Basics & Background
In layman’s terms, a synthetic ID is created when a fraudster takes a real or fake social security number (SSN), builds a completely false persona around it (including credit tradelines, ID cards, the works), and uses the fake persona to obtain credit and cash, then disappears… leaving the financial institutions with nothing but a ghost to chase after for remuneration. This makes it incredibly difficult for any type of law enforcement action or prosecution (but not impossible as you’ll see in a later installment of this series).
Synthetic IDs are all the rage in financial fraud investigator circles, particularly in credit card bust outs and fraudulent auto loans. Seems the old straightforward identity theft is no longer good enough, and banks are getting hit hard with these ghosts walking away with tens of thousands of dollars.
I was in the mortgage industry for almost a decade during its heyday in the early 2000s. I originated loans for a short time and audited defaulted loans when the bottom fell out of the market, but for the most part, I spent those years as a residential mortgage underwriter. I saw fraudulent applications all day long, mostly application fraud, and particularly on low-doc, no-doc, stated income and TIN loans. I saw both the successes and failures of various fraud prevention systems, and the human holes that expensive software failed to cover.
I then spent the next nine years as an FBI agent. I investigated entirely different types of mortgage fraud, from foreclosure-delay schemes, to straw-buyers and straw-cash-outs, to Ponzi schemes, to deed theft and extortion, to bankruptcy fraud involving mortgages, to… well, it was a long list of creative felonies. I even saw a version of Synthetic ID fraud in one of my more exciting cases, long before it was called that (see USA v. Glen Alan Ward, 9th Circuit, CA, court dockets 2:12-cr-00785 and 2:00-cr-00338; see also Rogues Gallery on my website).
But in all those years, in both the private and public sectors, I have never seen such a huge vulnerability for the mortgage industry as I see today with Synthetic IDs.
Why Mortgages are so Vulnerable
Here’s what makes this type of fraud so dangerous. A Synthetic ID will beat almost every automated fraud prevention software currently in use by lending institutions. And unless the loan processors and underwriters are specially trained on what to look for and how to investigate and verify (discussed in parts 3 and 4 of the series), the human actors in this process won’t catch it either. A Synthetic ID looks legitimate because it takes years to build one, and fraud controls don’t go back far enough to catch the glitch at the beginning, or wide enough to detect the lack of true existence elsewhere.
When the loan defaults because of non-payment or gets caught in any of the other mortgage fraud schemes out there (i.e., fraudulent Satisfaction of Mortgage, fractionalized-interest title transfers, simultaneous cash-outs, etc.), your investigators go to work, dig deep and fast…only to be left grasping at the vapor of a ghost who never existed in the first place. You loaned hundreds of thousands of dollars to someone who doesn’t exist. Will your E&O cover it? Your repurchase agreements? Heck, you sure can’t sell it as a scratch-and-dent. Since the loan passed all your fraud controls and super-sophisticated prevention software…well, your lawyers are sure going to be earning their money trying to keep you from losing all of yours.
Building One + Limited Fraud Controls
A Synthetic ID begins when a fraudster procures a real or fake SSN. If it’s real, it is often a minor’s. Pause right there… why? The benefit there is that no one checks their kids’ credit reports, so the activities used to build a Synthetic ID credit history won’t be caught for years, if ever. Continuing, the fraudster then attaches a fake name, address, etc., to that SSN and then applies for credit. It’s denied, but the result is a credit report record of the new “individual.”
Then, using a couple of different tricks we’ll discuss later in this series, the fraudster builds tradelines for that individual, opens small secured then unsecured lines of credit, makes payments to build up the credit score, and keeps the credit history and tradelines building over time. Finally, when the moment is ripe and it’s years down the road, the fraudster uses that persona to do a credit card bust out, purchase an expensive auto, or – heaven forbid – obtain a mortgage.
The problem, as I mentioned, is that the loan will pass automated fraud prevention software checks: is the SSN legitimate? Check. Is the credit history more than a couple of years old? Check. Are there sufficient tradelines/credit limits/balances/payment history to support a high 700s credit score? Check.
And what of the address, employment, assets, income and residence history entries sitting like an innocent doe-eyed puppy on the 1003? To fake those today in this digital age is ridiculously easy – VOEs, VOAs, VOIs, VORs, and even VOMs are all available for sale on both the regular internet and the dark web. Or, even easier, you can simply pay a buddy to be your verifier; I know because I spoke to more than one doing undercover FBI work.
So, presuming your appraisal is legitimate (that’s a whole other can of worms), you’re underwriting to capacity, credit and cash, and relying heavily on traditional fraud controls to ensure the submitted information for all three are correct. Unfortunately, those controls are woefully inadequate to meet this threat.
So, which types of mortgage fraud, specifically, are ripe for Synthetic ID fraud, and how do you detect and prevent it?
Stay tuned for part 2 being released next Thursday December 12th!