arrow left facebook twitter linkedin medium menu play circle

Senate Bill 2155 Aims to Stop Synthetic Identity Fraud

DataVisor Threat Blog

By Priya Rajan December 6, 2018

Photo of Priya Rajan

about Priya Rajan
Priya is the VP of Marketing at DataVisor. She brings to her role two decades of experience holding leadership positions in high-growth technology organizations, including industry leaders VISA and Cisco, and Silicon Valley unicorns Nutanix and Adaptive Insights.

Senate Bill 2155 Aims to Stop Synthetic Identity Fraud

Senate Bill 2155, the “Economic Growth, Regulatory Relief, and Consumer Protection Act” became public law earlier this year. The law includes provisions intended to stop synthetic identity fraud. This post provides a few details about synthetic identity fraud and S.B. 2155. The post also highlights what businesses should expect when it comes to the rollout of the law.

What is Synthetic Identity Fraud?

Synthetic identity fraud is a technique where a bad actor creates an identity using a blend of personal information from different people or a combination of real and fake personal information. For example, a fraudster could buy a real social security number from a dark web marketplace but use a name, home address, and date of birth from a different person or multiple people.

Fraudsters use synthetic identities primarily for application fraud swindling lenders and financial institutions out of billions of dollars every year. Application fraud is where a fraudster uses a stolen or synthetic ID to apply for a line of credit or a loan with no intention of paying back the lender. The fraudster cultivates the synthetic identity building authentic looking credit and account activity over time. The goal is to gain access to more credit and max out the credit lines when the time is right.

Synthetic identity fraud is difficult to detect for many reasons. First, fraudsters are adept at creating (and stealing) identities and accounts then emulating user behavior to appear legitimate. Fraudsters will also create sleeper accounts that are used in legitimate ways for a period of time then suddenly break out with fraudulent activity.

Another reason synthetic identity fraud is difficult to detect is that fraudsters often target and steal the social security numbers of children. Fraudsters can buy the stolen social security numbers of children and adults from dark web marketplaces. And criminals can use a child’s social security many years before the fraud is discovered.

A Law that Targets Synthetic Identity Fraud

Senate Bill 2155 includes provisions specifically designed to prevent synthetic identity fraud. One of the provisions is that the Commissioner of the Social Security Administration (SSA) must modify existing SSA databases or develop a new database that verifies the fraud protection data contained in an electronic inquiry from a permitted entity. A permitted entity is a financial institution, service provider, or other organization working with a financial institution. Fraud protection data includes personal data for an individual such as social security number, date of birth, and full name.

The SSA system must also accept the electronic consent of an individual who has given a permitted entity permission to use personal details to verify their identity through the agency’s Consent Based Social Security Number Verification Service (CBSV). Individual consent and fraud data verification must be done electronically only, and not through a signature on paper or a “wet signature.”

The text of the bill explains in detail how the requirements related to preventing synthetic identity fraud are to be executed by the SSA and permitted entities.

Expect Synthetic Identity Fraud to Spike

There doesn’t appear to be a set deadline for the SSA to implement the technical components of the law. Like the EMV chip law, it may take several years for the law to be fully implemented. Also, like the EMV chip rollout, fraudsters will scramble to make the most from synthetic identity fraud while they still can. EMV chips are an obstacle to physical credit card fraud, so fraudsters set their sights on online fraud such as card not present fraud and account takeover fraud. Fraudsters will start cashing out synthetic identities in droves once S.B. 2155 is close to full implementation.

Senate Bill 2155, if implemented correctly, will put an end to synthetic identity fraud. But it will not put an end to application fraud. Massive data breaches occur every year, so fraudsters will still have plenty of stolen identities to use for application fraud.

Popular Posts

Intelligent solutions. Informed decisions. Unrivaled results.

DataVisor Fraud Index Report: Q2 2019

Learn More

The DataVisor Q2 2019 Fraud Index Report is here.

Customers online want convenience, ease, and access. Fortunately, your business offers it all. Unfortunately, that’s what fraudsters want too. To a cyber criminal, those features means vulnerabilities. To bring you the very latest and most actionable insights about where the risks are and what you…

Dumb & Dumber vs Ocean’s 11

Learn More

Understand the range of modern fraud attacks to ensure complete coverage for your organization.

Complex and coordinated fraud attacks that are extensively planned, hard to detect, and highly scalable are the new normal for online platforms. Explore and understand the full spectrum of fraud attacks—from simple to sophisticated—and learn how you can defend against each type in this…

Diagnose and Defeat Application Fraud with the Latest AI-Powered Tools

Learn More

Learn how leading financial institutions are using ML to proactively detect card application fraud.

In this insightful webinar, you’ll explore how organizations are leveraging AI-powered fraud management solutions to get tangible, real-world benefits as they work to proactively detect and defeat sophisticated modern fraud attacks. Plus, you’ll discover strategies for empowering cross-team…

Protect your business, your customers, and your data.

Request Demo