Industry Reaches Key Milestone in Fight Against Synthetic Identity Fraud, But Many Challenges Remain

(New York, NY):  A new banking reform law will help fight synthetic identity fraud, but the industry now faces an even bigger hurdle: a complex implementation process fraught with potential pitfalls and delays.

The law, signed by President Donald Trump this spring, will allow credit card issuers and other lenders to verify applicants’ identity information in near-real time using electronic signatures. Under the current process, financial institutions must obtain an applicant’s written consent to validate their information with the Social Security Administration (SSA), a process that can take days or weeks.

Modernizing the SSA’s system has long been viewed as key to thwarting synthetic identities, which use bogus Social Security numbers to apply for credit and disproportionately target children, seniors, and other vulnerable populations. The Federal Trade Commission reported nearly 14,000 cases of identity theft among minors in 2017, and synthetic identity fraud costs lenders up to $6 billion dollars each year according to Auriemma Group’s 2016 analysis.

“A practical identity verification system is the holy grail when it comes to fighting synthetics, and recent developments now open the door to real progress with the SSA,” said Ira Goldman, who leads Auriemma’s portfolio of fraud control roundtables, an information-sharing and benchmarking platform for top lenders.

Still, while the legislation promises to combat the human and financial toll of synthetic identity fraud, several obstacles stand in the way of implementation. The new law, which will require complex technical requirements across dozens of financial institutions, has no official implementation date, and the cost of the new system remains to be seen. The SSA has stated that it will not begin the necessary work until it secures at least 50% of funding from the users of the database.

Perhaps more importantly, few case studies exist as a model for implementing such a large and complex system. A comparable service required under the Military Lending Act took the Department of Defense more than two years to implement. The SSA’s system, which will handle high volumes of daily inquiries when it becomes operational and is arguably more complex, could take even longer.

The SSA has begun meeting with lenders to estimate inquiry volume and the cost of the new service. The agency took a similar approach when it created its existing consent-based verification system in 2002, asking a pilot group of banks to estimate their usage and collecting seed money upfront. But financial institutions are concerned that this process could take too long, and that the end product will be less effective without involvement from a large, diverse group of banks.

“Financial institutions must provide input in a coordinated manner to ensure the program meets their needs and the needs of consumers,” Goldman said. “It would be detrimental to both consumers and the industry if the system under development doesn’t work as intended or takes years to implement.”

The industry is working to assemble a coalition to support the implementation process and secure funding for the new system. Data gathering will be a critical first step to estimate the cost of synthetic identity fraud and the required system upgrades. As the industry mobilizes, Auriemma will continue to collect and analyze lender data to estimate the prevalence of synthetic accounts and financial losses to the industry.

For more information about synthetic identity fraud or the Protecting Children from Identity Theft Act, contact Ira Goldman at 212-323-7000.