NAFCU Services Blog

Feb 08, 2021 by Mastercard

3 Methods for Early Detection of Synthetic ID Fraud

By Kevin Rowland | NuData Device ID Solutions, Head of Global Business Development | Mastercard 

Fraud related to credit application, loan application, and any kind of on-boarding platform to access financial services or assets is on the rise since the world has been besieged by the coronavirus. This means that a seamless member experience with top-notch security is a must for credit unions in today’s digital world, particularly as digital payments skyrocket. “Application fraud is not only here to stay; it will get worse before it gets better,” according to a report from Aite Group. Thieves know where the money is and where to strike, so those in the financial services sector must be particularly vigilant. Last year, $31 billion in unemployment funds were found stolen by scammers in California alone. The battle against smart cybercriminals is never-ending. But some of the technology and services available to credit unions are getting smarter. And thankfully, this doesn’t always mean sacrificing a smooth user experience.

Infographic“Application fraud continues to be a major issue for financial institutions,” Aite reports. “It also remains among the most compelling ways to reduce losses while also supporting growth in revenue and improving the client experience in what is arguably the most important client-facing process.” To understand what technologies can effectively reduce losses, we should consider the different approaches fraudsters can take. Application fraud can be automated through bots, or manually through call centers paid to commit the fraud. While the manual approach is expensive, it’s also more effective because fraudsters can bypass the security measures put in place to thwart the bots.

Most fraud prevention tools can only detect simple bot activity. KYC (Know Your Customer) controls fail because the identity is either an existing one–which raises no questions–or a synthetic one–that can’t be compared to any previous data–and there is no other reference to know it is not legitimate. Similarly, while credit history reviews are valuable when legitimate users are involved, they don’t work with regard to synthetic identity fraud. And this deficiency is only getting worse. Aite states, “Synthetic identity fraud accounts for the lion’s share of losses associated with application fraud, which is projected to reach more than $4.1 billion in the U.S. by 2023.”

So what can your credit union do to get out ahead of this? Start by following these methods to detect fraud early:

1.   Study device information. How many application requests has this device sent in the last 24 hours? Is this location common for the credit union’s members? Has this device or network been linked to past fraud? Is this device an usual device that this specific member uses? For example, very few legitimate users use Tor browser. This private browser is often used by hackers, so your security team can set up alerts or risk thresholds depending on parameters that are unusual for normal users. The same is true if you see large sub-population changes, such as your share of Chrome users going from 35% to 55% in a short period of time. These sudden anomalies are often signs of ongoing mass attacks.

2.   Evaluate the user’s behavior. Human farm workers still have telltale signs from their repetitive motions. They try to be efficient so they can open more accounts and make more money. Look at things like:

  • The order in which a form is filled out. Bad actors fill out a form following the order in which they receive the information: they may start with the date of birth, then name, then address, then last name. A normal user will typically fill it out top to bottom.
  • Keyboard shortcuts. For example, Command+Tab to change between open apps and Crtl+V to paste the information on the form. These two shortcuts are often used to navigate from the application form to the Excel sheet where the stolen information is.
  • The familiarity with the form. Is the user moving the mouse unusually quickly and efficiently? Are they moving from one page of the form to the next faster than a normal user?

3.   Explore technology that brings clarity to your traffic.

Looking beyond basic user behavior, simple device usage, and login habits is critical to thwarting this onslaught of application and account creation fraud. By practicing these methods, you can keep your members safe without compromising their user experience. That means less financial and reputational risk to you, and peace of mind for your members.


About the Author