud detection and threat intelligence.

SIF is estimated to have created US $12 billion in losses for 2020. And it’s hard to put a hard number on the loss but analysts predict it could be up towards a US$ 30 billion potential impact year over year

The impact of SIF is massive, says Woolf.

“Though they may only represent 2% of consumer loans, synthetic ID’s can cause 25% of loan losses in a typical retail lending portfolio. SIF is estimated to have created US $12 billion in losses for 2020. And it’s hard to put a hard number on the loss but analysts predict it could be up towards a US$ 30 billion potential impact year over year,” he says.

FiVerity’s SynthID® Detect platform leverages ML to combat the fraudsters´ increased use of AI and automation. The company announced today that it closed a US$2 million round of financing to expand its cyber fraud detection and threat intelligence platform.

Fraudsters are becoming more sophisticated and are using AI to massively automate and scale the way they’re attacking banks

The investment was fuelled by Mendoza Ventures and a class of super-angels from the cybersecurity and financial services industries, including serial entrepreneur Doug Levin, who has been appointed as the company’s Executive Chairman. FiVerity will use the funds to expand its products and ramp up sales and marketing efforts.

What is SIF?

According to a white paper by the Federal Reserve, SIF is the fastest growing financial crime in the US (25% per annum). In SIF schemes, criminals use a combination of real and falsified data to create and cultivate fictitious accounts as a precursor to subsequent fraud and criminal activity.

This cobbling together of personal information makes the fraudulent activity difficult and time consuming to detect

Automated SIF fraudsters search and hone for personal information like Social Security Numbers (SSNs) and information on the dark web. This information is primarily gathered from data breaches to credit institutions, banks, or other companies that have collected personal data.

“This cobbling together of personal information makes the fraudulent activity difficult and time consuming to detect,” says Woolf.

Busting Out

Synthetic IDs behave like legitimate accounts and may not be flagged as suspicious, using traditional fraud detection models. This allows fraudsters to cultivate these fake identities, build positive credit histories, and increase their borrowing or spending power before ´busting out´ – maxing out their credit lines with no intention to repay-security threats and potential risks to the financial system at large.

The real challenge is that financial institutions aren’t readily able to identify these SIF accounts based on the rules-based systems they currently deploy

“The real challenge is that financial institutions aren’t readily able to identify these SIF accounts based on the rules-based systems they currently deploy. Most times, it’s only after the fraudster ´busts out´ by maxing out the carefully earned credit lines and abandoning the identity without paying anything back to the institution. So, a financial institution has to work backward to determine who the thief is after the big hit and loss,” Woolf explains.

How Does a SIFster Work?

A fraudster combines a stolen SSN and fake information, such as a false name, incorrect address, made-up date of birth or new phone number to create a false identity.

“It’s one of the most difficult forms of cyber fraud to monitor and catch because many of the fraudsters are playing a long game with this approach. It will sometimes take years to build good credit of a synthetic profile before maximizing its debts and abandoning the identity (busting out),” Woolf explains.

It’s one of the most difficult forms of cyber fraud to monitor and catch because many of the fraudsters are playing a long game with this approach

He further informs that fraudsters are increasingly setting up accounts with banks, credit unions, and credit card providers, creating a track record to build up greater credibility before the big hit. They use automation and ML algorithms to generate thousands of these fake identities at scale.

Criminals use synthetic fraud to steal funds, escape detection by the government or financial institutions, borrow money from banks and never pay it back, apply for PPP loans under fake company information, and create synthetic identities for unemployment, medical, and healthcare claim fraud.

Unautomated Rules-Based Systems Can´t Keep Up

Banks and financial service institutions have legions of qualified talent and systems in place to protect against hackers and cyberattacks. However, the unautomated, rules-based systems currently deployed at most banks and credit unions ´just can’t keep up with the scale of the growing and automated SIF attacks,´ says Woolf.

The Federal Reserve reports that 85% of SIF attacks are now slipping through the cracks

“Fraudsters are becoming more sophisticated and are using AI to massively automate and scale the way they’re attacking banks. The rules-based systems in place are inadequate. The Federal Reserve reports that 85% of SIF attacks are now slipping through the cracks,” he says.

As Always COVID-19 Makes it Worse

The Federal Reserve report says SIF is growing at a scale that is costing the financial services industry billions of dollars a year. Moreover, the problem is exacerbated with digital transformation led adjustments occurring within the financial services industry in response to COVID-19.

In addition, with staff working remotely and customers applying for and managing accounts online, the problem is getting more complicated. This has pushed fraud risk to a four-year high, says Woolf.

As banks and credit unions strive to remain relevant and grow new accounts, the new digital transformation initiatives during the pandemic have become their Achilles heel

“As banks and credit unions strive to remain relevant and grow new accounts, the new digital transformation initiatives during the pandemic have become their Achilles heel. It has opened the door wider for cyber fraud, making them more vulnerable to the point that they don’t even know if they have synthetic identities within their current portfolio of customer bases just waiting to bust out,” he says.

FiVerity ML to the Rescue

FiVerity’s SynthID® Detect platform leverages ML to combat the fraudsters´ increased use of AI and automation. As Woolf says, “The time for machine learning is now.”

Incorporating the human analyst’ experience, FiVerity continuously learns from these expert business users to improve from their approaches and techniques in real time. It observes and captures their strategies and tactics used, detecting fraud in new account opening and uncovers patterns that are the tell-tale signs of other types of financial crimes.

The platform combines ML software, which looks for suspicious patterns, with human expertise in the loop to better identify and predict scammers

The platform combines ML software, which looks for suspicious patterns, with human expertise in the loop to better identify and predict scammers. It provides real-time detection of new accounts as they are being opened, and reviews existing portfolios for accounts getting ready to ´bust-out´ before they can cause too much damage, if they’ve already established a fake synthetic identity within a bank or credit union.

FiVerity has already saved banks and credit unions millions, having thwarted over 50% of potential cyber fraud claims with their ML fraud detection platform that would have gone undetected and slipped through the cracks.

Detecting and Thwarting SIF

FiVerity has three key elements within its platform and approach that makes the difference in detecting and thwarting the rise of SIF attacks.

1. The platform overlays the existing systems and third-party data-points that banks and financial institutions already have in house and are actively using.
2. Then it introduces the Human-in-the-Loop ML platform that leverages and continually learns from the human analysts’, investigators, and legions of expert fraud detection examiners that are actively working within banks today. “This real-world expertise and insights are infused within the platform itself to better detect suspicious patterns at a scale to better identify and thwart automated SIF attacks that couldn’t be detected by previous rules-based processes,” Woolf elaborates.
3. The company also helps banks share these suspicious patterns, automated approaches and fraudulent SIF behaviour not only with the individual bank but in a secure process that allows them to communicate with one another while protecting the data privacy.

“Similar to how police departments might share a criminal’s fingerprint, without divulging sensitive customer information,” he explains.

Fraudsters might be becoming smarter and tech savvier, using automation to gain millions, but companies like FiVerity are a step ahead with the technologies they deploy.