Let’s begin this section by clearly stating the obvious, which is that it’s completely up to you and your legal beagles to determine what basis you would use for denying a mortgage application from a Synthetic ID. Personally, I think you can come up with over a dozen reasons, but it’s not my place to make those sorts of recommendations (unless you hire me as your consultant, of course).
Instead, what I can do is show you a few more ways to identify a Synthetic ID. Some require more work than others, and you’ll have to balance the time it takes versus your processing workflow versus potential losses versus the expense of extra steps versus customer satisfaction. Allow me to suggest, at least, that a wise lender would consider multiple positives from the items below as a sort of preponderance of the evidence and reason enough to dig further.
A Phone Call (or two)
I’m a big fan of the K.I.S.S. method of investigations (Keep It Simple Stupid…actually I’m a fan of that method in meetings, communications, trainings, everything). When a simple phone call will help you skip a few steps, make the call. In this case, your processor or underwriter calls the applicant to “just verify a few items on the application.” Preferably, you would independently locate the applicant’s phone number through an online service, 411 (yes, people, it still works and most fraudsters don’t account for it), or a business listing…but in the worst case, at least call the number on the 1003.
Presuming you get an answer – or leave a message and get a return call – then you simply do the oldest trick in the book: tell them you need to double-check a few items, then intentionally misread their 1003 data. You could misread them their salary, employer’s name, employer’s phone number, how the application was taken (say by mail when it was by phone, for example) and maybe a few older tradelines or previous addresses on the credit report. Use the ol’ listening skills to detect if the person on the other end of the line stumbles, has trouble “remembering” the correct information, or fails to correct your misinformation.
And if your spidey-sense is still tingling after the phone call, have someone else in your office repeat the process in two to three days, “verifying” slightly different information. Your gut instinct is not something to ignore.
This one requires some internal discipline and controls so you don’t go chasing squirrels, but it’s incredibly difficult in this day and age for an individual to have zero presence on the internet. If a quick google name search on your borrower turns up nothing, you might want to check a few of the more popular social media sites. You’re not prying into their personal lives, but rather checking to see if they have one, i.e., if they actually exist. If they don’t, chances are you might be dealing with a Synthetic ID, especially if the purported age of your borrower makes them a millennial (under 35 yrs old). (By the way, why not ask for a few social media identifiers at application time?)
If they do have a social media presence, does it generally match the 1003 in terms of age, lifestyle, etc.? Do the photos seem like they fit? Is the history of the page compatible with the 1003 data? Does the employment and address history match? Certainly some fraudsters are starting to catch on to this facet of backstopping, but even then, they tend to use stock photos to populate the sites, which you can easily check for if you know how (and if you don’t, yes, I can teach you). You can, of course, invest in some expensive social media scrubbing software if you really want to cross-reference and burrow out two or three levels deep, but be prepared to pay – the systems may well be worth it, but they aren’t cheap.
(Note: some Synthetic IDs are built with true names and false/stolen SSNs, and the true names have a legitimate social media presence. However, just because the online presence looks authentic it is not proof you have a real borrower; you’ll still need to check the file for other clues. However, the absence of a social media presence or one that appears fake should be a notable concern.)
Rate/Term and Cash-out Refinances
When combined with the credit report warning signs noted in part 2 of this series, certain items in a refinance application can suggest that you dig deeper to verify the borrower’s authenticity. Here’s where some of the traditional red flags on refinances become even more notable:
- Occupancy questions or recent additions to title, when combined with a suspicion of Synthetic ID, can indicate a stolen property or other deed fraud
- Shared bank statements or newly opened bank accounts where the proceeds are headed can indicate a Synthetic ID is involved
- Private liens to be paid off can suggest the use of an additional Synthetic ID to launder the proceeds
- A recently paid off mortgage can hint at a fraudulent Satisfaction of Mortgage, a dirty notary, or other related nefarious activity.
The point here is that the traditional red flags for refinances should take on a heightened importance if there are other suggestions in the file (or on the phone calls noted above) that suggest a Synthetic ID is involved.
You need to do everything you can to verify that the liens being paid off, the lienholders being paid off, and the owner of the account getting the proceeds are all authentic.
You know how you need to provide references when job-hunting? Why not require three personal references when you’re considering loaning someone hundreds of thousands of dollars? Boy, this would put the fraudsters in a pickle. They would have to come up with three more backstopped names, numbers, and stories to support their Synthetic ID – and that’s a lot of work! If I’m the bad guy shopping for a financial institution to target, and you ask me to have three friends vouch for my fraud, I’m going elsewhere.
An Ounce of Prevention…
There are other things you can do to help you spot a Synthetic ID, but I can’t give away the store, or 1) the bad guys will learn and adapt that much faster, and 2) I’ll be out of business. However, what I can do is strongly emphasize that you become familiar with Synthetic IDs and how they can be employed by fraudsters to con you out of hundreds of thousands of dollars. You can become familiar with some of the ways I’ve noted in this series for detecting their presence in your loan files, and you can even get creative with your own methods of prevention. For example, how much extra work would it really take to do VOMs on every mortgage in the credit report? You know, just to verify the tradelines are both real and attached to your borrower.
A Final Note on Technology
I would be remiss if I failed to mention a whole new generation of identity verification solutions coming out in the tech sector that may assist with this issue. For the most part, these are biometric solutions that hold out hope for screening out Synthetic IDs at the beginning of the application process. A great idea, but be forewarned: it may take a major shift or two in our society before people are willing to share their biometric data for commercial purposes. You may have to trade some profit to the borrower in exchange for their participation, at least in the beginning.
Alternatively, many tech companies are working on data analytics, adaptive AI profiling, actor modeling and predictions, and so on. These, too, hold out the hope of an improved fraud detection and prevention process for lenders across the financial spectrum. There are too many variations to discuss here, but the ability to augment current anti-fraud systems with new tech is very encouraging.
CAUTION: Even with great strides in these tech approaches, however, I must stress this point: any system can be beaten by another system, and eventually will be…you simply must have the human element included in your fraud detection and prevention process.
Fraudsters Always Adapt
Finally, unless you’ve been living under a rock, you’ve heard the Social Security Administration (SSA) is going to roll out a social security number (SSN) verification plan with a pilot program in June 2020. The program, called eCBSV, will allow a financial institution to electronically submit an SSN, a name and a date of birth (DOB) to see if they match. The SSA will respond with a simple “yes” or “no.” (And that’s the entirety of what it will do. The SSA itself says, “eCBSV does not verify an individual’s identity” (see https://www.ssa.gov/dataexchange/eCBSV/); it simply verifies if those three bits of data match what’s in the SSA’s system).
Many are touting this as a panacea to the Synthetic ID fraud problem, and I’m sure it will help quite a bit. However, as a former FBI agent who has seen some things, I have my doubts it will be as effective as hoped and I would caution against relying on it alone. In fact, I can already think of at least a couple of ways to get around eCBSV and/or avoid it altogether while still employing a Synthetic ID in a mortgage fraud scheme. Again, I’m all for tech solutions, but given my previous caution about relying solely on tech, that’s why I included some old school solutions at the beginning of this article which harken back to non-cyber methods, i.e., personal interaction, i.e., the good old days, i.e, human interaction.