Like so much else in 2020, our expectations for synthetic identity fraud turned out differently. What actually occurred, and where do we go from here?
Fraud prevention professionals were blindsided by the COVID-19 pandemic. Nothing could have prepared them for governments and businesses suddenly needing to deliver products and services through digital channels at scale. Of immediate concern was the risk of accelerated identity and financial crimes often seen during localized natural disasters.
Fraud prevention professionals feared an exacerbated rise in fraud due to global financial distress and disruption to normal business practices. In particular, these professionals were alarmed by an increase in synthetic identity fraud, in which criminals combine real and fake information to create a new identity to open fraudulent accounts and make fraudulent purchases. With fewer opportunities to use traditional identity verification methods, the fear was skilled digital scammers and social engineers could find vulnerabilities in faceless channels, and ultimately gain access to cards, loans, goods and services.
However, as we looked back at the incidence rates of synthetic identities in consumer credit, we saw a different story, detailed below. Part Two of this series will offer practical recommendations for mitigating synthetic identity fraud in 2021.
Synthetic identity fraud decreases for businesses, increases for consumers
After the World Health Organization (WHO) declared a global pandemic in March 2020, government agencies and businesses in the US quickly instituted changes to how they conducted business. In Q2 2020 — our first COVID-19 quarter — we saw double-digit reductions in suspected synthetic identity incidence rates for credit cards, auto loans and leases, and unsecured personal loans. The trend held in Q3 2020 as synthetic identity incidence rates for new accounts dropped 35% for personal loans, 33% for credit cards, and 23% for auto loans and leases compared to Q3 2019.1
Meanwhile, digital scams against consumers, such as phishing and other forms of social engineering, have remained high. At the end of Q3 2020, more than a third of consumers polled in TransUnion’s Financial Hardship Survey reported being targets of digital fraud attempts related to COVID-19 — a full 12 points higher than when the pandemic began. Of those instances of digital fraud, phishing was the most common scam at 29%.
Given these data trends, here’s why we aren’t seeing the expected acceleration in synthetic fraud in credit and lending:
- Many financial institutions have improved synthetic fraud mitigation strategies. In 2014, synthetic identity incidence rates were increasing rapidly — at roughly 25% year-over-year for credit cards — according to TransUnion’s consumer credit database. The next year, it increased another 30%. Larger financial institutions have applied focus here over the last few years, making them better equipped to mitigate synthetic fraud risk in 2020 than in the past. Additionally, many organizations further tightened credit criteria during this period of uncertainty while rapidly reducing marketing to slow originations overall.
- Opportunistic financial crime perpetrators are focusing on new, richer targets — business loans. In 2020, the CARES Act brought unprecedented government-backed loan funding to struggling business owners, including 5.2 million Paycheck Protection Program (PPP) loans issued within weeks, distributing more than $500 billion to businesses across the US. In “Crime Comes to SMB Lending,” Aite Group found synthetic fraud contributed to more than 60% of credit fraud in small- and medium-sized business (SMB) banking. While consumer lenders typically offer credit cards and loans ranging from $300 to $100,000, business loans generally range from $100,000 to $10,000,000 — offering an opportunity for fraudsters to open larger loans. Many have been investigated and charged, as at least $175 million in issued relief funds were deemed illegitimate loan applications.
- Demand for Credit Privacy Numbers (CPNs) went down during the initial COVID-19 response period. Formatted like a Social Security number, a CPN is advertised as a way to create a brand-new credit profile to sidestep derogatory credit and public record histories which — often unwittingly — amounts to the creation of a synthetic identity. Since the CARES Act included forbearance and accommodations on loans and other outstanding consumer debts, fewer consumers found themselves needing to turn to alternative means of relief.
Will lower synthetic identity incidence rates continue through 2021?
It’s possible — but a recent Aite Group report estimates synthetic identity fraud for unsecured credit products in the US will hit $1.8 billion in 2020, growing to $2.4 billion come 2023, affirming concerns that a reacceleration of synthetic identity fraud is in the forecast.
Additionally, unprecedented government-backed funding for programs like PPP were only a temporary target for fraudulent activity. Credit abusers and synthetic fraud perpetrators are likely to return to their original sources of funding in consumer credit. With the added funds collected by financial criminals through identity theft and fraudulent business loans, many fraud prevention professionals believe attempts may be made to move and launder money obtained through synthetic identity fraud and mulling.
For more information about synthetic fraud in 2020, download your copy of the Aite report. And stay tuned for Part Two of this series in which we offer recommendations for mitigating synthetic identity fraud.