The bipartisan financial regulatory bill that passed the Senate in March contains a largely overlooked provision that could go a long way toward helping banks and credit unions better spot a fast-growing form of borrower fraud.
The legislation includes a little-noticed measure that would make it harder for criminals who use real Social Security numbers to create fake personas, which they subsequently employ to apply for credit.
In some cases, fraudsters have used these synthetic identities to open hundreds of credit card accounts and steal hundreds of thousands of dollars. The schemes can also cause substantial problems for the individuals whose Social Security numbers get stolen.
Analysts say that the incidence of synthetic identity fraud has been increasing by at least 30% per year.
Several factors are driving the trend.
For one, the vast amount of stolen consumer data that can be found online enables criminals to piece together information about real Americans in order to create fictitious personas. In addition, efforts to crack down on more traditional forms of fraud have led bad actors to look down more promising alleyways.
Moreover, the Social Security Administration started issuing randomized numbers in 2011 — previously, the first few digits were linked to geography — which has made it harder for lenders to detect this type of fraud.
The 2011 policy change has led fraudsters to rely on Social Security numbers issued within the last seven years. One result is that the individuals victimized by synthetic identity fraud are often children or immigrants. In the case of kids, it may take years to detect that their Social Security numbers have been compromised, since they do not use those nine-digit numbers on a regular basis.
In one case from May 2017, a South Carolina man was accused of using synthetic identity information to submit more than 750 new credit card applications, obtaining more than $340,000. The cards sometimes had credit limits as low as $100.
Experts say that fraudsters are often playing a long game, in which they plan to steal larger sums over time as their credit limits get increased.
“It’s been costing banks billions of dollars and countless hours,” said Paige Schaffer, president of the identity protection unit at Generali Global Assistance. “They’re really chasing down people that don’t exist.”
The recently passed Senate bill would make upgrades to a database maintained by the Social Security Administration, which financial institutions can check to determine if the name provided on the credit application matches the Social Security number.
Today the database gets relatively little use, since lenders are required to submit an authorization form that includes the borrower’s handwritten signature. That process is too clunky for credit card issuers and online lenders that are looking to make credit decisions quickly.
Under the pending legislation, lenders would be allowed to obtain an electronic signature from consumers. That change would speed up the authorization process and would likely lead to much more widespread use of the database by consumer lenders.
“I think it’ll put a massive dent in the problem going forward,” said Keir Breitenfeld, vice president of decision analytics at the credit reporting firm Experian.
The measure, which is part of a legislative package that could get a vote in the House of Representatives later this month, has been pushed by the U.S. credit card industry.
Synthetic identity fraud is responsible for up to 5% of charged-off accounts and up to 20% of consumer credit losses, according to an analysis last year by Auriemma Consulting Group.
David Nelms, the CEO of Discover Financial Services, said in an interview that the legislative proposal on synthetic identity fraud may be even more beneficial to his $100.7 billion-asset company than a much-debated provision in the same bill that would reduce regulatory scrutiny on Discover and other midsize banks.
“We don’t have a really good way of checking Social Security number databases,” Nelms said. “That has become a huge issue for the industry.”
The legislation was sponsored by Sen. Tim Scott, R-S.C., and its co-sponsors included Democratic Sens. Claire McCaskill of Missouri and Gary Peters of Michigan.
The thorniest issue that Scott needed to resolve during the legislative process was how to pay for the database upgrades without any cost to taxpayers.
The measure passed by the Senate would assess a one-time sign-up cost to banks and credit unions, as well as a fee each time they check the database. The Social Security Administration would not make the upgrades until it has collected a reserve of funds from the financial industry, which suggests that the proposal’s implementation may be a couple of years away.
“This upgrade to Social Security Administration procedure is a commonsense and effective way to cut down on synthetic ID fraud and help prevent millions of people from having their identity stolen,” Scott said in a March press release.
A spokeswoman for the Social Security Administration said that the agency does not comment on pending legislation.