Fed Raises Red Flag On Synthetic Identity Fraud

July 10, 2019 at 9:33 am Leave a comment

The savvy and hardcore compliance readers of my blog are going to spot how clever this morning’s headline is.

Yesterday, the Fed published a white paper on Synthetic Identity Fraud which it proclaimed the fastest growing cyber fraud in America. Here comes the clever part of the headline. By highlighting the issue, the Fed wasn’t waving a red flag of surrender but simply putting financial institutions on notice that they should be analyzing their exposure to this problem and seeing what steps they can take to guard against it.

After all, under 12 CFR 748, your credit union, be it state or federal, is responsible for having a program in place that identifies the “red flags of identity theft.” This regulatory requirement mandates that your credit union “monitor, evaluate and adjust as appropriate” your information security program “in light of any changes in technology.” Yesterday’s report puts you on notice and is precisely the type of information you should be demonstrating at least someone in your credit union is aware of.

That being said, the white paper has given me the same feeling I get every time I see somebody showing up at a party two hours late who acts as if it is only officially starting now that he has arrived. Maybe it is because I overslept this morning or maybe it’s because I’m only halfway through my first cup of coffee but there is little in this report that should surprise those of you tracking these issues.

So, what exactly is the report referring to? “Synthetic identity fraud is a crime in which perpetrators combine fictitious and sometimes real information, such as SSNs and names, to create new identities to defraud financial institutions, government agencies or individuals. However, industry experts tend to disagree on the classification of synthetic identity fraud and related mitigation approaches. Through ongoing analysis and by facilitating industry feedback, the Federal Reserve plans to work with the industry to determine how the classification of synthetic identity fraud best aligns with other fraud categories in the U.S. payments ecosystem.”

In other words, whereas fraudsters have long pretended to be other people, the growing use of online banking and internet commerce has made it easy for people to build seemingly legitimate credit identities for totally fake individuals. Over time they build up good credit and then take the financial institution for all its worth by maxing out on credit advances that they have no intention of repaying. The paper points out that in most of these cases financial institutions are left holding the bag. The cost of these heists are growing.

What can be done about this? This is where the report comes up a little short. Since even a synthetic identity needs a social security number the most immediate step we could take is urge the government to expand the use of technology that allows financial institutions to confirm the identity of persons using a social security number. A pilot-program is already in the works and they are looking for institutions interested in taking part.

What the growing use of synthetic identity also underscores is how federal courts have too narrowly interpreted standing when it comes to bringing data breach lawsuits. If courts continue to insist on plaintiffs showing harm beyond the fact that personally identifiable information may have been stolen by fraudsters then many consumers will have no effective means for holding merchants and others responsible for preventable data breaches. This is yet another example of why Congress has to step in and create national data security standards once and for all.

Entry filed under: Compliance, Legal Watch, Regulatory. Tags: , , , .

Report Highlights Role of Brokers, NCUA, in Medallion Crisis Five Things You Need To Know As You Start Your Credit Union Day

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

Authored By:

Henry Meier, Esq., Senior Vice President, General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association. In addition, although Henry strives to give his readers useful and accurate information on a broad range of subjects, many of which involve legal disputes, his views are not a substitute for legal advise from retained counsel.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 775 other followers


%d bloggers like this: