On occasion, I can be the kind of person that other people at a party tend to look at a bit sideways.  It is as though they are waiting for me to ruin their good time by reminding them of the rules.  And I’m afraid I may come across that way with the recently passed Economic Growth, Regulatory Relief, and Consumer Protection Act.  Because while it has the potential to make synthetic identities a very ineffective path to fraud, we are also about to find out if all of the money we’ve spent mitigating them thus far been worthwhile.  And I suspect we will be spending even more money after this legislation is put into practice.  
 
See what I mean?  Aren’t I starting to feel a bit like 'that guy'?
 
For those who may have missed it, last month Senate Bill 2155 became law.  Built on the promise that by allowing “permitted entities” such as financial institutions to verify the name, SSN, and date of birth of individuals with the Social Sercurity Administration that a synthetic identity would be made a thing of the past.  Not only that, and this is really the key, this verification can be done with only electronic consent.  As opposed to requiring a “wet signature” that would make verifications impractical, especially in the age of digital account applications, FIs, issuers and lenders will soon be able to verify identities with the SSA quickly and at scale.  
 
The issue for me isn’t so much that a vendor or series of vendors will be making money off of this service – someone has to build the technology that facilitates the validation – but what is an issue is that there are three consequences of this law that are going to have varying degrees of what I suspect will be unanticipated financial effects on the industry:
 
  1. Losses on credit card accounts will spike: Synthetic identities are nurtured over time so that they can be used to obtain the largest line of credit possible.  As the door begins to close on synthetic identities during the application process, criminals with existing accounts – credit cards being a prime example – are going to start cashing out in short order.
  2. The value of previous spending on preventing synthetic ID fraud will be exposed: As SSN validation becomes practice and accounts are audited (which will create work for due diligence firms – many of which cropped up after the mortgage meltdown), especially as defaults rise, we will find out if there has been enough synthetic identity fraud to justify how much the industry has spent on preventing it in the first place.  And consider that will dictate if the industry will be paying to verify SSNs on all applications going forward or if they will choose to be selective about which are submitted.
  3. Application fraud is dead, long live application fraud:  If synthetic identity fraud is pervasive then criminals are going to shift tactics and turn to true name fraud to keep the money spigot on.  Consider that the only way to really know if you’re dealing with a synthetic at this point is to review each applicant or customer individually. Although some in the industry suspect that accounts belonging to synthetic customers that default are often being charged off as credit loss because banks just can’t find those customers during the collections process, auditing an entire portfolio or even just charge-offs to determine the extent of the synthetics problem is uncommon.  So, either synthetics are a large part of what has been driving the huge increases we are seeing in application fraud, or we may just find out that some money would have been better spent on stopping true name fraud all along.
 
Are we worse off with the law?  Not at all.  It will render synthetic identities a thing of the past and that will make a world of difference when it comes to protecting children from identity fraud as their SSNs are highly valued in synthetic schemes (there were over a million cases of child ID fraud last year, alone).  
 
So enjoy the party and celebrate a rare piece of bipartisan legislation geared towards preventing crime.  It doesn’t happen nearly often enough.  But like all good celebrations, we should be prepared for the morning after.  
 
Yep, I’m still 'that guy'.
 
Author

About Al Pascual

An accomplished industry analyst, market researcher, and financial industry practitioner, Al Pascual is Javelin’s Senior VP of Research and Head of Fraud & Security. As SVP of Research, he oversees the firm’s operations and ensures that Javelin’s research content provides the innovative perspectives that clients expect from the firm.

As Head of Fraud & Security, Al provides clients actionable insights on a variety of fraud and security issues, acts as a partner in developing strategies for managing risk, and identifies and raises awareness of future threats and solutions. Al researches a range of topics, including the applicability of biometrics in banking and payments, the effect of data breaches on the integrity of consumer identities, the relationship between identity fraud and loyalty, and the best methods for securing data and transactions.

Al has presented findings from Javelin’s rigorous, industry-leading research at conferences around the world, including BAI, CARTES, Money20/20, NACHA, and RSA. Al has provided commentary on fraud and security issues to media outlets such as American Banker, Bloomberg, CNNMoney, Fox Business, Reuters, The New York Times, The Wall Street Journal, The Washington Post, and Wired.

Previously Al held risk management roles at HSBC, Goldman Sachs, and FIS. He is a member of the Association of Certified Fraud Examiners, the International Association of Financial Crimes Investigators, and the Federal Reserve Secure Payments Task Force. He earned a Bachelor of Arts degree in History from the University of South Florida.

Stay in Touch!