Welcome to you all and thank you for
joining us on our webinar today.
We truly appreciate your time and
interest. Before we begin discussing our topic
synthetic identity fraud mitigation let
me remind you that the participant lines
will be unmute for the duration of this webinar
you can submit questions to us at any
time by clicking on the ask
question button in the webinar tool
We'll address the questions the panelists as time permits.
With that let me turn to the next slide
and provide an overview of our webinar today.
First we will set the stage
on synthetic identity fraud by
discussing what it is and why we are
finding an important topic we will then
turn to a discussion of detection and mitigation
strategies there will be a
another discussion on industry
collaboration and future outlook
the panelists will then have a q a and
we again invite you to
submit questions to the panelists at any
point during this webinar
and then we will have some brief closing remarks.
With that let me turn to the next slide
and introduce
the industry experts on today's webinar
Jim Cunha will be our moderator, he is
our senior vice president at the Federal Reserve Bank of Boston
and our secure payments strategy leader
in addition we welcome Greg Woolf who is
chief executive officer and founder of coalesce.ai
and our third panelist is Jack Lynch who
wears a number of hats but we're
introducing him as senior vice president
and chief risk officer of PSCU.
With that let me turn the webinar over
to Jim in our next slide.
Thank you, thanks Maryellen.
I have to welcome everybody who's
joined the call hope you are all doing well.
I want to give a high level update of
what synthetic identity fraud is and I'll go pretty
quickly but the other speakers are going to
talk in more depth about
some of the particular topics that I
cover briefly but
before I jump into it I also want to
mention that the Fed has another
initiative where we developed a
classification model for fraud called
FraudClassifier and I won't talk about
that today but if you're interested
you can follow that via the link at the
end of the presentation you can find
that information.
Today we're talking about synthetic
identity fraud and over the course of the last
year or so we talked to you know over 70
industry experts to help
us understand what is the current state
of synthetic identity.
We issued three white papers the latest
coming out a couple of weeks ago the first talked
about what our synthetic identity what's the
fraud and what are some of the contributing
factors. The second paper talk about
how to detect it and the third last week
we talked about mitigation strategies.
What we found was there's a real lack of
information and understanding about
synthetic identities so we ended up
developing these papers to help
educate the industry and this effort is
really to continue this particular webinar
you can go to slide four so first of all
what is a synthetic identity fraud?
A big caveat here is there is not consistent
definitions in the industry about what
synthetic identity fraud
is which is one of the problems we use
this one here
to talk about in the general sense but
there are others out there
so basically what happens is the bad guy
will take a social security number for instance
say my granddaughter who's four and not
using her social security number
so they could take her social security
number and actually create a fake
persona around it
that could actually be completely
fictitious information
it could be slightly manipulated information
it could be a compilation of real and
fake but they create this fake
identity because my granddaughter is
not using her social security number currently, let's
go to the next slide.
So what do they do with this after
creating the identity
you look at the second circle there
they basically submit an application for a loan or
credit card it gets passed over to the credit bureau
one of them the three and gets rejected because
there is no history there
but the credit bureau creates a record
of that name and the social security number so it
creates a foothold in the system
and then the fraudster continues to
apply for usually small dollar high risk products
until they are able to
get say a you know very high risk
credit card and then they actually start to use it
they use it and pay it off what they're
trying to do is mimic a real person
in how a real person would start slow
and develop a credit score another
option they have is to actually become a
second authorizer on someone else's
credit card and start to pick up
their traffic so what they try to do is
look like a real
person with a high credit score and then bust out
basically trying to you know bust out
the loan on the credit or the credit card
and then disappear and then the
institution is left with what they
thought was a good
customer that just suddenly
disappears and there's no way of
following that for a collection.
If we go to slide six another caveat,
we do not have good information about
synthetic identity fraud these are some
numbers that we found over the
few last few years fastest growing fraud
fraud type 85 to 95
are not flagged through traditional
methods and this one's scary a million
children have had their identity
stolen in 2017 alone
6 billion total losses and so
while these numbers are not hard and
fast it does give you a sense directionally
of how big a problem this is two of
the things that fed is working towards
I should have mentioned in the last
slide is that we are now working with
the industry to try to come up
with a common definition for systemic
identity fraud or common definitions
this is really different types of it and
we're also looking at
how can we get better data about fraud
because what we have
is dated and and not great.
If you go to slide seven this talks a
little bit about some of the
characteristics so
I mentioned that the fraudster tries to
make it look like
a real person but in doing so they
develop some of their own patterns and
some of those patterns and
characteristics can help you
potentially detect fraud especially if
you're going beyond just looking at one application
at a time vehicle loan or credit
because sometimes if you're looking at
multiple of them or across your whole portfolio
portfolio you'll notice something so for
instance in the top left
if you have multiple identities with the
same social security number
you won't find that by looking at one
application but you find it by looking
across multiple applications or across
your whole portfolio
same you could have you know multiple
applications the same address and phone number or
you know multiple accounts coming from
the same IP address
so there's different things you can look
at to say does this make sense
and to the top second from the left I
like this one
you know the credit file depth you know
how old it is and what it says
or the score person has
based on the age this doesn't make sense
so my son is 27.
If he came to me and said dad I've got
an 800 credit score
I would say you're a synthetic there's
no 26 year old out there 27 year old
that's going to have an 800 credit score
or If you've only been in existence in
the system for
two weeks and you've got a great score
etc that should be an indicator that
maybe something's not quite right there
so the different characteristics and I
know the gentleman following me will talk a
little bit more about that.
If you go to slide eight a number of years ago
legislation was passed that mandated
that the social security administration
had to set up a new system that would
allow online queries
of this database and that query
could be authorized via electronic
signature versus having to sign a piece
of paper
it's very simplistic what it will do is
allow you to say does this social
security number match
this name and it's a simple yes or no back
but it can be very powerful in
conjunction with other types of tools
they just roll this out now i believe
the pilot is about to launch
any day and so they're starting with
a number of organizations who will have
a number of customers and then from that
they'll learn how to improve if necessary the service.
We think will have some great help in
the industry but
it's not a panacea it's not going to
solve all the problems so for instance
you can't go back over your entire
portfolio and then check them all
because you never get authorization
initially to use this particular service
so like I said going forward it has
opportunities but it's not perfect but we hope it'll
actually help in
stop starting to solve the problem
if you go to slide nine just a couple of
findings out of our last paper
for one thing first of all no one
organizations can solve this problem
this really needs
collaboration across the industry or
amongst institutions.
I have to say, when it comes to cyber
security, it seems like it's the industry us
against the bad guys there's a lot of
collaboration and sharing when it comes
to fraud
it's not us against the bad guys there's some sharing
there's some good episode there but it's not as open
from sharing perspective for a number of reasons
secondly this is this is complex some
of these attacks with the creating
synthetic identities are done
in an automated way so if they're
applying for hundreds of thousands of
credit cards across
multiple banks at the same time this is
not one account at a time
so a lot of it's automated and you can
actually buy scripts
on the dark web as to how do I actually create
these types of identities and then use them
changes in the regulatory landscape
influences it I just mentioned that the
social security administration was
charged with opening up a new service
that's a plus
but in some cases for good reason
legislation is passed or regulations are
passed
that may have a negative impact so for
instance
you only have a certain amount of time
to deal with certain customer inquiries
or certain requests for
research and defraud and when the clock
starts ticking you only have
a certain number of days to resolve a
customer complaint
well that's good from a consumer
perspective because it's making sure
they're getting prompt action but the
bad guys know this the bad guys know
the fair credit reporting act limits
a bank as to
how much time they can take and they use
it to their advantage you know they
flood the agencies with
with questions and with issues hoping
that they'll just be moved along and not
research so
it's a double-edged sword and experts
say a multi-level
multi-layered approach is the most
effective so if you go to slide
10 this is a very simplistic way of
thinking about
multi-layered detection mitigation
so first of all you have to look beyond
the basic pii
and there's different pieces of
information you can look at to try to
gain the reasonableness
of an application for instance i know of
one company
that is the address
with the address they'll do a look up
on Google Maps
they have software that actually can see
the image
and if it says department building their
software will actually
look at it and say does this look like
an apartment building or it was a vacant
lot or a gas station so
you could do a lot of more activity and
a lot more interrogation beyond just the
PII
because the original pii checks and
know your customer checks were really
just to make sure whether someone was
credit worthy not whether they existed
so they're not meant to catch this type
of fraud
then you have to look at your manual
processes other processes and make sure
that you're blending the various
approaches this is not a one size fits
all or one control will stop this particular
type of problem
and then obviously we all have to
balance what we ask of our customers and
the amount of time we take
with trying to get effective controls
and processes in place
so obviously if you get enough controls in place
that you can ensure there's not one
synthetic coming through then
obviously there may be some friction
there for your customers and
that has to be balanced so let me just
stop there
like I said both Greg and Jack are going to
get into materials that will also help
augment and provide more information on
some of these so with that let me just
turn it over to Greg
very good thank you
thank you folks and thank you
especially to
Fed for inviting us to be here and and I
just would like to just give a little
call out to
how the Fed especially secure
payments group has really
championed innovation and
shown leadership for the industry in
in terms of how to innovate and
be proactive around risks with their
synthetic id
initiative and the floor classification
model so
so my name is Greg Woolf
and I'm the founder and ceo of
coalesce.ai
and if we could move to the next
slide please I'd like to just
say a little bit about our company and
how we're addressing
synthetic identity forward
so coalesce essentially we're an ai
company
as you can tell from our name and
before we get into that i just would
like to
demystify ai a little bit so there's
obviously a lot of hype and buzz around
this technology
and one of the things I always like
to start off is
we like to kind of divide the world of
ai into two camps
one is called what we call big data ai
and the other one we call scaling the
analyst
so big data ai i think is what people
generally think about when they think
about artificial intelligence and this
is what i
this is like google and amazon ai where
you take billions of data points and put
it into very
convoluted deep learning algorithms
processing
thousands of machines simultaneously
essentially waiting for the computer to
tell the user
something they don't already know the
problem with that is it's black boxes
very difficult to understand
what we did is we took a we take a
different approach that we call scaling
the analyst
so instead our approach is more like
netflix what you do at netflix is you
say i like this movie
or i don't like this movie and the
system starts to learn
through machine learning your
preference and we've taken that
technology and approach
through technology we invented called
udml user-defined machine learning
and we use that approach to essentially
replicate the domain expertise of a
fraud or compliance analyst
and have them teach the system as
they're doing their daily job
to look for signs of financial crime in
this case synthetic identity forward
and we found that to be much more
effective because for a number of
reasons first it learns very quickly
because it's learning from a human who
has expertise in this certification
and secondly when it's it's important
from a transparency and an
explainability perspective
it's a much more simple approach
where the humans feel like they're in
control of this really
think of it as a junior analyst that's
going out and doing the work on behalf
of
on behalf of the of the analysts so
our focus
our platform is called synthetic and we
obviously focus on synthetic identity
forward
and specifically in the area of
consumer
accounts whether it's account opening or
consumer lending
the other feature around our company we
can switch to the next slide please
would be the ai think tank so one of the
initiatives when we started the company
and
we launched the company in late 2017 was
we put together a group of senior
executives
seasoned folks in the risk and
compliance space from
some very large medium and small
financial institutions
to explore and explain what is ai and
how could this technology be used to
benefit the industry
and we landed up actually with a with
an amazing group
the Fed has been a participant as well
as some of the other federal regulators
these are folks you know in industry
who've seen
cloud and mobile and social come through
the enterprise and how it's transformed
things
and they looked at ai and said you know
how can we use this and i'd say the
biggest takeaway from our think tank is
that we learned
that for financial institutions
regulatory
sorry reputational risk is top of mind
it's the number one
concern right trust from the customer or
the member
and as a result what surprised us was
that even though we may have had arch
competitors
who were competing for alpha or
customers by day
by night if you will they were all
fighting the same battle with a huge
duplication of effort
against the bad guys and girls and as
a result they were willing to
collaborate
so that kind of planted the seed for us
in terms of can we take our ai
methodology
and use it in advance the technology
fashion to enable folks to collaborate
across the industry
and through this mechanism we actually
were able we're fortunate enough to
this this took off and then we'll talk
more about collaboration some of the
initiatives that we're working on with
the Fed and others
later on in the segment but I
think one of
one of the surprising things that we
found is that folks in congress were
actually really
interested in this approach and looking
to modernize some of the legislation
around financial crime
detection and prevention so we were
fortunate to actually through our think
tank
advise some members of congress on in
the senate banking committee and the
hearing with
since then the fbi and the occ around
how this technology could work and then
subsequently in
the house financial services committee
some other
engagements with regulators around this
technology which actually culminated in
in the counteract you know in
2019 so there's definitely a lot of
interest in the space
and certainly a lot of concern and
willingness on all sides to collaborate
and improve things
next slide please
so the last the last slide that I'm
going to present here is
i think the concern with synthetics is
that we just don't really know them
right you know these foresters
hackers a lot of it is online
cybercrime certain the pandemic has
exacerbated that
the concern is nobody really knows just
how bad it is
and and I think the Fed's initiative of
trying to standardize how far it is
classified and characterize things
is a great leap forward so we can all
start speaking the same language
but one of the things that we've been
doing is
based on the deployments and
implementations and data we've seen from
our customers and partners
is we started publishing this ford watch
index around synthetic identities
and what's interesting about this and
these are some of the stats
that were included in the third white
paper from the Fed
was is that less than one percent
of customer accounts at this point
have been identified as synthetic across
the customers that we're seeing so in
fact
technically when you look at an
aggregate you'll see it's 24 basis
points
0.24 percent of the accounts which
sounds like a minuscule number doesn't
it
but in fact when you look at the loan
losses right so let's just say credit
cards personal loans consumer lending
when you go and trace those synthetic
accounts in the lending side of the
house
to loan losses and write-offs you'll see
that that
24 basis points of accounts accounts for
you know 25 to 30 percent of the losses
in a lending portfolio so
these synthetics are very smart they
bust out as Jim described and they punch
far above their weight so that's that's
a little scary and of course the goal of
a synthetic account
is to get multiple credit products from
a financial institution
maximize the exposure they go and they
socially engineer
exactly at what point underwriting will
start to kind of
identify wait a minute we're getting
too much exposure to this this customer
let's let's
do some further diligence and they'll
they'll ramp up their balances to just
below that level
max it out and then bust out and yeah
and take that you know
take as much of the cap as the cash as
they can so essentially
you see that the the size of a synthetic
customer is is disproportionately large
compared to the
rest of the rest of the customer base
okay
thanks greg question r2
firstly you mentioned you know ai is all
about data and there's a lot of data
when you think about a customer
and application process we talk and I
know you're working with a number of
credit users you talk about
what type of data doesn't make it into
your model and into your
analysis to try to look for synthetics
are there specific things that are
most important from a data perspective
to
roll into a product like yours yeah
definitely i mean
what's fascinating to me is just how
much effort
the financial industry banks and credit
unions
are putting into their customer
identification and kyc programs
and they're capturing a lot of data from
a lot of different sources so certainly
the credit reports
you know the equivalent on depository
accounts IP addresses
the alternative data that you might call
other other factors that can be
used to identify and legitimize whether
the customer is real or not
the problem is that you know when it
comes to data
a lot of the data that the that these
institutions are consuming
are rules based so they they'll get a
lot of flags
right they'll get a lot of forward flags
that pop up and alert flags that say hey
here's a potential
issue and what we're seeing is that the
institutions are actually spending a lot
of time
essentially mitigating those four flags
and saying wait a minute you know we
need to research these we need to paint
these applications we need to
investigate them
and it creates a lot of noise and as a
result
they're not typically finding the
type of they don't have the capacity
to look at every application in depth
and
that they need to for synthetics and as
a result the synthetics are
sneaking through so
you know there's a lot of data that's
being used and there's a lot of
kind of indicators in that data but ai
has the ability to take it up a level
and essentially replicate how an analyst
would interpret that data
at scale
great things another question one
thing i neglected to mention up front
you know i mentioned that there's a a
lack of understanding
in many financial institutions of
synthetic identity fraud
we particularly find this is a problem
in smaller financial institutions when i
when i used to be in front of people
speaking versus on the phone
i'd say 10-50 percent of financial
smaller and medium-sized financial
institutions even understand what
synthetic identity
is what fraud is and Greg I know in
europe the pilot work you're doing
you're working with
a number of credit unions so even though
they're large but credit union size
they're still
relatively small can you talk about that
experience
as far as the credit unions were they
surprised by what they were seeing in
the synthetic identity
fraud particularly once they started
seeing the data so is that your
experience as well when you talk to
small financial institutions
that they either don't believe they are
at risk or when they find out
the magnitude of it it's surprising to
them
yeah Jim definitely so I you know I
think what we found isn't
credit unions are obviously designed to
serve for the most part individuals and
consumers and
if you think of a synthetic identity as
you know as a kind of a fake persona
I think credit unions are you know
unusually
subject to the risk and being
exploited by these
by these fraudsters and hackers
also as you say you know the credit
unions
especially and and even community banks
and smaller financial institutions don't
necessarily have the deep pockets of the
of the mega banks
to invest in advanced technology so you
know becomes challenging for them
when as you mentioned earlier the
automation
capabilities of the of the hackers and
the fraudsters outpace
the institutions so this is why i think
collaboration is really key
and you know anecdotally I think
you can you can see how credit unions
essentially
in our experience and working with
credit unions will let's say the head of
fraud and one of
one of our partner customers will will
meet
his counterpart at an at a a cams or
a acfe
conference and share some information
and afterwards they'll
call each other up and i've actually
seen this in action will i say hey by
the way
there's this fraud ring you know
emerging out of the state
and you should look for these types of
patents and they're doing that already
there's kind of a community network
effect going on amongst credit unions
but it's informal and it's you know
it's very kind of rudimentary it's
literally people picking up the phone
and sending an email saying hey watch
out for this
so i think this is where the opportunity
lies here and that is we can
systematically create a mechanism that
multiple credit unions from the and and
banks
from you know from the smallest all the
way to the largest can benefit
from sharing intelligence around
you know around this type of fraud and
that way it's going to start to identify
exactly how bad the problem is and
and kind of plug the hole and help them
stop it
wonderful thank you that's a good segue
into track so jack let me pass it on to
you
all right thanks Jim hello everybody for
those of you not familiar with psu
it's great we actually segued through on
credit union topics before we got it
started here
psu is a credit union service
organization we provide a comprehensive
suite of traditional and digital payment
solutions
and we support 1500 credit unions
including payment processing risk
management
analytics delinquency management mobile
platforms and we have 24 7 contact
centers
to help our credit unions compete in the
market today i want to talk
about linked analysis and the power of
data we've already touched on that in
terms of what Greg's been talking about
with ai
and also how it can mitigate synthetic
fraud in the future
as well as other types of fraud schemes
that impact our payments ecosystem
next slide please i wanted to start this
off and just kick it off
the conversation on the power of linked
analysis when we look at traditional
methods of fighting fraud that apply
to synthetic fraud in particular so
first let's focus on
consumer interactions with some key
channels from a financial institution
perspective
and by the way this is no means
encompassing if you add merchant
channels third party participants such
as rewards
you have many more interaction touch
points when it comes to payments
but think about this in terms of what
Jim was talking about around how
synthetic identities can be used to
commit payments abroad
the challenge is each channel may have
some great fraud detection tools
but in the past they were usually not
connected very well for example one
frauds test
roster can successfully open an account
and then other channels they can start
using the card as Jim talked about
you're making legitimate transactions
they're kind of in it for the long game
and none of the card fraud strategies
that an fi is using
is going to really notice anything
unusual transactions are going well the
velocity of the card where they're doing
the transactions at
i may have some very effective card
strategies deployed based on models
neural networks consortium data
that's based on transnational activity
such as merchant categories
frequency however how do those
strategies help me in other channels
how would i know other accounts are
being opened and what type of activities
are being done in other financial
institutions
next door across the country or even the
world
and also how old is the data i'm using
is the feat of static content once a day
a week a month whereas Greg's talking
about is my
content data from a phone call i got
from somebody or an email saying hey be
on the lookout for this
not what i call essentially fast
communication the way the fraudsters are
going nowadays
so my team is essentially reacting to
new events at a human rate of speed
where the fraudsters in many cases are
looking globally
and looking at a digital rate of speed
when they're trying to commit
fraud across a wide variety of financial
institutions
in fact your customer or in the terms of
credit unions member
may look like a great customer to you
while preparing or already performing
fraud against other participants in the
payments ecosystem
you may not be getting hit next week or
next month but you are definitely on the
menu at some point
and as Jim was referring to not even
maybe aware
or even know what you're looking at in
terms of when all of a sudden account
somebody stops paying
and you're thinking oh that's just a
delinquent account and i'm going to send
it off to collections not even knowing
truly that it was a synthetic fraudster
that hit your
particular financial opportunity so if
we go to slide
three i think a key point of this the
next one here for
on the holistic please in today's
world
with consumers interacting across
multiple channels i really recommend if
you recommend if you're not doing this
today
look at fraud from a holistic approach
focus on the consumer themselves
not only ensuring you're protecting all
your channels but how are you leveraging
tools in a multi-layered approach
at psu for example we have billions of
transactions occurring
around payments with millions more
interactions in conjunction with the
payment transaction
these things include call center
inquiries ibr activity digital services
people looking at account statuses
reporting fraud disputing transactions
just to name a few of the transactions
and activities that are surrounding a
payment
we know fraudsters are moving quickly
looking for weaknesses across channels
and across multiple participants in the
payment ecosystem
whether it's merchants processors
consumers
device providers just name a few they're
going to find holes in your defense
what you have to have is a layered
approach there's no one silver bullet on
a channel
that you have to contend with and to
make matters worse
from a risk perspective at least
consumers are demanding frictionless
transaction experience while expecting
you to protect their data
keep their accounts safe and oh by the
way don't call them bother them
so absolutely you could shut down fraud
a lot more
than you do today but at the risk of
what is your consumer going to do
they're expecting frictionless
transaction and if you're not giving it
to them
regardless they're going to look at that
and move to another
service provider as opposed to being
treated like they're in a crime scene
investigation of some sort
every time they're trying to do some
sort of transaction online
so we have a balance that we have to
deal with in this industry
experience and mitigation each
organization in the payments ecosystem
will have to determine what's right for
them
back to what Jim started with one size
doesn't fit all
your balance could be much more toward
risk than experience
but everybody has to deal with this
every single day in this highly
competitive industry of payments
so to craig's point around ai it's got
to be an important component for the
future
not faster email to your friend down the
road there has to be
more ways than static models or people
reviewing trending reports
to uncover new fraud trends and how the
world is now
flooded with data and the fraudsters are
using that data themselves
using ai and machine learning to also
perpetuate fraud
you have to somehow tie this all
together and this is where the concept
of linked analysis can help
next slide please
so talking about linked analysis is
psu's approach to intercepting and
predicting fraud through a combined use
of ai
anomaly analysis phone printing
technology data analytics
and human intelligence yes believe it or
not
you need some human intelligence to
solve fraud problems
i believe that concept should apply to
every problem we face
beyond fraud however a conversation for
a different day
utilizing a technology framework linked
analysis uses a consortium of data
including phone calls coming in online
banking logins
authorization data etc many of those
same channels we talked about earlier in
the traditional
approach we monitor you connect the
events
across multiple channels and then
utilizing ai capabilities
predict fraud before it happens now all
the channels are still going to utilize
various fraud strategies and tools you
have in place
for example with voice printing we're
using consortium data and passive
analysis
of over a thousand characteristics of
the call itself to assign a risk score
and potentially take action based on
that one phone interaction
this alone has helped us save millions
of dollars in fraud losses
for our member owner credit unions
however back to synthetic fraud
what if that number is legitimate we can
tell it's calling from the right
location
it's the right carrier it's not being
spoofed
they've called many times before legit
just doing legitimate transactions
this is where you see the power of
linked analysis come in
by analyzing data holistically across
the multiple channels
linked analysis can identify and
intercept malicious patterns of fraud
this is going to enable us to meet force
with force via shared data
on the threats we face collectively i
really believe synthetic fraud is an
important topic
and really when we take a look at that
really want to thank the Fed for being
involved in this critical
conversation because while we're putting
these tools in place
to also what Greg is saying there's a
lot of people
out there that have different
definitions of synthetic fraud
different ways to handle it we have to
start coalescing
around this topic in how we define it
how we
react to it and then also how we
collaborate and build tools for the
future to address it
back to you Jim thanks Jack and I'm sure
Greg was really happy when you said we
have to coalesce
around this problem
or think about beforehand yeah
i'm just glad that jack pronounced it
correctly because it is a little tricky
thank you so jeffy question you talked
about
link analysis you know looking
holistically at your customer and across
your portfolio
so that's within an institution so are
there opportunities for this link
analysis
in a broader industry sense or say
across your 900 plus
customers does there's a scale and does
it
look the same or are there different
ways of thinking about link analysis
when you're thinking about that
bigger big number yeah yeah Jim it's
it's a great question
i i think as an industry we really have
to look at this
when you look at even the white paper
the Fed put out you know in terms of
the quote no single organization can
stop synthetic identity thought on its
own
i think that's really the case the
fraudster tactics are going to continue
to evolve they're going to attempt to
stay a step ahead of detection
and more and more sophisticated fosters
are going to operate at scale
they're not just targeting one entity in
the payment system
so i think it's very important that we
find ways to collaborate with data
because they're collaborating as well
you see this on the dark web
when we're looking out and doing the
analysis they're sharing best practices
they're learning from each other sharing
data in order to commit fraud
i think it's imperative that we in the
industry have to start looking at ways
to do that
while psu is looking at bringing that
data together from our credit union
cooperative
it's a bigger picture than that we have
to move forward with sharing data
and how do we get that data across the
entire payments industry
and i think it is something that we can
look at approaching this
and scaling great thanks reminds me of
we didn't include this in this
particular presentation but
the fbi had broken a number of years ago
broken a fraud ring that was
synthetics and talk about you know it's
sophisticated they're not just hitting
one institution
i believe if i recall there were 17 000
synthetic identities in this one ring
they hit institutions in 24 different
states
many in the heartland so you know
there's smaller community bank
institutions or credit unions
and i believe there was also 500
businesses opened by these synthetics so
it is a big business and you know it is
something that does
hit many in the industry even out of one
particular group or
organization so let me just
move into our next phase here and we're
compiling some questions from
from the audience but with a session now
we're going to talk a little bit about
industry collaboration and the first
question we had i think we've all
spoken to which is what's the value
of it what's the importance of
collaborating across the industry I
think we've all had some
comments in that area but maybe we
could talk on the flip side
so what are some of the hurdles what
are some of the challenges
that you see in your own worlds and
getting this level of
collaboration and sharing and
since we started off in this order I'll
just ask Greg you talk about some
hurdles you've seen and trying to get
the collaboration then jack will go to
you
yeah definitely and i think the one
thing that pops up
immediately as a as a obstacle slash
objection when we talk about
collaboration is data privacy
and we all know the world with gdpr and
ccpa is moving towards
you know doing a better job of
protecting the rights of consumers and
their information which is good
and this is an area where advanced
technology can help
you know we've all been observing
blockchain going for years now and
tremendous amounts of value created
there using secure sharing
technology and that's an area where
we've been
embedding some capabilities into our
solution so that it will enable
not only can our solution look at
being proactive right so looking
identifying what a what a fraudster
might look like and be proactive to loot
if a fraud or compliance or account
opening
analyst and say here's a here's a
potential problem but then
sharing that in a data privacy secure
mechanism
with other members of the ecosystem and
i think that's probably the biggest
challenge and frankly the most exciting
space
where we can use advanced technology to
it to get past those those hurdles and
you know we're yeah I think I said
that's probably the biggest challenge
yeah yeah to weigh in on that a little
bit as well i think there was also
and you mentioned a little before
early Jim
around a willingness to collaborate
i think we're seeing some some of those
barriers break down
for example how just regarding
payment system
how issuers acquires merchants
sharing more and more data i think
people are coming to the realization
that
while thinking about the data they have
as a competitive advantage
there's certain data absolutely utilize
that for competitive advantage
that's not what we're talking about here
but there is certain pieces of data that
all of us have
if we start to share that we can all win
at that for example merchants
collaborating and sending additional
information in terms of transaction
data you know what kind of devices being
used issuers
sharing that information back and the
more we can start building
you know agreement around the use of
this data
and to Greg's point how do we make sure
that it's in a very secure environment
and we're we're really not you know
we're addressing the whole privacy
concerns with data and also making sure
that we're utilizing it you know
in
a very judicious fashion as it pertains
to fraud
i think we're seeing inroads there but i
think more of that is necessary if we
really want to address this on a
worldwide basis
great thanks shaq and actually i'll
answer a question about
why do we need a common set of
definitions
why don't we just call this identity
step to move on and part of the
challenge
is you know the data matters terminology
matters so if you think about trying to
share between two parties
Greg you mentioned one of your custom
one of your partners and your pilot
talking with one of
his fellow credit unions that dialogue
is not going to be effective if you're
using different terms if i
say first party fraud and someone else
says
authorized party product unless we
understand the terms and agree on those
we're not going to be able to have a
dialogue and we're definitely not going
to be able to share
data and experiences in a way that's
going to be most effective
it may be partially effective but
without the same language we simply will
not
be able to you know have an effective
dialogue
so we agree that it's useful to share
it's challenging
you know the Fed is time to look into
data sharing models from around the
world
and just what works and not hopefully
it'll give us some insights as to
you know what might be possible if you
think about it and as you say Greg
technology ai can allow you to share
without exposing pii
by exposed by dealing with extracts of
that information so it's not shared so
very valuable there
and i'll pivot a little bit and just i
guess ask for a crystal ball
how how do you see synthetics evolving
i'll give one example i heard which was
surprising
and I mentioned that you can become
an authorizer on someone else's account
and got to pick up their their uh
transaction so for instance my wife is a
second
authorizer my credit card and vice versa
well you go to doc web you can actually
buy the
craigslist you can buy for a hundred
dollars the ability to get on someone
else's credit
card as a signer and help your own
credit
and so that seems like a really creative
way of doing it
and that's where the most sophisticated
producers now aren't even doing it that
way because they know people know about
it
so bad guys evolve so any insights into
how you see this evolving either in
the threat evolving a bad guy's shifting
methods that you know or maybe what's
evolving
from a detection perspective anything
on
where are we going from here as far as
synthetic identities and once again
Greg if you have something if not
we'll just jump to Jack
yeah sure I think evolution is key and
that's that's a great word to bring to
this narrative because
you know part of the challenge of the
existing solutions that fis are using
is that they're static and
the fraudsters are not right they're
dynamic they're learning they're
evolving they're socially engineering
and that's an area where I feel that
you know an ai platform has an advantage
because
it's not so much concerned about the
individual data points let's say a
specific social security number or
address or ip address
it's more interested in the type of
overall kind of
perspective or persona right the profile
of the person who's applying for the
application based on what they're
feeling
in their application form so this is
you know one of the things that we've
been working on
is a is a collaborative ai pilot with a
group of financial institutions
and some federal regulators and of
course Jim you know well
with the Fed as well and the goal of
this pilot
is to prove out that you know our
product is
can be highly effective at detecting
forward within a single institution
but that's not enough right can we raise
the bar even higher
by having a kind of a collaborative ai
network across
multiple institutions and having the
government agencies and regulators
participate as nodes on the network so
they can observe and see what's going on
and give their feedback
but ultimately create a solution that's
continuously evolving
because fraud is like water right it's
just going to slip through the nearest
crack and you plug one hole and it's
going to go down another one
and i think that's probably the most
interesting space where this
collaboration is really
going to have some serious traction in
terms of mitigating this crime
where it goes afterwards is another
question so some of the conversations
and feedback we're getting from the
federal regulators and folks in our in
our pilot is
we want to go beyond just purely
identifying the fault we want to
understand the behavior you know
moving into the space around threat
intelligence because certainly
you know what are the forces the
synthetics doing with this money right
they're using it for money laundering
they're using it for all types of bad
stuff
right it's not just scamming the banks
out of tons of money
it's all around you know there's
issues around terrorism financing and
human trafficking and all the worst
possible things so you know by bringing
it up a level
having ai sit on top of the existing
static rules and really take it to a
next level
we can we can start to look at different
types of analysis around threat
intelligence which i think could have a
really
important national security implication
yeah that to add to that Jim what Greg
was saying
i would say since the beginning of time
since the first time somebody was
tapping on a stone tablet fraud's been
going on so if anybody thinks we're
going to solve fraud
you know it with air quotes good luck
with that
however i do think there's things we can
do
and to that point around ai i think
that's critical
it's not thinking about what the next
big fraud thing is going to be
or what the fraudsters are going to do i
think this is where ai is critical
whereas with length analysis you're
taking all these
activity all these things going on all
these unique little tiny patterns that
by themselves don't mean anything
and then if you take that across credit
unions for example
you see accounts set up they're
transacting fine
but then all of a sudden you notice that
same phone number for whatever reason
it's tied to a legitimate account
at one financial institution is making
inquiries through an ivr
and totally different accounts with a
different name or maybe another
transaction we're seeing the same ip
addresses being used going into
ebanking thousands of little things that
by themselves may not catch anybody's
eye
but with the ai machine learning it
starts to capture these
things starts to learn them and then
realizes that these points are getting
more and more frequent
and are able to actually reach out and
put a stop to it so we can stop the
fraud before it happens
i don't think i think that's the way
we're going to have to go because we're
just not going to be as
i think in that regard when someone is
thinking up a new fraud trend we're
going to have to
to use different patterns different tech
in order to get us to where
we're sensing things that are happening
through technology
in order to react to them great if i can
add if i can add one thing to that
german i know you could have some other
questions queued up it will be brief
you know i love what jack is saying you
know thousands of
little items that may be insignificant
to a human
but in aggregate could be very
significant
we call that broadcasting collective
suspicion and
i think there's a lot of good that can
be done within the financial institution
and for the financial services industry
as a whole
by adopting this new modern approach so
i love what you're doing with the linked
analysis and i
would be interested to maybe incorporate
some of that into into some of the
technologies that we're using too
great nice great so we've got seven
minutes left one question I'll answer
very quickly do we see synthetics
in other industries and in our research
we found them in healthcare
we found them in medical services
auto loans we heard 800 million
dollars in auto
theft through this and what they're
doing is
mostly taking the cars shipping them
overseas
either as a money laundering or just a
way of starting with
with the physical good and then selling
it so huge in the auto industry and now
we're seeing in insurance as well
in synthetic identities another
question
either is during the current pandemic
are there any other additional
opportunities for the bad guys to
capitalize
on synthetics Greg I know you had a
recently the webinar i was on on the
perfect storm of which yeah
and art of it can you comment a bit
timely
yeah tons i mean if you look at it what
are the three factors driving synthetics
so
you know low interest rates right and
thanks thanks to you folks at the
fair thank you very much for lowering
interest rates that's
very helpful so that's obviously
you know precipitating a lot of new
lending applications
combined with a financial recession
obviously financial crime goes up
significantly during recessions i think
more than 100 in 12 months in 2008
according to fbi stats
and then lastly the whole world just
went online right so
you know that that personal branch
experience has been greatly diminished
and that obviously creates
massive opportunity for the ford
students to come in and
through the noise you know the the banks
and the credit unions are just
overwhelmed by the online applications
and digital strategy
that creates great opportunity for the
fords just to kind of get lost in
memories there
and and do their their bad stuff
jack can even add on that hunter yeah no
absolutely
agree with that assessment as we as
we look at the
the switch and and we see it in digital
and
and people that weren't using things
like contactless cards even on the card
space
right everything has changed the the
amount of online traffic
and purchases so that in itself
where that that whole channel was
just
much more fraud in that channel as we've
moved into chip cards and things like
that from the
card present environment you've just
essentially
really turned it into the wild wild west
and to Greg's point
staff distraction perfect opportunity
for a new account opening to slip
through the cracks
and that's why i think it's more
important than ever for us to
you know go down this path of how we're
going to solve this
great one addition there anecdotal but
she's how creative the bad guys are i
mentioned that synthetic sometimes
create
businesses and those businesses are used
to launder money are also to be fake
storefronts
we had heard of some businesses actually
applying for ppp
loans synthetic businesses and basically
pay in their synthetic employees
so it just tells you how creative these
these
fraudsters are and take advantage of any
situation
another one for jack we talked about
systems that the bad guys can understand
the
sorry about that
the the bad guys can see the
patterns you use they understand how the
systems work
other tools that the bad guys are using
to try to understand
you know what controls you have etc or
is this just they
understand you know the regulations is
it automation and tools or is it more
just they they know how banks work in
credit unions
yeah it it they do know that they do
share that information but it's going
deeper in that
they're actually also employing a new
tech
nai i always make the comment there's a
vice president of fraud sitting in a
country somewhere but it's not the kind
of vice president of fraud that we have
uh working on our side they're truly
looking at ways to penetrate
figure out get through the networks even
if
a let's say a a new a bit of consortium
data comes out
new models come out they are immediately
testing
and they're actually using machine
learning ai to figure out okay what is
the peak
dollar amount the velocity how can i
move left how can i move right
so it's not just the regulations and how
they penetrate they can actually
immediately start adjusting how they're
trying to penetrate whatever
channel they're in based on the feedback
they get
and that's another thing we see we can
see in one institution
where the testing is going on and at
another institution
whoever's doing that testing we can see
that they actually are doing something
in another channel
and all this is toward bust out fraud at
a later date
so again this is why technology versus
technology is
going to be a key thing for us for the
future
okay thanks in the waning minute or two
question so if an organization does not
rely on
technology or AI is there anything else
they can do what else can they do
to help protect themselves in the early
stages of their fraud mitigation work
I can I let me take a quick shot that
I
well first of all I just have to say if
an organization isn't looking at applied
technology
either through a partner if they can't
do it themselves to greg's point in
terms of the
capital investment in that to look for
partners that can help them
they're soon going to be on a dark web
list of organizations of target
now having said that technology is only
one leg of the stool
you have to include your processes and
people so as you're looking at your
overall what do you want to do for the
future you've got to recognize that you
can spend millions of dollars
on really cool tech but if you don't
have well documented processes
and you don't educate your people to
follow those processes
any amount of technology is not going to
save you you've seen that in countless
breaches
it's not people in ninja out that sneak
in and take over the systems
it's the contractor with the bad
password or password one two three
or people just letting things go through
fishing exercises
so really all these events including
synthetic fraud
focus on those other two legs of the
stool
and as the technology guy can actually
maybe just add something there that's
non-technology
related so and I think that
just as Jack said the human
perspective right so the the customer
service member services folks that are
getting calls from people
that are asking leading questions the
forces are out there they're socially
engineering they're figuring out the
systems and policies and procedures of
banks and then they're tailoring their
technology
a frontal attack based on what they're
learning so I would I would advocate to
educate these the service folks to be
cautious
to be cautious around that that
said I mean you know what one of the
objectives of our pilot is also
to in there's a strong willingness
for collaboration from the largest of
the smallest institutions and we would
welcome institutions
who are concerned about not being having
the the bandwidth and and the
capacity to invest in heavily in
technology we would welcome them to
reach out to us
and and learn more about how they could
participate and kind of
with their peers in in a very effective
way so to make basically to enable to
make this technology available I think
there's
a duty on us as innovators in the space
to make this technology available to
everybody across the spectrum
and it certainly should be possible to
do that
great thanks guys so let me
personally thank you both for your time
and your
great insight we definitely got experts
on the call today let me just turn it
back to Maryellen for some closing
comments thank you so much Jim
on behalf of the Federal Reserve let me
thank our audience today
for their time and their interest we
do appreciate your taking a time out of
your busy schedules as you're working
from home during this pandemic
and know there are a lot of lots of
competition with other webinars for your
time so
so we do appreciate it note that we will
post a recording of this webinar on our
website
fedpaymentsimprovement.org in addition
we invite you to watch for additional
information from the federal reserve on
this topic
we will continue to educate the industry
about synthetic identity fraud
we're also thinking about how to develop
a consistent definition of it
last but not least you may obtain
updates
by joining the FedPayments Improvement
Community
and engaging with us on social media so
again I point you to our website for
that
that concludes our webinar thank you
again for your time
