CEO and Co-Founder of DataVisor, the leading fraud detection company with solutions powered by transformational AI technology.
Identity crimes are on the rise, and preventing them is a more complex problem than you may think. There’s a new victim of identity theft every two seconds, and consumers lost more than $56 billion to identity theft and fraud in 2020 alone.
Most banks and merchants encourage identity theft prevention tactics such as changing passwords and monitoring credit reports to minimize the risk of identity theft — and these are indeed helpful. Similarly, banks and merchants often rely on data from credit bureaus to reduce the risk of approving fake applications and fraudulent transactions. But in the digital realm, there’s a lot more to preventing identity fraud than cross-checking personally identifiable information (PII).
While identity theft and fraud are related, they’re not equivalent, which means that relying solely on PII and credit bureau data to verify someone is who they say they are is a dangerous — and incomplete — approach.
Synthetic Identities Evade Credit Bureau Verifications
Using personal and credit bureau data to verify identity only addresses a very limited range of potential identity crimes. Fraudsters often steal personal information of legitimate customers and use it to take over accounts and commit crimes, but they can also create completely synthetic identities from scratch. They may combine pieces of legitimate user data — such as a social security number — with fake information to create a false but seemingly valid identity, then apply for loans or credit cards to receive funds with no intention of repaying the lender.
Some fraudsters engage in “piggybacking” where they add a fake identity as an authorized user on a legitimate account. Or they create what’s called a “Frankenstein identity” — a fake identity that slowly builds credit before applying for bigger loans. Take, for example, Notre Dame Federal Credit Union in South Bend, Indiana, which reviewed and approved an online loan application by doing the typical background check and credit score verification. In this case, fraudsters used real social security numbers to open accounts and build credit over time, reaching FICO scores of 800 or more. The bank was quick to approve the loans, and abruptly, payments ceased. Only after analyzing all of the data holistically was the error uncovered.
That’s why you can’t just rely on PII and bureau data; you need more information to distinguish between legitimate and fraudulent users. In the absence of physical clues, there’s no way to tell for sure if you’re dealing with a real person or if the identity is stolen or completely fake.
So, What’s The Right Approach?
While individual data points can be weak and insufficient for determining whether a user is legitimate or using a stolen or synthetic identity to commit a crime, analyzing multiple signals together using advanced machine learning algorithms is a powerful way to uncover fraud. Comprehensive solutions must also leverage graphing tools to enable fraud teams to understand relationships between various signals and data points and spot connections that would otherwise be impossible to make.
For example, Google’s Shopping Graph is a real-time data set that connects shoppers with product listings from various merchants. Then, it applies AI and machine learning algorithms to serve up relevant listings and ads as users shop. Without the AI-powered graph, highly accurate targeting wouldn’t be possible.
Similarly, a comprehensive approach to preventing identity theft will gather data from a broad array of sources — credit bureau data, PII, user behaviors, online activities and more — and plot them on a graph. Digital fingerprint data — a mix of device data related to device type and location, including network signals such as IP and MAC addresses — can be used to identify threats from device manipulations and bot traffic, especially when fraudsters are targeting mobile apps. (Digital fingerprints shouldn’t be confused with digital identities, which consist of PII and other data about an individual such as personal information, medical history, online searches and activities, and more.) Advanced machine learning algorithms and features engineering can then be used to correlate various data points on the graph and surface suspicious patterns.
For example, a graph might reveal that multiple users (identities) share a common digital fingerprint, which could indicate a fraudster is manipulating a device — even if the users seem perfectly legitimate. Without the ability to uncover those connections, fraudsters could slip through unnoticed. Such graphs can leverage data intelligence to further enrich the data, leading to more insights and a higher degree of detection accuracy.
To be truly effective, graphing tools must be flexible and able to perform identity resolution. Explainability is also a key characteristic so that it’s easy to prove the validity of the decision to allow or deny a transaction.
Fraud Is Multidimensional — And Your Solution Should Be, Too
Some identity solution providers tend to over-exaggerate the effectiveness of using just identity data for fraud prevention. But at the same time, we can’t underestimate the importance of those signals for solving the puzzle of identity theft.
While relying on information such as bureau data or digital identity data alone is an unreliable approach, all data can be analyzed collectively to understand relationships between the data points and signals to help fraud teams spot potential threats in real time. A multidimensional approach — one that takes into account signals across the entire account life cycle and leverages advanced techniques such as AI and graphing — can connect the dots between and among all of the available data, uncover known and unknown patterns, and reliably detect and prevent identity fraud.