Synthetic fraud has boomed during the COVID pandemic. Here’s how to quickly spot this type of fraud and prevent it from doing harm.
According to the World Health Organization, the number of cyberattacks has skyrocketed fivefold since the beginning of the COVID pandemic, compromising the personal information of millions. Phishing and website fraud are particularly prevalent – in the first quarter of 2020 alone, AI-powered fraud prevention company Bolster detected 854,441 confirmed phishing and counterfeit pages, along with roughly four million suspicious internet pages.
With more people seeking streaming entertainment during lockdown – and millions of remote workers using mobile devices to access their employers’ networks – the threat of identity theft increased dramatically in that time period.
A growing trend in identity fraud is synthetic fraud, which occurs when a fraudster takes legitimate personally identifiable information, typically stolen in a data breach, and then combines it with some made-up details, such as a date of birth, address or phone numbers. The result: The perpetrator can open a bank account, apply for a credit card and apply for loans. According to the U.S. Federal Reserve, synthetic fraud is the fastest growing financial domestic crime, costing lenders $6 billion in 2016, with the average charge-off amounting to $15,000.
The key to catching a cyber-thief is to think like them. According to the Federal Reserve, these are the steps fraudsters use to create a synthetic identity for use in payment fraud:
- Step 1: Create an identity using stolen or fabricated personally identifiable information (PII).
- Step 2: Apply for credit using the synthetic identity.
- Step 3: Repeatedly apply for credit until approved.
- Step 4: Accelerate a positive credit history.
- Step 5: Max out the credit line and vanish.
Detection, prevention, protection
In order to stop synthetic fraud, banks and financial services companies need to take a proactive and holistic approach, informed by insights using data analytics and artificial intelligence tools. Historical data will only enable the bank to identify fraud that is common or mimics another fraud.
Based on our experiences across multiple banks, here are four steps banks can take to reduce their risk of synthetic fraud:
- Employ AI to catch forged signatures. To detect a forged signature, most banks today rely on tagging and extracting signatures from scanned images, setup of accounts, contracts and invoices. However, more advanced banks are using AI to find signatures on any page, in any direction – even over seals, cuts or embossments – and then training deep neural networks (a popular type of AI) to separate real signatures from forged signatures. Further, banks can improve predictions and decrease time spent using Evolutionary AI. Evolving deep network architectures and hyper-parameters automatically design Evolutionary AI solutions that are more efficient and effective, reducing data scientists’ time from weeks to hours. Since fraudsters are continuously getting smarter at committing fraud, banks need to bolster their predictive models to find more fraudsters and find them more quickly.
- Use data analytics to merge customer and fraud platforms. A big mistake we see clients make is that their complete customer and fraud dataset is divided into silos. This division makes it impossible to efficiently detect fraud. Banks need to more tightly merge disparate data sources related to customers and fraud to identify additional schemes and scans. Some of the most advanced banks are scanning customer identity elements processed through multi-hop networks to identify all the historical attributes associated with customers. Synthetic identities, which are repurposed using other identity elements, can be detected using multi-hop reasoning, which is a way to provide reasoning and querying capabilities over graph structures.
- Utilize deep-link graph analytics. Graph analytics help banks traverse several hops or levels of connected data within a graph to gather data and analyze it. Some banks have made progress with multi-hop deep-link analysis. When combined with AI models, this analysis can help banks generate richer data and predictive capabilities to find synthetic identities. Once a bank finds a fraud ring, it can use those fingerprints to mine for other fraud rings. The next way to find synthetic identities is to detect graph similarity to larger fraud rings using connected components of the original fraud.
- Catch and stop fraud with data enrichment. In order to catch and stop fraud before it becomes a bigger problem, banks need to enrich their data. This is the process of joining internal and external data sources together with fraud platform data. This unified view will help fraud investigators and analysts find the information they’re looking for, more quickly. Fraud investigators and analysts are asking increasingly complex questions across structured and unstructured data, often blending data from multiple applications and, increasingly, external or enriched data. Analyzing this level of data complexity at scale isn’t practical and, in many cases, isn’t possible using traditional query tools or query languages such as SQL. Thus, we recommend additional techniques to help banks quickly and effectively find larger and emerging schemes and scams related to synthetic identity fraud that have exponentially grown during the COVID era.
Fighting fraud, boosting loyalty
We worked with a Global Top 10 bank to enable a comprehensive program to curb fraudulent card and check transactions, and boost customer loyalty. According to the client, it was able to cut the business impact of synthetic IDs by multi-millions of dollars. In conjunction with fraud savings, the solution is able to detect early-warning signs and take corrective actions.
Both data enrichment and AI are critical to catch evolving fraudsters. When these approaches are applied as part of a complete strategy, banks can see data in new ways, enabling them to identify fraud schemes and scams more quickly and, in many cases, interrupt unlawful transactions in process.