Synthetic identity fraud: Can I borrow your SSN?

Similar documents
Synthetic ID Fraud. Pervasive, Misunderstood, and Unknown. Monday, April 20th 10:15-11:15 AM

The New Reality of Synthetic ID Fraud How to Battle the Leading Identity Fraud Tactic in The Digital Age

Spotting ID Theft Red Flags A Guide for FACTA Compliance. An IDology, Inc. Whitepaper

I See Fraud Rings. by Dr. Stephen Coggeshall Chief Analytics and Science Officer. November 2012 WHITEPAPER

Recognize the many faces of fraud

Automotive Services. Tools for dealers, lenders and industry service providers that drive profitable results in today s economy

Strengthen security with intelligent identity and access management

Product. Onboard Advisor Minimize Account Risk Through a Single, Integrated Onboarding Solution

Meeting Identity Theft Red Flags Regulations with IBM Fraud, Risk & Compliance Solutions

WHITEPAPER. Complying with the Red Flag Rules and FACT Act Address Discrepancy Rules

Protect Your Personal Information. Tips and tools to help safeguard you against identity theft

Protect Your Personal Information. Tips and tools to help safeguard you against identity theft

How child identity theft happens.

Insurance Bureau of Canada

The Long Con: An Analysis of Synthetic Identities

Beyond passwords: Protect the mobile enterprise with smarter security solutions

I know what is identity theft but how do I know if mine has been stolen?

White Paper. Predictive Modeling for True-Name Fraud An Equifax Analytical Services Research Paper

Vulnerabilities in the U.S. Passport System Can Be Exploited by Criminals and Terrorists

MoneyGram International

Advantages & Disadvantages of Getting a New Social Security Number

A Unique Perspective into the World of Identity Fraud

PCI Compliance for Healthcare

Ineffective fraud prevention destroys profit margins. The right analytics keeps your business on target.

Setting smar ter sales per formance management goals

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

An effective approach to preventing application fraud. Experian Fraud Analytics

The Facets of Fraud. A layered approach to fraud prevention

Identity Theft and Tax Administration

Stay ahead of insiderthreats with predictive,intelligent security

INTRODUCTION. Identity Theft Crime Victim Assistance Kit

Selecting the right cybercrime-prevention solution

How To Create An Insight Analysis For Cyber Security

Credit arrangements can be formal or informal. The three most common types of credit used by consumers are described below.

Knowing your customers and their customers and their customers and so on and so on

IBM Analytical Decision Management

HOW TO DETECT AND PREVENT FINANCIAL STATEMENT FRAUD (SECOND EDITION) (NO )

Now is the time for a fresh approach to detecting fraud

IBM Security X-Force Threat Intelligence

Financial Services Regulatory Commission Antigua and Barbuda Division of Gaming Customer Due Diligence Guidelines for

Network Security & Privacy Landscape

Bo Holland is the Founder & CEO of AllClear ID with deep expertise in Identity theft prevention, security, and technology

Gaining the upper hand in today s cyber security battle

CATCH ME IF YOU CAN: THE IRS IMPERSONATION SCAM AND WHAT IS BEING DONE ABOUT IT

How to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised

THE CHANGING FACE OF IDENTITY THEFT THE CURRENT AND FUTURE LANDSCAPE

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

FREE YOUR MIND Can You stop Identity Theft?

Preemptive security solutions for healthcare

Achieving customer loyalty with customer analytics

AML & Mortgage Fraud Compliance Program v ANTI-MONEY LAUNDERING & MORTGAGE FRAUD COMPLIANCE PROGRAM

An Oracle White Paper October An Integrated Approach to Fighting Financial Crime: Leveraging Investments in AML and Fraud Solutions

IBM Security re-defines enterprise endpoint protection against advanced malware

IBM Security Intrusion Prevention Solutions

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

Afni deploys predictive analytics to drive milliondollar financial benefits

Safeguarding the cloud with IBM Dynamic Cloud Security

CPN (Credit Privacy Number) How to Set Up & Use You re Credit Privacy Number

Data-driven government: Challenges and a path forward

Important Information about your TD Credit Card Cardholder Agreement

Important Information about your TD Credit Card Cardholder Agreement

PROTECTING YOURSELF FROM IDENTITY THEFT. The Office of the Attorney General of Maryland Identity Theft Unit

DMACC IDENTITY THEFT- RED FLAGS PROCEDURES

Child Identity Theft Education Kit

Prepared by Sgt. Gibbs, Thomas B

MARYLAND IDENTITY THEFT RANKING BY STATE: Rank 10, 85.8 Complaints Per 100,000 Population, 4821 Complaints (2007) Updated January 29, 2009

FICO Enterprise Fraud and Security Management. > Protection with a holistic view.

716 West Ave Austin, TX USA

Warranty Fraud Detection & Prevention

Making critical connections: predictive analytics in government

on behalf of the National Retail Federation before the

Transcription:

IBM Analytics IBM Red Cell and Turnkey Risk Solutions Synthetic identity fraud: Can I borrow your SSN? Who else might be using your Social Security number and why?

2 Synthetic identity fraud: Can I borrow your SSN? Contents 2 Executive summary 3 Synthetic identity fraud defined 3 Evolution of conventional fraud 5 Anatomy of the scheme 8 Uses for synthetic identities 10 Impacted industries 13 Implications of synthetic identity fraud 14 Challenges to limiting synthetic identity fraud 15 Solutions 16 For more information Executive summary Synthetic identity fraud made major headlines as far back as 2007, when The Borrower Who Never Was ran on the front page of the Wall Street Journal. 1 The article detailed the criminal activity of two individuals who were managing as many as 500 fake personas in 200 apartments in 14 states. In 2013, 18 individuals were initially indicted for running a $200 million credit card scam that created 7,000 new identities. These stories are clear examples of how synthetic identity fraud is growing as an area of concern. Synthetic identity fraud is more pervasive than most people are aware. Synthetic identities are used to obtain financial services, medical benefits, insurance and rental housing, among other things. Additionally, organized crime and terrorist groups are realizing the benefits that the anonymity of synthetic identities can bring to their operations. Because children do not have public database records, their social security numbers are ideal for creating synthetic identities. This paper is a primer for understanding synthetic identity fraud. It defines synthetic identity fraud, describes its evolution, explains how it works and what the identities are being used for, identifies the industries being impacted and shows who is most commonly targeted and why. It also highlights some of the challenges and the ramifications associated with this fraud type.

IBM Analytics 3 Synthetic identity fraud defined Synthetic identity fraud (SIF) is a fraud that involves the creation of a fictitious identity. New identities are manufactured with a combination of real and fabricated information. In this type of scheme, a fraudster will use a valid and issued Social Security Number (SSN) and combine it with a new name at a different address. Many organized fraud rings target SSNs that are not actively being used, such as those of children, the elderly and other vulnerable populations. These fictitious identities can be used to apply for credit, open deposit accounts, purchase insurance policies, enroll in medical benefits and even obtain driver s licenses and passports. SIF is sometimes referred to as synthetic identity theft, but this is a misnomer. To commit SIF, an individual steals your SSN and no other parts of your identity. It differs from identity theft (ID theft) because a fraudster will assume the victim s identity. In an ID theft scenario, all of the victim s personally identifiable information (PII) is stolen and used to obtain credit or used for other unauthorized purposes. Classifying synthetic identity fraud as synthetic identity theft is misleading because the fraudster is not trying to impersonate the victim; they are just using the victim s SSN. Evolution of conventional fraud Fraud has traditionally been viewed from a consumer-as-thevictim perspective, otherwise known as third-party fraud. In third-party fraud, perpetrators target consumers information and defraud businesses of money by means of various methods, such as counterfeit checks, identity theft and social engineering schemes in the victim s name. Usually, financial institutions absorb the losses on behalf of their customers. Over the last 10 years, fraud behavior has shifted noticeably. Although third-party fraud is alive and well, fraud is dynamic and, as more robust controls were put in place, a new credit fraud hybrid emerged. This type of fraud is called first party fraud, in which the business is the victim, occurs when an organization is being targeted by a customer who applies for and accepts goods, services or both with the intention to commit fraud. The growth of first-party fraud adds another level of complexity to the overall fraud landscape. The growth of first-party fraud can be attributed to advances in technology, consumer awareness and recent changes in the regulatory environment. Fraudsters and organized crime groups skillfully use technology and laws designed to enhance the customer experience to their own advantage.

4 Synthetic identity fraud: Can I borrow your SSN? Advances in technology Technological advances over the past two decades have served to enhance the customer experience. For example, automated credit decision tools have enabled consumers to obtain credit decisions in seconds. The widespread use of the Internet and rapid adoption of new technology has increased speed and convenience while significantly reducing the need for face-to-face interactions. The anonymity of these new channels has made it even easier for fraudsters to purchase goods and transfer money without leaving their homes. Consumer awareness Prior to the 1990s, credit was considered a privilege not a right. The underwriting process was comprehensive and time consuming. Credit scores did not play a significant role in the final decision. Over the years, many industries have begun relying on credit scores to expedite consumer credit approvals and set interest rates. Credit scores can even be used in the employment hiring process. As a result, consumers have become more credit savvy. They have a better understanding of how credit works, the importance of good credit and how it impacts them in the marketplace. Many institutions, vendors and consumer advocacy groups provide in-depth explanations of ways to improve their scores, protect their information and more. The fraudsters use this information to reverse engineer controls and help formulate their attacks. Regulatory environment Perhaps nowhere does the law of unintended consequences present itself better than with legislation aimed at helping consumers. Consumer protection initiatives such as privacy legislation, USA Patriot Act (know-your-customer), FACTA (help for ID theft victims), Dodd-Frank (ability to pay) and the newly created Consumer Financial Protection Bureau (CFPB) were all designed to benefit consumers. The financial crisis that began in 2007 created a huge supply of consumers who were seeking debt management and credit repair services. Organized crime groups inserted themselves into that supply by offering easy ways to fix bad credit that use authorized user schemes and selling new identities to obtain credit. Evidence shows that fraudsters behind synthetic identities are using the newly created CFPB to their advantage and filing complaints with the Offce of the Comptroller of the Currency (OCC) to help keep banks at bay. The very laws and agencies that are designed to help consumers also make it easier for the perpetrators to navigate and manipulate the financial system.

IBM Analytics 5 Anatomy of the scheme A scheme for creating a synthetic identity has five steps (Figure 1). Figure 1: The synthetic identity creation process. Source: Turnkey Risk Solutions

6 Synthetic identity fraud: Can I borrow your SSN? Step 1: Select and screen the SSN The first step in the process of creating a synthetic identity is to screen the SSN. The fraudster identifies an SSN and then verifies that the number is valid and has been issued by the Social Security Administration (SSA) prior to use. This selection and screening are accomplished in a number of ways: Trial and error by the fraudsters Various websites that offer this as a free service with daily limits Subscriptions to large data aggregators that have fee-based products for verification Internal employees with access to PII (for example, employees in financial services, healthcare, insurance, education and more) Reverse engineering of the SSA s algorithm for issuing SSNs Potential exposure of SSNs caused by massive data breaches Essentially, the ways to get access to this data are numerous and no one common point of compromise or failure exists. Step 2: Create and screen the synthetic identity The next step is to create an identity to associate with the screened SSN. The fraudsters take the SSN and add a name, date of birth and an address they control. After they have created the PII elements associated with the valid SSN, they screen the identity. One way of screening is to submit an application for any product or service. This check accomplishes several things: It validates that the SSN isn t being used by someone with a similar name or in a close geographical proximity. The validation is to ensure that the new identity does not get comingled with any others already associated with the same SSN. It creates a record for that new identity to be validated against in the future. It enables the fraudsters to check the SSN against the Offce of Foreign Asset Control (OFAC) list and other negative files to assure that no additional red flags are associated with that number prior to its use.

IBM Analytics 7 Step 3: Establish a public database record After the identity has been vetted, they establish a public history. Public database records include: credit files, phone and utility records, social media profiles and more. A public history can be accomplished in a number of ways: Establish individual accounts for the new identity with legitimate merchants. Have the new identity added to an existing account. Pay a fee to a company that can supply fabricated credit references with established good payment history. Create a profile for the new identity in social media networking sites. Step 4: Manage the public profile records After the public profile is established, the fraudster keeps a vigilant watch on its payment history, credit score and public persona. The newly created identity enhances its appearance of legitimacy by mimicking the behaviors of the best customers. The enhanced record presents the synthetic identity as relatively low risk, which in turn affords more access to products and services typically with higher credit limits for the perpetrator. By adopting these patterns fraudsters can circumvent the existing control infrastructure and effectively hide in plain sight. Of importance is the fact that many of the current fraud and credit tools verify consistency of the information. They do not validate the data. Step 5: Commit the fraud The fraud can be committed in a number of ways. Here are just a few examples: Credit bust out. Accounts are established to try to extract the maximum amount possible from institutions, retailers, auto lenders and more. Sleeper accounts. These accounts have multiple variations: Accounts that are established for years with good behavior before any losses are incurred Accounts that are dormant for a long period before being activated and result in an immediate default Dormant accounts that are sold for use by others First Pay Defaults. These accounts are fully utilized as soon as they are established and never make a single payment. No timeframe or manner is set for any of this fraud to occur. It all depends on the purpose for which the identity has been established. Some might lie in wait and never default; this is typical in the case of undocumented immigrants who just need credit or the use of pollinator accounts by organized groups so they can continue to facilitate other potential synthetics. Even in organized syndicates, the timeframe is contingent on the purpose for that identity.

8 Synthetic identity fraud: Can I borrow your SSN? Uses for synthetic identities Synthetic identities have three primary uses: fraud for living, credit repair services and organized criminal activity. Fraud for living Some of the earliest synthetic identities date back to the 1980s in the undocumented immigrant community. Individuals who immigrated to the US without proper identification created synthetic identities as a means of living in an increasingly credit-based society. An SSN is required to obtain employment, housing, utilities and more, and their actions were motivated out of necessity rather than profit. Typically, individuals in this category have every intention of paying their obligations. Fraudsters appear to have taken notice and used this technique to further their criminal efforts. Credit repair services In recent years, economically challenged people have used credit repair services to legitimately resolve their negative history. Services that help consumers restore their credit rating over time are not a typical area of concern. However, when credit repair services recommend using a false SSN, there is cause for alarm. Credit repair services that are an issue are those that promote the use of a new SSN to establish a new credit file that conceals negative history and artificially inflates credit scores. Individuals can use credit repair to accelerate the timeline in which they can become credit worthy again by means of an SSN that does not belong to them. Attaching their names to existing accounts with a different SSN enables them to qualify for credit individually again in days or weeks rather than the traditional months or years. In essence, using a new SSN is a scam that creates a clean slate for the consumer and hides the true risk of the individual to the prospective lenders or businesses. Organized criminal activity Organized crime groups (OCGs) and gangs have found an easier, less risky way to make money with SIF. Existing networks can execute SIF on a massive scale because of their size and sophistication. Figure 2 shows the size and scope of one OCG and its SIF operation. In 2013, initially 13 people were arrested on charges related to stealing more than $200 million by creating and using thousands of synthetic identities.

IBM Analytics 9 Figure 2: The large-scale SIF operation of 2013. Source: Turnkey Risk Solutions

10 Synthetic identity fraud: Can I borrow your SSN? According to the U.S. Attorney in the District of New Jersey, the scheme involved a three-step process in which the defendants would: Make up a false identity by creating fraudulent identification documents and a fraudulent credit profile with the major credit bureaus. Pump up the credit of the false identity by providing false information about that identity s creditworthiness to the credit bureaus. Believing the furnished information to be accurate, the credit bureaus would incorporate this material into the false identity s credit report, thereby making it appear that the false identity had excellent credit. Run up large loans using the false identity. The higher the fraudulent credit score, the larger the loans that the defendants could obtain. These loans were never repaid, and the defendants reaped the profits. 2 Beyond organized fraud groups operating for profit exists a much more serious risk: terrorist groups are now using synthetic identity schemes to launder money, fund terrorist activities and create logistical advantages by means of the anonymity created by synthetic identities. According to financial crime expert Dr. Kalyani Munshani, Using synthetic identities, safe houses can be established, cars can be rented, heavy vehicles can be bought, international travel can be facilitated, restricted goods can be bought without any flags being raised. 3 OCG communities have traditionally stayed very segregated. Different groups usually mastered a singular fraud type and didn t share their expertise or knowledge with other groups. However, now these groups have begun to collaborate in ways that hadn t been seen in the past. OCGs are working together and forming strategic partnerships to enable the creation and liquidation of synthetic identities on a mass scale to avoid detection. OCG synthetic identity operations have become extremely sophisticated and organized. New groups are now committing this fraud as street gangs become involved in this once white collar crime. Impacted industries SIF is complex and pervasive. Many individuals consider it to be purely a financial services industry issue. It is a significant issue for financial institutions, but it is also problematic for many other industries. For most industries, the biggest issue is the amount of losses associated with this type of fraud, but some impacts have more dire consequences.

IBM Analytics 11 Financial services The topic of synthetic identities is becoming more common in the financial services industry. The fraudster will target nearly every product available for consumers and businesses. The products can be used to extract funds for financial gain, help finance the fraud operations, and launder their proceeds. Some scenarios include: Auto. The fraudsters use a synthetic identity to purchase multiple vehicles from different dealerships on the same day or over a period of a few days and then have them shipped overseas. The vehicles can be new or used cars, personal recreational vehicles, heavy equipment and more. Deposit accounts. The fraudsters open accounts with a synthetic identity to send and receive funds to different individuals and merchants to launder money. Merchant services. Synthetic identities can be used to establish merchant terminals to process bogus transactions. Mortgage. During the mortgage lending boom, the number of synthetic identities that purchased housing and property to be used for living or to conceal proceeds from fraud increased. Student loans. Synthetic identities have created student profiles to obtain funding for student programs in which they weren t actually enrolled. Government services Federal program funding is also being targeted by fraud groups. The Medicare and Medicaid programs are good examples. According to a Forbes op-ed, In 2010 the Government Accountability Offce (GAO) released a report claiming to have identified $48 billion in what it termed as improper payments. That s nearly 10 percent of the $500 billion in outlays for that year. However, others, including U.S. Attorney General Eric Holder, suggest that there is an estimated $60 to $90 billion in fraud in Medicare and a similar amount for Medicaid. 4 Of course, not all of the fraud is related to synthetic identities, but synthetic activity is evident in fraudulent claims, improper billings, phantom pharmacies and the like throughout the system. Medicare and Medicaid are not the only federal targets; nearly every US public assistance program, along with the IRS, SBA and FEMA, have seen indications that SIF is present. Healthcare In healthcare, synthetic identity fraud is more than a financial loss issue. Many organizations are moving to electronic medical identities, which are based primarily on a person s SSN. If more than one individual is associated with the same SSN, as is often the case with synthetics, the result can be confusion in the medical records and, potentially, life threatening complications.

12 Synthetic identity fraud: Can I borrow your SSN? Insurance Insurance providers are also susceptible to SIF. The fraudsters obtain auto loans, as previously mentioned, with synthetic identities. In some cases, they ship the vehicles overseas and then make false stolen vehicle claims. For vehicles that remain in the US, they might claim it was stolen to the insurance provider and wash the title of the vehicle and transfer it to another person. In other cases, fraudulent claims are made about damage from staged accidents or other incidental damage. Vulnerable populations Anyone s SSN can be used to create a synthetic identity, but some populations are more often targeted than others. The SSNs of individuals in vulnerable populations such as minors, elderly and indigent persons are preferable. These populations tend to have less of an established public presence. Minors Studies by Carnegie Mellon s CyLab and All Clear ID have found that children s SSNs are 30 to 52 times more likely to be used in SIF than adults for the populations studied. Each organization clearly stated that its findings could not be extrapolated to the general population, but the threat to minor children is evident. 5 Children s SSNs are a primary target because they are pristine. Limited-to-no public database records are associated with their numbers, which essentially gives the fraudsters a blank slate. They can then use these numbers to create new identities without having to contend with any pre-existing data in the public domain. The younger the child, the longer it will be until he or she uses the number, thereby providing a longer lead time for the fraudster. In a conventional fraud scenario, the fraudster is working against a proverbial clock because it is only a matter of time before the true owner realizes their information has been compromised, but with minors that time frame can be significantly extended for years or even over a decade. The fraud might be discovered by a parent if they are applying for a custodial account and the institution already has a relationship with a customer with the same SSN or when the minor becomes of age and begins to experience issues when seeking accounts or services on their own. The true impact of the use of stolen minor s SSNs has been increasing over the last 10 years. The issue will be exacerbated because of a recent data breach in which tens of millions of minors SSNs were exposed. Elderly and indigent The elderly and indigent have traditionally been victimized by fraudsters. The elderly population in the US is growing. As more baby boomers grow older, they will require more assistance and care, which leaves them susceptible to having their SSN compromised. Homeless individuals and college students with little cash are also being solicited by fraudsters to sell their SSNs without fully understanding the ramifications.

IBM Analytics 13 Implications of synthetic identity fraud The size of the SIF business is estimated to be in the billions of dollars per year in North America. In a CBC news online story about synthetic fraud, John Russo of Equifax said that monthly case volumes are in the thousands as compared to five years ago when they saw about 100 per month. 6 Organizations often do not differentiate between SIF and identity theft when measuring their losses. If they did, they would quickly see that SIF is dramatically increasing.

14 Synthetic identity fraud: Can I borrow your SSN? The majority of individuals likely don t understand the full scope of SIF and how synthetic identities are being used. Manipulation of the credit system can impact an individual s credit score, and information in a credit bureau report affects things such as credit interest rates, insurance pricing, rental housing and employment. A synthetic identity can be used to raise capital, launder money, obtain identity credentials, travel under a fake names, avoid association with known negative lists and files and much more. SIF undermines legislation designed to protect US citizens. Synthetic Identities can also undermine the economy by extracting funds that leave the country and can ultimately be used against the US. Many organized crimes groups use the proceeds raised from synthetic identities to further their criminal activities. Some of those activities can include: illegal drugs, human traffcking, violent crime and potential terrorist financing operations. Challenges to limiting synthetic identity fraud The challenges involved in solving the problem of SIF are numerous. They range from how or if it is defined, organizational and industry silos, satisfying the customer experience and regulatory issues, to name a few. The complex and ambiguous nature of these fraud schemes work to the benefit of the fraudsters. Perhaps one of the biggest hurdles in limiting SIF is the lack of a uniform definition for it in financial services and other impacted industries. These schemes are specifically engineered to capitalize on the vulnerabilities that exist in the fraud and credit controls infrastructure. The absence of a generally accepted industry-wide definition makes the issue diffcult to track and quantify, thereby making it even more diffcult to detect. Additionally, reporting is not standardized for this hybrid credit and fraud type. Many organizations experience internal silos in their communication and processing. Fraudsters effectively exploit and target these communication gaps. Increased pressure for a positive customer experience contributes to the diffculty of limiting SIF. The customer s satisfaction is obviously very important for financial institutions, but it is not limited to them. Social media has become a very powerful tool; every major business closely monitors public perception and opinion. The fraudsters are acutely aware of this and prey on companies by exploiting this channel. Consumers expect fast decisions and want instant access to goods and services. Focusing on speed and immediate results has led to automated score-based controls that do not require human intervention throughout the process. More robust screening controls can significantly slow down the process in many cases because it requires a manual review or human interaction. These types of controls tend to cause friction with the customer and can cost companies market share so businesses will accept a certain level of losses in order to satisfy the majority of their good customers. Much of the consumer protection legislation that exists today is being manipulated by the fraudsters. They have studied the laws and found ways to use them to perpetuate their schemes. For instance, regulatory issues pertaining to privacy laws exacerbate the problem. Current privacy laws meant to protect legitimate consumers actually limit the ability of financial institutions and other industries to share

IBM Analytics 15 information about synthetic identities. If an organization has a confirmed fraud case related to a suspected synthetic identity, the ability to communicate that information to other businesses is tightly restricted. The fraudsters can go from financial institution to financial institution or industry to industry to perpetuate their fraud schemes. The fraud and credit controls infrastructure is complex and has many moving pieces. Forensic analysis has proven that many organized groups have studied the existing controls and have a comprehensive understanding of how the control infrastructure works. They have become fluent in the entire credit process: how it works, consumer rights, business practices, interrelationships with other industries, legislation and the governing agencies. They have tailored their schemes specifically to exploit the gaps and vulnerabilities in today s processes. Organized fraud groups have proven to be extremely resourceful by also sharing or selling their secrets to other individuals and groups to further capitalize on what they have discovered. Solutions No comprehensive solution to prevent and detect SIF is currently available. SIF causes substantial operational and credit losses. It erodes consumer confidence and poses significant reputational risk, both of which could potentially destroy a brand s image. Under the current controls infrastructure, preventing a synthetic identity from being created from a compromised SSN is not possible. Additionally, after a synthetic identity is created, resources that will detect the presence of that false identity are very limited. Current consumer identity theft tools do not provide protection against SIF. A new, holistic approach is needed to not only handle, but also anticipate and respond proactively to this threat. IBM and Turnkey Risk Solutions (TRS) have combined their expertise to analyze and provide solutions to help mitigate losses in multiple industries. The IBM Counter Fraud Management tool is a single next-generation integrated solution that addresses all phases of enterprise counter fraud. The TRS team is widely acknowledged throughout the financial services industry and by US federal and local law enforcement agencies as subject-matter experts for first-party fraud. Figmentum is their premier solution suite, which contains algorithms that target organized fraudulent behaviors throughout the customer lifecycle. Additionally, greater collaboration in the financial services, retail and utilities industries, among others, is needed to help slow the growth of SIF. Guidance from regulatory agencies is needed to help ease some of the restrictions that currently inhibit the flow of information between victim organizations. More specifically, the SSA should join forces with private industry stakeholders and law enforcement to enhance existing SSN verification procedures to create a more streamlined, real-time process to aid SIF detection without breaching consumer confidentiality.

For more information To learn more about IBM Red Cell, IBM s Advanced Threat, Fraud, and Financial Crimes Intelligence team go to securityintelligence.com/redcell. And to learn more about IBM s Smarter Counter Fraud initiative, please contact your IBM marketing representative or IBM Business Partner, or visit the following website: ibm.com/smartercounter fraud. To learn more about Turnkey Risk Solutions, visit the following website: www.turnkeyrisk.com. Authors Steven D Alfonso, IBM Red Cell Anissa Roney, Barbara Simcox and Amy Walraven, Turnkey Risk Solutions Copyright IBM Corporation 2015 Copyright Turnkey Risk Solutions 2015 IBM Corporation New Orchard Road Armonk, NY 10504 Produced in the United States of America March 2015 IBM, the IBM logo, and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at Copyright and trademark information at www.ibm.com/legal/copytrade.shtml. This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED AS IS WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANT ABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NONINFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. 1 The Borrower Who Never Was, 2007. Wall Street Journal, 29 Oct. http://www.wsj.com/articles/sb119362045526074445 2 Jewelry Store Owner Admits Role in International, $200 Million Credit Card Fraud Scheme, 2014, fbi.org, 20 June. http://www.fbi.gov/newark/ press-releases/2014/jewelry-store-owner-admits-role-in-international-200 million-credit-card-fraud-scheme 3 Suspected terrorist links to synthetic ID fraud are being ignored, 2014. CBC News, 4 March. http://www.cbc.ca/m/touch/news/story/1.2557677,. 4 Merrill Matthews, 2012. Medicare and Medicaid Fraud Is Costing Taxpayers Billions, Forbes, 31 May. http://www.forbes.com/sites/ merrillmatthews/2012/05/31/medicare-and-medicaid-fraud-is-costingtaxpayers-billions/2/ 5 Richard Power, 2011. Child Identity Theft. Carnegie Mellon CyLab. https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&c ad=rja&uact=8&ved=0ccyqfjaa&url=https%3a%2f%2fwww.cylab. cmu.edu%2ffiles%2fpdfs%2freports%2f2011%2fchild-identity-theft.pd f&ei=udmgvdxogifeggtcvyk4cg&usg=afqjcnfztlddw2chswj 76rxEPOzbVj6Xcw&sig2=_EGBjmWghJQNrWyWwlylNg&bvm=bv.881 98703,d.eXY 6 How synthetic identity fraud costs Canada $1B a year, 2014. CBC News-Canada, 3 Mar. http://www.cbc.ca/news/canada/how-syntheticidentity-fraud-costs-canada-1b-a-year-1.2554429 Please Recycle YTW03410-USEN-00

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information