Five ways enterprises can stop synthetic identity fraud with AI

Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More


On pace to defraud financial and commerce systems by nearly $5 billion by 2024, synthetic identity fraud is among the most difficult to identify and stop. Losses amounted to 5.3% of global digital fraud in 2022, increasing by 132% last year.

 Sontiq, a TransUnion company, analyzed publicly available data to compare 2022 data breach volumes and severity to previous years. TransUnion writes, “These breaches have played a key role in helping to fuel an explosion in identity engineering, with synthetic identities becoming a record-setting problem in 2022. Outstanding balances attributed to synthetic identities for auto, credit card, retail credit card and personal loans in the U.S. were at their highest point ever recorded by TransUnion — reaching $1.3 billion in Q4 2022 and $4.6 billion for all of 2022.” 

All forms of fraud devastate customers’ trust and willingness to use services. One of the significant factors is that 10% of credit and debit card users experienced fraud over 12 months.

Pinpointing synthetic identity fraud is a data problem

Attackers harvest all available personally identifiable information (PII), starting with social security numbers, birth dates, addresses and employment histories to create fake or synthetic identities. They then use them to apply for new accounts that many existing fraud detection models perceive as legitimate.

Event

Transform 2023

Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.

Register Now

A common technique is concentrating on identities with widespread first and last names, which makes attackers less conspicuous and challenging to identify. The goal is to create synthetic identities that blend into the broader population. Attackers often rely on multiple iterations to get synthetic identities as unassuming and unnoticeable as possible. Ages, locations, residences and other demographic variables are also blended to further fool detection algorithms.

McKinsey undertook a multistep methodology to identify synthetic identities. The company gathered 15,000 profiles from a consumer-marketing database combined with nine external sources of information. The study team then identified 150 features that served as measures of a profile’s depth and consistency that could be applied to all 15,000 people. An overall depth and consistency score was then calculated for each ID. The lower the score, the higher the risk of a synthetic ID.

<em>Identifying synthetic identities by scoring the depth and consistency of profile data across sources helps differentiate low-consistency/low-depth and high-consistency/high-depth profiles. Source: <a href="https://www.mckinsey.com/business-functions/risk-and-resilience/our-insights/fighting-back-against-synthetic-identity-fraud#:~:text=Digging%20deep%20into%20the%20data,this%20fast%2Dgrowing%20financial%20crime.">McKinsey &amp; Company.</a>&nbsp;</em>

LexisNexis Risk Solutions found that fraud discovery models miss 85% to 95% of likely synthetic identities. Many fraud detection models lack real-time insights and support for a broad base of telemetry data over years of transaction activity. Model results are inaccurate due to limited transaction data and real-time visibility.

CISOs tell VentureBeat that they need enhanced fraud prevention modeling apps and tools that are more intuitive than the current generation.

Five ways AI is helping stop synthetic identity fraud 

The challenge every fraud system and platform vendor faces in stopping synthetic identity fraud is balancing enough authentication to catch an attempt without alienating legitimate customers. The goal is to reduce false positives so a company or brand’s threat analysts aren’t overwhelmed, while at the same time using machine learning (ML)-based algorithms that are capable of constantly “learning” from each fraud attempt. It’s a perfect use case for ML and generative AI that can learn from a company’s real-time data sets of fraudulent activity. 

The goal is to train supervised ML algorithms to detect anomalies not seen by existing fraud detection methods and supplement them with unsupervised machine learning to find new patterns. This market’s most advanced AI platforms combine supervised and unsupervised ML.

Leading fraud systems and platform vendors who can identify and thwart synthetic identity fraud include Aura, Experian, Ikata, Identity Guard, Kount, LifeLock, IdentityForce, IdentityIQ and others. Among the many vendors, Telesign’s risk assessment model is noteworthy because it combines structured and unstructured ML to provide a risk assessment score in milliseconds and verify whether a new account is legitimate. 

Below are five ways AI is helping detect and prevent growing identity fraud.

Designing ML into the core code base

Stopping synthetic identity fraud across every store or retail location requires an ML-based platform that is constantly learning and sharing the latest insights it finds in all transaction data. The goal is to create a fraud prevention ecosystem that constantly expands its derived knowledge.

Splunk’s approach to creating a fraud risk scoring model shows the value in data pipelines that perform data indexing, transformation, ML model training and ML model application while providing dashboarding and investigation tools. Splunk says that organizations undertaking proactive data analysis techniques experience frauds up to 54% less costly and 50% shorter than organizations that do not monitor and analyze data for signs of fraud.

<em>Splunks fraud risk scoring model generates a risk score for each event by adding anomalies detected in each recorded events metrics or KPIs. The aggregated figure for each event is then reported in real-time. Source: <a href="https://www.splunk.com/en_us/blog/platform/creating-a-fraud-risk-scoring-model-leveraging-data-pipelines-and-machine-learning-with-splunk.html" target="_blank" rel="noreferrer noopener">Splunk</a>. </em>

Reducing latency of identifying synthetic fraud in progress via cloud services

One of the limitations of existing fraud prevention systems is a relatively longer latency than current cloud services. Amazon Fraud Detector is a service that many banking, e-commerce and financial services companies use along with Amazon Cognito to tailor specific authentication workflows designed to identify synthetic fraud activity and attempts to defraud a business or consumer.

AWS Fraud Detector has been designed as a fully managed service that has proven effective in identifying potentially fraudulent activities. Amazon says that threat analysts and others can use it without any prior ML expertise.  

<em>The online fraud insights ML model determines a medium-risk outcome for the new user. Source: <a href="https://aws.amazon.com/blogs/machine-learning/prevent-fake-account-sign-ups-in-real-time-with-ai-using-amazon-fraud-detector/">AWS</a></em>.

Integration of user authentication, identity proofing and adaptive authentication workflows

CIOs and CISOs tell VentureBeat that relying on too many tools that don’t integrate well limits their ability to identify and act on fraud alerts. Too many tools also create multiple dashboards and reports, and fraud analysts’ time gets stretched too thin. To improve fraud detection requires a more integrated tech stack to deliver ML-based efficacy at scale. Decades of transaction data combined with real-time telemetry data are needed to improve risk-scoring accuracy and identify synthetic identity fraud before a loss occurs.

“Organizations have the best chance of identifying synthetics if they use a layered fraud mitigation approach that incorporates both manual and technological data analysis,” writes Jim Cunha, secure payments strategy leader and SVP at the Federal Reserve Bank of Boston. “Also, sharing information internally and with others across the payments industry helps organizations learn about shifting fraud tactics.”

ML-based risk scores reduce onboarding friction and false positives

Fraud analysts must decide how high to set decline rates to prevent fraud while allowing legitimate new customers to sign up. Instead of going through a trial-and-error process, fraud analysts use ML-based scoring methods that combine supervised and unsupervised learning. False positives, a significant source of customer friction, are reduced by AI-based fraud scores. This minimizes manual escalations and declines and improves customer experience.

Predictive analytics, modeling and algorithmic methods effective for real-time identity-based activity anomaly detection

ML models’ fraud scores improve with more data. Identity fraud is prevented through real-time risk scoring. Look for fraud detection platforms that use supervised and unsupervised ML to create trust scores. The most advanced fraud prevention and identification verification platforms can build convolutional neural networks on the fly and “learn” from ML data patterns in real-time. 

ML helps keep friction and user experience in balance

Telesign CEO Joe Burton told VentureBeat: “Customers don’t mind friction if they understand that it’s there to keep them safe.”

Burton explained that ML is an effective technology for streamlining the user experience while balancing friction. Customers can gain reassurance from friction that a brand or company has an advanced understanding of cybersecurity, and most importantly, protecting customer data and privacy. 

Striking the right balance between friction and experience also applies to threat analysts who monitor fraud prevention platforms daily to identify and take action against emerging threats. Fraud analysts face the formidable task of identifying whether an alert or reported anomaly is a fraudulent transaction initiated by a non-existent identity or whether it’s a legitimate customer trying to buy a product or service.

Introducing ML gives analysts more efficient workflows and insights and delivers more accuracy and real-time latency to stop potential fraud before it occurs.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.

Source