How can banks and other financial institutions defend themselves and their customers and members against increasingly sophisticated, increasingly organized financial crime? What are the most challenging fraud threats and, critically, what are the available tools and tactics available to deal with them successfully?
We talked with Gus Tomlinson, Managing Director, Identity Fraud, with identity verification, location intelligence, and fraud prevention solutions provider GBG, about the challenges faced by companies and organizations when it comes to fighting evolving fraud threats.
Helping companies around the world onboard customers safely, fight fraud, and stay compliant, Tomlinson has more than a decade of experience in the identity industry. She has worked in strategic, commercial, data, and product roles and, this year, was named to Management Today’s 35 Women Under 35 roster for 2024.
Tomlinson is also a supporter of Women in Identity, a non-profit that promotes a more diverse workforce in the digital identity industry.
We wanted to talk with you about the spike in Synthetic Identity Fraud (SIF). What is SIF? What industries are being impacted most?
Gus Tomlinson: Synthetic identity fraud is a fraud tactic many businesses struggle to identify. This is because it uses a mix of genuine, stolen personally identifiable information (PII), and manufactured synthetic data to create a fake identity. This fabricated identity is then used to open accounts, make purchases, and commit other fraudulent activities.
The blending of real PII such as name and address with a different date of birth data for example, is common, and amongst more sophisticated scams, fraudsters will go beyond data to include fake identity documents, fake photos and videos, and even other biometric characteristics, like fingerprints. These ‘identities’ allow fraudsters to apply for low-friction accounts where there are no or limited checks to build up their credit history.
Often synthetic identity fraudsters will play the long game as their credit history improves – increasingly getting access to higher value finance and goods before disappearing without a trace, leaving the affected businesses trying to collect from people who never existed in the first place.
The industries particularly vulnerable to synthetic identity fraud are those that handle high value data and offer potential financial gains for fraudsters – financial services, gaming, and government sectors are key examples. Though it’s important to remember that all industries are vulnerable – fraudsters don’t limit their activities to one organization, sector, or even stop at national boundaries. They target where they see an opportunity.
What makes fighting SIF a challenge?
Tomlinson: Fighting synthetic identity fraud is a challenge due to the sheer scale it’s being – and has been – leveraged by fraudsters. The lack of preparation from businesses has led to them letting in huge numbers of sleeping identities that are now ready to attack.
Organizations need to act now as this threat will only continue to increase. On the dark web, thousands of sites are selling cheap bundles of identity data from billions of records stolen in cyberattacks and data breaches every year. All the info needed to impersonate someone is easily available within a few clicks and for a few dollars.
Digital identity is complicated, and synthetic identity fraud takes advantage of that by blending real and fake data to slip through the cracks. Technological advancements, such as Generative AI (GenAI), are also increasing the sophistication of synthetic identities, making it even harder to spot. To catch this kind of fraud, detection methods need to handle that complexity and use all the digital identity data out there to spot the fraud signals. Building up several layers of defense is critical.
How high on the list of priorities is this for companies? Do they understand the threat posed by SIF and other AI-powered fraud tactics?
Tomlinson: Fraud is hitting the bottom line – estimates show businesses are losing around five percent of their revenues to fraud annually. Now GenAI has given fraudsters new capabilities to work faster, scale attacks, and create more believable scams. The threat has risen to a new level.
As a result, digital identity verification and fraud prevention has moved from a tick box exercise to a business imperative and more than ever identity fraud is a boardroom topic.
While this is a step in the right direction, what is still missing is an appreciation for – or acceptance of – the true extent of the problem.
Synthetic identity fraud isn’t new, it’s been happening for years. Many organizations are far more exposed today than they might think.
The reality is businesses prioritize fraud prevention mid-journey or at checkout rather than at the onboarding stage. So, the threat isn’t just about onboarding new synthetic identities, it’s also the many synthetic identities that have already been onboarded and exist in their ecosystem ready to attack.
What we see is that many companies try to ignore that the problem is already intrenched in their operations. They need to accept this part of the problem to truly protect against it.
You’ve spoken about “cross-sector industry collaboration” as key to helping deal with AI-powered fraud. Why is this the best strategy?
Tomlinson: Synthetic identity theft is just one of the fraudulent threats today. Businesses need to build a layered defense to fraud prevention to protect against current and new fraud tactics. For example, a combination of credit bureau data checks, mobile data, document verification, biometric checks and other alternative data, such as cross-sector intelligence, is a key part of a proven multi-layered approach that strengthens the identity verification process by providing a more robust and informed way of validating identity and spotting fraudsters.
Ultimately, it’s about leveraging the strengths of each component. AI can process vast amounts of data and identify patterns quickly. Human fraud experts bring critical thinking and experience to interpret AI findings and make nuanced decisions. Cross-sector collaboration allows for sharing of intelligence and best practices, making it harder for fraudsters to exploit gaps between industries and organizations.
How difficult is it to coordinate all those pieces into a coherent, fraud-fighting operation?
Tomlinson: It shouldn’t be complex for organizations – identity experts like us are doing the hard work in the background to bring everything together – that’s why we exist! Plug-in onboarding systems are available to orchestrate identity verification at an intelligent, adaptable level. These identity verification and fraud prevention technologies deliver greater speed and accuracy, calculating the absence or presence of fraud signals and adjusting the customer journey accordingly so there is minimal friction for genuine customers.
How can effective fraud-fighting co-exist with the kind of seamless, real-time experience that consumers have come to expect?
Tomlinson: Actually, more than ever consumers value and prioritize security over convenience. In fact, our latest Global Fraud Report revealed 68% of U.S. customers place greater importance on the security of the onboarding process over its speed.
In the recent past, with organizations fighting in competitive landscapes to provide the best onboarding customer experience, reducing friction has been seen as critical. However, as fraud, data breaches and security news stories increasingly become dinner-party conversations, consumers are more actively looking for and comforted by visible security measures. Now, it’s critical for organizations to understand that friction doesn’t equal a bad customer experience.
With cross-sector intelligence, organizations can detect bad, good, and great customer prospects and give them a tailored experience corresponding to their risk level, including when and how to use step-up authentication through documents or biometrics in this time of increasing use of GenAI by fraudsters.
What is GBG doing specifically to help businesses combat SIF and other forms of AI-powered fraud?
Tomlinson: Data tells a story and we help you read it. We understand the data that is being presented and verify against it, giving businesses clarity on exactly what they are making decisions on. This is fundamental to preventing synthetic identity fraud.
While GenAI is making fraud tactics smarter, the same is true for fraud detection and prevention. Our solutions leverage AI to quickly sort through and scrutinize huge amounts of digital data, flagging identities that are high, medium, and low trust. We also implement injection attack detection technology for the new era of synthetic identities where fraudsters are matching data with biometric images.
Critically, we layer documents, biometrics, digital, and data checks to give businesses complete defense. Our multi-layered approach strengthens the identity verification process by providing a more robust and informed way of validating identity and spotting fraudsters.
Looking to 2025, what do you expect to see in terms of new trends in the fraud and financial crime landscape?
Tomlinson: In the coming year, expect to see:
- A rapid pace of attack – established organized crime groups have made fraud their profession and stable source of income. GenAI combined with the industrialization of fraud means more fraud at a faster pace.
- Brand damage attacks and an ulterior motive of fraudsters – the damage to a business’ reputation can cause more financial loss than the actual fraud itself. This is a powerful tool for a malicious actor to have in their toolbox.
- Increased cross-border fraud – fraudsters don’t limit their activities to one organization, sector, or even stop at national boundaries. They target where they see an opportunity, which is increasingly cross border attacks.
- Fraudsters recycle old methods –as companies pivot to defend against new fraud vectors with the latest technology, we’ll see fraudsters go back and use old fraud tactics to see if they can find a re-opened gap in the system to slip through. Businesses can’t afford to get complacent.
Photo by Markus Spiske
Views: 31
