How To Catch a Fraudster That Doesn’t Exist

Identity Fraud

 

BY NEIL DUBORD, CFE  |  With the development of websites such as This Person Does Not Exist, anti-fraud professionals are continuing to see a rise in synthetic identity fraud.

Synthetic identity fraud occurs when perpetrators combine piecemeal and, at times, factual information to create a new identity. These identities are cheap, quick and easy to produce, and may include a factual piece, or pieces, of information from sources such as breached data sites.

Synthetic identity fraud is reportedly the fastest-growing type of financial crime, costing online lenders more than $6 billion annually. With the explosive growth of decentralised finance, synthetic identity fraud will continue to rise. Besides its insidious nature, synthetic identity fraud is also becoming one of the most challenging frauds to detect, investigate and prosecute.

Fraudsters may take years to build good credit with their synthetic identity through a series of small purchases or loans that they pay off quickly. All this time, they are working to build trust and creditability with lenders so they can take out a large withdrawal — or in other words, one big payday. Once they have successfully defrauded their victim and obtained the asset they were pursuing, the fraudster will abandon the synthetic identity and never use it again. Abandoning the identity is called "busting out.”

Investigations are further complicated because the information is fragmented, and often identifying pieces of information, such as social insurance numbers, belong to real people.

With the growth of decentralised finance and online lending processes, a proactive, multilayered approach is recommended for Know Your Customer (KYC) assessments. To put a spin on a time-honored phrase, the best offense is a good defense, and that defense for synthetic identity fraud is KYC. In today's era, determining if a thief uses a synthetic identity can involve implementing advanced technology. The implementation of technology such as artificial intelligence and blockchain will serve to assist in preventing individuals from building and using synthetic identities. Many believe that blockchain technology used in some areas of decentralised finance allows individuals to remain anonymous and to commit their criminal acts undetected. However, this is not true, and companies such as Chainalysis have developed a platform that powers investigations, compliance and risk management, and ultimately helps solve crimes. Not all organisations have the sophistication or resources to implement technology to assist with synthetic identity fraud detection, which begs the question of what organisations can do right now to defend against this type of fraud.

A thorough KYC process is still an effective and efficient tool for recognising synthetic identities. If a thief is going to go through the effort of creating a synthetic identity, they typically do not provide a picture of themselves. A vigilant compliance officer undertaking a methodical KYC process should use as many tools as possible to validate that the information received, including the person's picture, is accurate.

Open-source intelligence (OSINT) is a tool that is often used to provide additional information. A new free tool to add to your KYC toolkit involves a free, easy-to-use Chrome extension, PetaPixel, which can be used to detect fake pictures like those produced by This Person Does Not Exist. This new tool claims to distinguish fake pictures with 99.29% accuracy. It is quick and straightforward to use. First, you install the PetaPixel Chrome extension. Once it has been installed, photos can be scanned in seconds and the results can then be used as part of your KYC process. It is important to note that currently PetaPixel extension only works on GaN-generated images, such as those images from This Person Does Not Exist. Although I recommend using PetaPixel, it should not be the sole source of information in your KYC assessment, as high-quality deepfakes will not be detected.

KYC assessments are an iterative process, and compliance officers should always be looking for new ways to protect their organisations against fraud. While tools like PetaPixel are not a silver bullet, fraud examiners should explore such offerings to aid in the assessment process.