What’s in your ‘fraud bucket’?
Many banks and lenders pride themselves on having low fraud losses. Often losses are characterized in terms of dollars as well as a percent of originations. The best lenders keep fraud losses to less than ten basis points as a percent of originations. The best of the best are less than five.
But what’s in most banks’ and lenders’ “fraud bucket”?
Identity theft losses are for sure included. This is the most commonly tracked, traditional form of fraud.
- Most fraud models are built to flag applications likely to have a stolen identity
- Fraud operations teams are trained to manually review suspicious applicants to look for red flags related to ID theft
- Fraud investigation teams are established to respond to ID theft claims
This type of fraud is also very easy to identify. Typically, an ID theft victim calls a lender, says they received a request for payment on a loan they didn’t apply for, the claim is investigated and a fraud determination is made. If fraud is found, the losses related to that loan go in the fraud bucket.
But, only institutions with the most comprehensive risk management programs include the more subtle forms such as synthetic fraud in their fraud loss calculations.
Detecting synthetic fraud
In the case of synthetic identities, they are very difficult to detect. It is a new type of fraud and there is ongoing work to simply define what it is and what it looks like. The Federal Reserve has written three white papers alone on the topic of synthetic fraud.
As such, most Know Your Customer solutions are unable to pinpoint these fake consumers and, unlike ID theft, there is no “victim” in synthetic fraud. So, losses associated with this type of fraud often end up being counted in charge-offs.
Naftali Harris, CEO at SentiLink, explained on a recent roundtable why synthetic fraud is often not included in reported fraud losses at most companies.
“If you look at synthetic fraud in particular, this is a case of where someone has invented a fake person. Because that fake person doesn’t actually exist, when an account is opened and money is borrowed (using that identity), there’s no consumer victim who comes to you and says, ‘I’m the victim of identity theft.’ What ends up happening is the loan ends up charging off. A lender tries to collect on it, but can’t, and, if you don’t know what you’re looking for, then you’ll look at your fraud bucket and say, ‘I don’t have any fraud.’ But, you do, it’s just in a different loss category. As fraudsters get more sophisticated, a lot of those tactics fall in that same category.”
Expanding the definition of fraud
Some financial services providers are analyzing charge-offs and categorizing ones that are due to synthetic identities as fraud. This enables them to learn what identities are getting through their risk management controls and close the gaps.
On a recent webinar, Chip Kohlweiler, vice president of security at Navy Federal Credit Union, described the importance of defining synthetic fraud so there’s agreement on how to consistently label charge-offs associated with this type of fraud.
“Just the fact that we’re still talking about taxonomy of what (synthetic fraud) is, that shows as an industry there’s still plenty of losses buried in charge-offs that probably isn’t going to get better anytime soon. The pandemic is going to continue to impact credit losses in 2021 and it’s not going to get any easier to identify which portion of those are synthetic… If I could go back five years ago, I wish I had started tagging my charge-offs back then. We’ve spent a lot of time doing that this year, categorizing losses attributed to synthetic fraud and learned a lot in the process.”
When it comes to solving the problem of synthetic fraud, defining and measuring it is key. If synthetic fraud losses aren’t included in overall fraud loss calculations, there’s no way to understand the magnitude of the problem and take action.
To make sure your financial institution is accurately tracking and adequately safeguarded against all types of fraud, perhaps the best question to pose to the fraud team is “What’s in our fraud bucket?”