McKinsey: The fastest growing financial crime in the U.S. and how globaliD’s approach to attestations could fix it

The game of fraud and fraud prevention will always be a cat-and-mouse game. As institutions wisen up and improve their systems, so will the hucksters. So it should be no surprise that the criminals are getting smarter.

The fastest growing financial crime in the U.S. today is what McKinsey calls “synthetic identity,” and according to their latest report, this type of identity fraud now accounts for “10 to 15 percent of charge-offs in a typical unsecured lending portfolio.”

But that may just be the tip of the iceberg. McKinsey describes “synthetic identity” fraud as “hidden bomb.”

The scariest part? Given the way the system is set up and how we currently deal with identity, there is yet “no efficient way of uncovering synthetic ID fraud.”

Here’s how it works — from the McKinsey report:

Synthetic IDs are created by applying for credit using a combination of real and fake, or sometimes entirely fake, information. The application is typically rejected because the credit bureau cannot match the name in its records. However, the act of applying for credit automatically creates a credit file at the bureau in the name of the synthetic ID, so the fraudster can now set up accounts in this name and begin to build credit. The fact that the credit file looks identical to those of many real people who are just starting to build their credit record — that is, there is limited or no credit history — makes the scam nearly impossible to detect.

Part of the problem is because we don’t have a functioning, verifiable system of identity:

In the United States, a large part of the problem is that there is no efficient government process to confirm whether a Social Security number, date of birth, or name is real. And although the government is developing a service to address this, the release date and precise capabilities remain unclear.

McKinsey has a potential solution, however, and this is where it gets interesting:

An approach to identifying synthetic IDs that entails leveraging third-party data can be a powerful tool. It is grounded in the fact that real people have real histories, evidence of which they scatter behind them in dozens of different data systems, physical and digital. These trails are hard to fake. They have depth — that is, large amounts of data that stretch back years. For example, a real teacher might have a student loan taken out ten years ago, a social-media account, a cell-phone record, a couple of past employers, several previous addresses, an email account set up years ago, and property records. The trails of real people are also consistent: the same address, email account, and phone number crop up in various databases. Synthetic IDs tend to be inconsistent, because although the applicant may give some real details (perhaps a name that reoccurs in various data systems), others are fabricated, so they will not reoccur. In cases in which the synthetic ID is entirely fabricated, the ID may be too consistent — that is, there are no changes at all to the address, email account, and other data over several years.

If you’re familiar with our vision for identity, it’s hard to read through this passage and not think about the globaliD framework — one that’s designed around a system of third-party attestations.

Through their research and study, McKinsey found that by “evaluating the depth and consistency of information available about applicants in third-party data systems, institutions can determine whether the applicants are real or not.”

And beyond the issue of fraud, such an approach could help institutions better serve those with limited credit history as defined by the existing system.

You can read the full McKinsey report here