Congress has passed an anti-fraud measure as part of the Economic Growth, Regulatory Relief, and Consumer Protection Act, with one of the bill's sections establishing guidelines to help prevent synthetic identity fraud. Synthetic identity fraud is a tactic where criminals fashion identities made up, in part, from credit-inactive Social Security numbers (SSN).
Cybercriminals will then use those identities to secure loans and commit other online crimes. When cybercriminals use parts of an individual's identity – particularly those of children – years can pass before the victim realizes their identity has been compromised. Often, said Robert Capps, VP of business development, NuData Security, these individuals are denied a school loan or other form of credit due to false indicators of their fraudulent behavior.
Section 215 of the act details the steps that will be taken to enhance consumer protections using fraud protection data, defined as an individual's name, SSN and date of birth. Currently the system for checking SSNs takes multiple days and requires the individual's handwritten signature.
Through the use of a database maintained by the Social Security Administration (SSA), financial institutions and service providers will be able to validate identities much more quickly. Permitted entities that have been issued certifications from SSA will be able to access an electronic identification validation system in order to compare fraud protection data for accuracy in real time, with batches of submissions not to exceed 24 hours.
Proactively trying to prevent a consumer or child from becoming a victim of fraud is an important step for Congress.
“Synthetic identity theft is one of the reasons many e-commerce companies and financial institutions are turning to multilayered solutions that incorporate passive biometrics and behavioral analytics," Capps said. "With these technologies, even when the consumer’s static information (such as social security numbers, date of birth and other data) is stolen, the breached credentials cannot be used to log into someone else’s account or to make a fraudulent transaction – making the stolen data useless."
“Stolen data is often used in automated attacks to create new accounts or try to find a user’s password," he continued. "With passive biometrics and behavioral analytics these attempts are thwarted, rendering the stolen data from fraudsters valueless. The hundreds of data points analyzed by these technologies help identify a legitimate user or a fraudster, protecting consumers, merchants and institutions.”
The act also provides regulatory relief for small community banks and credit unions and now awaits the president’s review.