arrow left facebook twitter linkedin medium menu play circle

Senate Bill 2155 Aims to Stop Synthetic Identity Fraud

DataVisor Threat Blog

By Priya Rajan December 6, 2018

Photo of Priya Rajan

about Priya Rajan
Priya Rajan is VP of Marketing at DataVisor. She is a highly-regarded leader in the technology and payments sectors, bringing more than two decades of experience to her role. She has previously held leadership roles with high-growth technology organizations such as VISA and Cisco, and Silicon Valley unicorns like Nutanix and Adaptive Insights.

Senate Bill 2155 Aims to Stop Synthetic Identity Fraud

Senate Bill 2155, the “Economic Growth, Regulatory Relief, and Consumer Protection Act” became public law earlier this year. The law includes provisions intended to stop synthetic identity fraud. This post provides a few details about synthetic identity fraud and S.B. 2155. The post also highlights what businesses should expect when it comes to the rollout of the law.

What is Synthetic Identity Fraud?

Synthetic identity fraud is a technique where a bad actor creates an identity using a blend of personal information from different people or a combination of real and fake personal information. For example, a fraudster could buy a real social security number from a dark web marketplace but use a name, home address, and date of birth from a different person or multiple people.

Fraudsters use synthetic identities primarily for application fraud swindling lenders and financial institutions out of billions of dollars every year. Application fraud is where a fraudster uses a stolen or synthetic ID to apply for a line of credit or a loan with no intention of paying back the lender. The fraudster cultivates the synthetic identity building authentic looking credit and account activity over time. The goal is to gain access to more credit and max out the credit lines when the time is right.

Synthetic identity fraud is difficult to detect for many reasons. First, fraudsters are adept at creating (and stealing) identities and accounts then emulating user behavior to appear legitimate. Fraudsters will also create sleeper accounts that are used in legitimate ways for a period of time then suddenly break out with fraudulent activity.

Another reason synthetic identity fraud is difficult to detect is that fraudsters often target and steal the social security numbers of children. Fraudsters can buy the stolen social security numbers of children and adults from dark web marketplaces. And criminals can use a child’s social security many years before the fraud is discovered.

A Law that Targets Synthetic Identity Fraud

Senate Bill 2155 includes provisions specifically designed to prevent synthetic identity fraud. One of the provisions is that the Commissioner of the Social Security Administration (SSA) must modify existing SSA databases or develop a new database that verifies the fraud protection data contained in an electronic inquiry from a permitted entity. A permitted entity is a financial institution, service provider, or other organization working with a financial institution. Fraud protection data includes personal data for an individual such as social security number, date of birth, and full name.

The SSA system must also accept the electronic consent of an individual who has given a permitted entity permission to use personal details to verify their identity through the agency’s Consent Based Social Security Number Verification Service (CBSV). Individual consent and fraud data verification must be done electronically only, and not through a signature on paper or a “wet signature.”

The text of the bill explains in detail how the requirements related to preventing synthetic identity fraud are to be executed by the SSA and permitted entities.

Expect Synthetic Identity Fraud to Spike

There doesn’t appear to be a set deadline for the SSA to implement the technical components of the law. Like the EMV chip law, it may take several years for the law to be fully implemented. Also, like the EMV chip rollout, fraudsters will scramble to make the most from synthetic identity fraud while they still can. EMV chips are an obstacle to physical credit card fraud, so fraudsters set their sights on online fraud such as card not present fraud and account takeover fraud. Fraudsters will start cashing out synthetic identities in droves once S.B. 2155 is close to full implementation.

Senate Bill 2155, if implemented correctly, will put an end to synthetic identity fraud. But it will not put an end to application fraud. Massive data breaches occur every year, so fraudsters will still have plenty of stolen identities to use for application fraud.

Popular Posts

Intelligent solutions. Informed decisions. Unrivaled results.

DataVisor Digital Fraud Trends Report: Q1 2020

Learn More

Download the new “State of Sophistication in Fraud” report from DataVisor to ensure your business is equipped to…

Download the new “State of Sophistication in Fraud” report from DataVisor to ensure your business is equipped to prevent high sophistication threat attacks.

A Guide to Centralizing Data Intelligence

Learn More

Discover AI-powered fraud strategies for preventing financial and reputational damage in this powerful e-book.

Online marketplaces withstand a complicated array of fraud attacks—spam, scam, and all points in between. Only the most comprehensive, proactive AI-powered solutions can fully protect against reputational and financial damage. This e-book details the entire lifecycle of a fraud attack, and lays out…

A Practical Guide to Eliminating False Positives in Fraud Management

Learn More

This e-book explores the next generation of fraud prevention technology, which applies unsupervised machine learning to reduce false positives and risk.

This e-book explores the next generation of fraud prevention technology, which applies unsupervised machine learning to reduce false positives and risk.

Protect your business, your customers, and your data.

Request Demo