Data drives new kinds of fraud

COURTESY ANDERA
WELL-BALANCED: Andrea Hunter is the product manager who spearheaded the development of FortiFi, Andera's latest bank-security system.
COURTESY ANDERA WELL-BALANCED: Andrea Hunter is the product manager who spearheaded the development of FortiFi, Andera's latest bank-security system.

Not all bank robbers carry a gun and not all cyberthieves are looking to empty your bank account.
The practitioners of “synthetic fraud,” an emerging form of graft in the ever-changing world of financial crime, create fake identities stitched together with the personal details of real people in order to sign cellphone contracts, open bank accounts and receive credit cards.
Unlike traditional identity theft targeting consumers, synthetic fraud targets financial institutions and other businesses that rely on verifying electronic identity information in a world of global e-banking.
“It has been front and center, and banks have been looking at the so-called marketplace of people who are trying to obtain personal data,” said William Farrell, general counsel for the Rhode Island Bankers Association, about identity theft and bank fraud. “Banks are looking at the best way to combat that, but it is a pretty tough area to get at.”
As a developer of online-banking systems, Andera Inc. of Providence has found itself in a unique position to observe the havoc created by cyber criminals and to benefit if additional confidence and security can be brought to the marketplace.
With 550 customer financial institutions running on its network, Andera can see patterns in account openings and alert banks when certain transactions look suspicious.
Last summer, Andera launched FortiFi, a new fraud-detection product that checks new-accounts openings against the vast flow of real-time data the company processes for possible identity theft and fraud rings at work.
“We don’t share info, but we look across our entire database to see if something that is happening in one place is also happening at one of our other 550 customers,” said Andera Program Manager Andrea Hunter. “It makes the banks feel more secure, like an insurance policy.”
While traditional identity theft still exists, Hunter said synthetic fraud in particular has grown over the last several years as more records have migrated from paper into computers. “There is still your typical identify theft, which happens when you just get a hold of someone’s account,” Hunter said. “But synthetic fraud didn’t exist as much in the past because networks weren’t as robust.”
Hunter described a typical synthetic-fraud campaign starting with a stolen social security number, preferably from someone who hasn’t established a borrowing history, which a criminal ring will use to open a series of new accounts under a fake identity.
Social security numbers in these schemes are often acquired by online phishing, on the black market or by convincing a so-called mule to give up their personal information.
Even though online systems are set up to confirm the identities of people who apply for accounts through credit bureaus and other means, by creating a broad expanse of false records, synthetic identities can take on a life of their own and begin fooling the systems.
“With the way information is stored, if they apply for enough cellphones, enough credit cards, it creates a customer record that makes it look like they actually exist,” Hunter said. “That’s when they will try to open a bank account.”
Hunter said the problem really took off in the last three years as the use of social media has exploded, putting more information online and making it easier for criminals to both search for mules and share fraud techniques.
According to a study released in April by ID Analytics, a San Diego company that screens consumers for their fraud risk, the identities of 2.5 million dead Americans are used improperly each year, 800,000 of them in intentional fraud schemes.
On the other end of the spectrum, ID Analytics last year estimated that the identities of 140,000 children are used each year in fraud schemes, with 60 percent of those cases connected to credit cards. Unlike Andera’s system, ID Analytics works more like a credit-rating agency judging the likelihood that a particular individual is involved in identity fraud based on the profile of information they have provided.
In its simplest form, Andera’s FortiFi tries to weed out criminals by running each new bank account opened through their system through algorithms designed to detect patterns in the real time financial data.
Seeing the same mailing address or telephone number used to open multiple accounts under different names is one giveaway that could trigger an alert.
Even in the more sophisticated fraud schemes, a perpetrator needs to have a way to collect the proceeds of whatever they are stealing and, as a result, usually gives at least one piece of information that can be traced back to them.
When the system does detect a suspicious pattern in the data, it does not alert police, but flags the new account that triggered the check so the bank can investigate further, deny the application or call law enforcement.
In the first year of FortiFi, Hunter said about 30 of Andera’s customers have subscribed to the new program, but the growing company plans to market it more heavily later in the year.
As electronic fraud has become more of a problem, banks used to dealing with security matters on their own are increasingly cooperating to fight off criminals.
The American Bankers Association’s Bank Capture system shares information about criminal enterprises, although it is more focused on traditional robberies than detecting new kinds of online fraud.
“The banks have started networks with law enforcement, the Secret Service, Treasury, and national fraud-detection networks to share information and deal with this,” said Farrell, of the Rhode Island Bankers Association. •

No posts to display