On occasion, I can be the kind of person that other people at a party tend to look at a bit sideways. It is as though they are waiting for me to ruin their good time by reminding them of the rules. And I’m afraid I may come across that way with the recently passed Economic Growth, Regulatory Relief, and Consumer Protection Act. Because while it has the potential to make synthetic identities a very ineffective path to fraud, we are also about to find out if all of the money we’ve spent mitigating them thus far been worthwhile. And I suspect we will be spending even more money after this legislation is put into practice.
See what I mean? Aren’t I starting to feel a bit like 'that guy'?
For those who may have missed it, last month Senate Bill 2155 became law. Built on the promise that by allowing “permitted entities” such as financial institutions to verify the name, SSN, and date of birth of individuals with the Social Sercurity Administration that a synthetic identity would be made a thing of the past. Not only that, and this is really the key, this verification can be done with only electronic consent. As opposed to requiring a “wet signature” that would make verifications impractical, especially in the age of digital account applications, FIs, issuers and lenders will soon be able to verify identities with the SSA quickly and at scale.
The issue for me isn’t so much that a vendor or series of vendors will be making money off of this service – someone has to build the technology that facilitates the validation – but what is an issue is that there are three consequences of this law that are going to have varying degrees of what I suspect will be unanticipated financial effects on the industry:
- Losses on credit card accounts will spike: Synthetic identities are nurtured over time so that they can be used to obtain the largest line of credit possible. As the door begins to close on synthetic identities during the application process, criminals with existing accounts – credit cards being a prime example – are going to start cashing out in short order.
- The value of previous spending on preventing synthetic ID fraud will be exposed: As SSN validation becomes practice and accounts are audited (which will create work for due diligence firms – many of which cropped up after the mortgage meltdown), especially as defaults rise, we will find out if there has been enough synthetic identity fraud to justify how much the industry has spent on preventing it in the first place. And consider that will dictate if the industry will be paying to verify SSNs on all applications going forward or if they will choose to be selective about which are submitted.
- Application fraud is dead, long live application fraud: If synthetic identity fraud is pervasive then criminals are going to shift tactics and turn to true name fraud to keep the money spigot on. Consider that the only way to really know if you’re dealing with a synthetic at this point is to review each applicant or customer individually. Although some in the industry suspect that accounts belonging to synthetic customers that default are often being charged off as credit loss because banks just can’t find those customers during the collections process, auditing an entire portfolio or even just charge-offs to determine the extent of the synthetics problem is uncommon. So, either synthetics are a large part of what has been driving the huge increases we are seeing in application fraud, or we may just find out that some money would have been better spent on stopping true name fraud all along.
Are we worse off with the law? Not at all. It will render synthetic identities a thing of the past and that will make a world of difference when it comes to protecting children from identity fraud as their SSNs are highly valued in synthetic schemes (there were over a million cases of child ID fraud last year, alone).
So enjoy the party and celebrate a rare piece of bipartisan legislation geared towards preventing crime. It doesn’t happen nearly often enough. But like all good celebrations, we should be prepared for the morning after.
Yep, I’m still 'that guy'.