How to Prevent Account Takeover for Buy Now Pay Later Companies

by Bence Jendruszak
Your business probably already has a KYC verification process designed to confirm users are who they say they are.
But criminals have found new ways to create convincing-looking identities – and one is synthetic identity fraud, fuelled by the 14 million identities that are stolen each year.
They are combined with fake and generated data to help criminals achieve more – as well as with each other to create new personas. This is what makes fighting synthetic identity fraud so challenging.
But this isn’t as hard as it sounds with the right risk management tools. Let’s break it down below.
Simply put, synthetic ID fraud is any fraudulent activity that uses a synthetic ID – a combination of fake and real-person data coming together to form a new identity. This real information is often sourced from stolen identities itself.
A Frankenstein’s monster of an identity, a synthetic ID is always stitched together from various parts of other identities – real or fake. It can also be made of multiple people’s personally identifiable information (PII), without any fake or made-up data. For instance, a real social security number from one person combined with another’s credit card details.
The applications are myriad, from opening new accounts to bypassing KYC verification checks and getting fraudulent transactions approved.
Synthetic IDs can be:
Partner with SEON to reduce fraud rates in your business with real time data enrichment and advanced APIs
Book a Demo
Fraudsters create synthetic IDs to bypass various identity checks. Here is an example of how a synthetic ID can be used for bank fraud:
Synthetic identity fraud can be harder to detect than standard identity fraud because it contains elements of real ID documents. These can help pass verification, whereas purely fake profiles are easily flagged.
Per the 2021 Future of Fraud Forecast, synthetic ID fraud (or synthetic identity theft) is the fastest-growing type of financial crime. Based on Experian’s own definition, it accounts for 80% of credit card fraud losses, and nearly 20% of chargebacks incurred by merchants.
Not only that, but according to the Federal US Reserve, synthetic identity fraud was the fastest-growing type of fraud in the US in 2019 too – while 85–95% of all synthetic ID fraud cases were not flagged by those legacy security systems. According to the same research, it is a particular problem in the US because of the country’s reliance on static personally identifiable information, including Social Security numbers (SSNs).
Synthetic ID fraud can affect any kind of business that monitors its user accounts.
There’s no magic bullet when it comes to synthetic identity fraud detection. You’ll need a multi-layered approach, ideally combining several technologies that include robust device fingerprinting, data enrichment and digital footprint analysis.
Let’s look at exactly how SEON can help by breaking these down one by one:
If fraudsters are successful once, they tend to target the same companies multiple times. The challenge for them isn’t to create hundreds or thousands of synthetic IDs; it’s to make it look like each of these is connecting to your site as a new and legitimate user.
A device fingerprinting module can identify those tools that a fraudster will use to spoof different users and devices to give off the appearance of unrelated shoppers. With it, you can instantly flag:
The key here is not just to focus your attention on strange configurations of software and hardware, but also to highlight connections between users.
By frictionlessly logging each device setup as a unique ID, you can notice patterns that could point to bot use, or assign fraud scores to individual IP addresses.
Once SEON’s platform has found several users that could be fake accounts of one criminal, the platform flags them in an easy to visualize format:
Another highly successful technique to stop synthetic ID fraud? Online digital footprint analysis for fraud prevention.
This includes email and phone number analysis, to see if their details appear legitimate – but one of the most effective techniques is undoubtedly social and online platform lookup.
With a reverse email address or phone number search, you can see whether the user’s digital footprint looks legitimate.
SEON can check 50+ social media networks and online platforms and a growing number of platforms in emerging markets. This has three key benefits:
Last but not least, it’s not just about looking at data points, but about understanding user behavior. This is particularly important for the more sophisticated attacks, and those perpetrated by money mules who use their real IDs.
At SEON, this is examined via custom rules, machine learning rules and velocity rules. These aren’t necessarily complex but can analyze a wide variety of data points, including timeframes.
Here are some examples:
Of course, the sky’s the limit with the kind of data you want to examine. But the key here is that you can identify suspicious behaviors, even from fraudsters who have already managed to infiltrate your platform.
A whitebox machine learning system is particularly adept at catching matching behavior from fraudsters who have passed the KYC stage.
If you are consistent in your reporting and use enough feedback mechanisms, you can begin understanding behavioral patterns that may point to the most undercover and sophisticated fraud.
Traditional identity fraud is perpetrated in real-time. Sending phishing emails from a hijacked account, for instance, constitutes an example of direct identity fraud.
Synthetic identity fraud, however, tends to be cultivated over time by more sophisticated criminals.
The goal is to fly under the radar for as long as possible, as they want to create an account and use it in the long term. This is important because it highlights a key challenge in fighting this kind of fraud.
The criminals who rely on these techniques are patient, calculated, and sophisticated. But they also tend to be organized, which we can use against them to our advantage.
Identity theft and fraud go hand-in-hand. Criminals will stop at nothing to acquire records that help them create fake profiles. This includes stealing:
This type of fraud is on the rise because fraudsters have access to a growing number of options and tools to access stolen identities and to generate new, synthetic ones.
Sourcing ID documents is child’s play for fraudsters. They can hop on the dark web and purchase huge lists from leaked databases, at surprisingly competitive rates.
Interestingly, existing email data breaches also help conduct passive identity verification at SEON.
However, as it leads to identity theft, such a data leak is likely to cause a vicious cycle of account takeovers, fake account openings, and a rise in the number of synthetic IDs.
Adding to the challenge of widely available stolen documents, many people willingly sell or rent out their IDs in exchange for a fee.
Fraudsters offer to buy personal details or to borrow people’s bank accounts to enable synthetic identity fraud. Here are a few options:
The takeaway? There’s no shortage of resources available to stitch together the perfect synthetic ID, tailored to defraud your online services.
SEON is more than just a software solution, it is your business partner in fraud fighting
Book a Demo
What if fraudsters run into heavier KYC checks in the form of document uploads?
This is barely an inconvenience. They can simply purchase a document from a forging service – which are plentiful, affordable, and surprisingly effective.
Can’t provide the right documentation? No problem. A growing number of clearnet services also photoshop IDs for fraudsters, helping them bypass KYC checks using photo IDs.
Criminals have access to a growing number of resources to create synthetic IDs. For targeted companies, it’s not enough to simply implement static ID checks and fraud rules, and leave them to run on autopilot.
However, you don’t have to waste all your resources on intensive manual reviews for identity proofing. Using sophisticated risk tech, you can combine tools to create a net that will filter out bad users, and only allow in those who will help your company reach its goals.
If you notice strange payments on your statement or start receiving suspicious emails, it’s possible some of your ID documents have been stolen and used for synthetic IDs.
To create a synthetic identity, you need some kind of real document to begin with. It could be a name, address or social security number. The fraudster then modifies or tweaks the information for their need.
Synthetic IDs are harder to detect than made-up, completely fake IDs because they contain an element of truth (the person’s ID documents). This is why fraudsters use them to bypass KYC checks or for fraudulent transactions, among others.
You might also be interested in reading about:
Learn more about:
Data Enrichment | Browser Fingerprinting | Fraud Detection API | Fraud Detection with Machine Learning & AI
Related Source for this article:
Showing all with `` tag
Click here
Join over 6000 companies in getting the latest fraud-fighting tips