Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Federal Reserve Shares Tips On Mitigating Synthetic Identity Fraud

Federal Reserve Shares Tips On Mitigating Synthetic Identity Fraud

Image: Jesús Rocha

The U.S. Federal Reserve today issued guidance on how financial organizations from the United States can mitigate payment fraud attempts scammers carry out with the help of synthetic identity accounts. 

The white paper published today by the Federal Reserve on mitigating synthetic identity payments fraud comes after two previous white papers on defining and detecting such payments fraud attempts.

Synthetic identities are created by fraudsters after combining real information (like Social Security Numbers) and fake information (names, dates of birth, and addresses).

They are subsequently used for creating new accounts that might escape common ineffective fraud detection models, accounts that might be portrayed as credit-worthy account holders.

“This affords perpetrators the time to cultivate these identities, build positive credit histories, and increase their borrowing or spending power before ‘busting out’ – the process of maxing out a line of credit with no intention to repay,” the Federal Reserve explains.

“Synthetic identity accounts behave more like normal customers – building credit over a period of time – than conventional identity fraudsters, who must rapidly cash in before the victim notices and reports the theft.”

Image: Federal Reserve

Synthetic identity payments fraud is reportedly the quickest-growing type of financial crime in the US according to McKinsey research.

An Auriemma Group analysis says that 5% of charged-off credit card accounts may be linked to synthetic identity fraud, costing U.S. lenders $6 billion on an average unpaid debt of  $15,000 per account, amounting to 20% of credit losses in 2016.

The Federal Reserve says that traditional fraud detection models are not designed to detect synthetic identities and this leads to fraudsters successfully using them as part of their fraud attempts.

Such fraud discovery models are ineffective at detecting between 85% to 95% of likely synthetic identities according to an estimate shared in an ID Analytics study.

Synthetic identity fraud is not a problem that organizations or industries can tackle independently, given its far-reaching effects on the U.S. financial system, private industries – such as healthcare, automotive and insurance – government entities and consumers.

“Organizations have the best chance of identifying synthetics if they use a layered fraud mitigation approach that incorporates both manual and technological data analysis,” Federal Reserve Bank of Boston SVP and secure payments strategy leader Jim Cunha said.

“In addition, sharing information both internally and with others across the payments industry helps organizations learn about shifting fraud tactics.”

Also read: Digital Transformation – Do Or Die in 2020

Synthetic identity payments fraud mitigation measures

A multi-layered approach including manual and technological data analysis is recommended to organizations that want to have the best chance to detect and mitigate financial fraud attempts were synthetic identities are used.

Financial orgs that have shown the greatest rate of successes in identifying and mitigating synthetic identity fraud “are those that look beyond basic PII elements (such as name, SSN, date of birth and address) and use additional data sources to gain reasonable assurance of the applicant’s identity.”

Another way to improve synthetic identity fraud detection is to implement robust link analysis processes designed to look across various banking instruments including lending accounts, checking accounts, and other financial instruments with the end goal of recognizing common characteristics of synthetic identities.

“Examples include identifying multiple users with the same SSN, screening for multiple account applications originating from the same IP address or device, and detecting potential fraud networks by linking identities that appear as authorized users on multiple accounts,” the Federal Reserve added.

Organizations can also conduct synthetic identity link analysis “across multiple banks for service providers that have multiple financial institutions as clients.”

Image: Federal Reserve

Financial institutions are also advised to share information across product lines to allow for easier discovery of common tactics of synthetic identity fraudsters such as opening multiple accounts (credit card, direct deposit account, line of credit, auto loan, or mortgage) at the same organization.

“Experts have suggested that a holistic approach would be the most effective way to mitigate synthetic identity fraud,” the Federal Reserve concluded.

“This approach should include a consistent definition of synthetic identity fraud, technological innovation, robust data solutions for identity verification and an ongoing fraud mitigation dialogue between private industry and government agencies.”

Also read: Free 8 Steps Checklist for Companies to Prevent Data Breach



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us