Home / Banking Strategies / What’s your plan for battling synthetic fraud?

What’s your plan for battling synthetic fraud?

Feb 10, 2021 / Fraud Prevention
Fraud Prevention & Cybersecurity

Synthetic fraud is appearing more frequently in conversations and on security agendas across the financial services industry. This is not because synthetic fraud is new—this problem has been on the security radar for financial services firms for years—but rather because it is getting more sophisticated every day. This comes against the backdrop of monumental shifts in business practices because of the COVID-19 pandemic.

At the most basic level, synthetic fraud is the use of fake identities created specifically to conduct crime. A fraudster typically combines a range of data sources to create a plausible identity that checks all the right boxes for the advanced security processes and technologies already in place at financial services firms. Because there is usually no “victim” of this crime—no real person whose identity has been stolen—this type of fraud can evade financial institutions for a longer period of time than many other fraud types, thus increasing the potential threat.

Sophisticated criminals can cobble together critical aspects of an identity from a variety of sources to create convincing digital profiles. For example, they combine a falsified social security number with a plausible real-world address and phone number, or go to the dark web to purchase a credit history, and combine these different elements in a well-packaged identity likely to slip through most fraud safeguards at banks, insurers and other institutions. Once past the safeguards, they can create significant damage.

The good news is the analytics tools available for targeting these criminals is also growing more sophisticated. While the pursuit of synthetic fraud can be far-ranging, leading to a wide range of possible data sources, there are three key areas in which analytics activities are often focused.

Devices: Data on the devices that would-be fraudsters use in their interactions with firms, as well as browser type and other personal use patterns, can provide valuable signals for uncovering fraud. For example, if a particular location (not just a city or town, but a specific building or other coordinate) has been identified as a source for other troublesome activity, account activity coming from such a location can be flagged and examined.

Similarly, browser usage can tell its own tale. Criminals often use cheap “burner” devices that are outdated and run older software and browsers—a telltale sign that may be worthy of further investigation, especially when paired with other suspicious data.

Device activity: In addition to identifying the devices fraudsters are using, understanding the specific activities taking place on the devices can add a critical layer of insight. Is the user cutting and pasting information repeatedly and on a large scale? How long has it been since the computer has been updated? Is the screen operating at a specific resolution that is often associated with fraudulent behavior? Screen resolution is highly predictive of fraud, since fraud-oriented server farms don’t require machines with high resolution.

The answers to these types of questions can be highly correlated with fraudulent activity, which means they can be quite valuable to financial services firms using analytics to guard against fraud.

Public records: Even if customers don’t always leave a digital trail, they can leave a valuable footprint in public records. By accessing data on everything from utilities to motor vehicle registrations, then comparing that information to customer data, financial institutions can pinpoint anomalies that lead directly to fraudulent activity.

The Customer Identification Program—a mandatory, regulated program in the United States—is a tool for sniffing out fraud and scrubbing data to find the true identify of customers and prospects. Even cellphone data (how long since the device was enabled, when its SIM card was pulled, etc.) can provide valuable information, especially when paired with other data.

These sources of data on their own only offer limited utility—their value is amplified when they are combined with other sources. That’s where analytics algorithms play an important role, along with focused capabilities in areas such as supervised learning, unsupervised learning and network analytics to establish linkages between suspicious activities and greater certainty before accusing customers of fraud.

John Watkins is an industry consultant for SAS Institute, Bruno Domingues is principal architect with Intel Corp.

Subscribe to the BAI Banking Strategies newsletter and podcast.