[naftaliharris]

Two super interesting things about this kind of fraud which make it especially tricky to catch and deal with:

1. Unlike with ID theft, there's no consumer victim. With ID theft, eventually the victim will find out about it, (by getting a call from a collections agent or seeing the trade on their credit report). They'll then contact the lender or the bureau, and contest the validity of the loan. The end result is that the lender gets a stream of loans that are labeled as identity theft losses. Since there's no consumer victim with synthetic fraud, though, lenders don't get this stream of labeled data and have a hard time knowing which of their losses are synthetic fraud (and which are just ordinary credit losses).

2. Synthetic fraud cuts right through typical ID theft prevention systems. ID theft prevention is about checking whether the applicant is the same as the identity they're using to apply for credit. So you check if the email the applicant uses matches the identity, (e.g. don't want john.doe@gmail.com used as the email for Jane Smith), you check the phone number, you check if the applicant can complete KBA (knowledge based authentication, e.g. questions about previous addresses), you check the billing address, and so forth. But synthetic identities have their own aged phone numbers, emails, addresses, and credit histories, and so all of these verifications go through without any flags raised. Essentially the ID theft prevention system was checking whether the applicant is the same as the identity that they're using, but with synthetic fraud the applicant created the identity.

Source: my startup focuses heavily on preventing synthetic fraud for lenders, (PM me for details).

[bb88]

I know you're not asking for my advice, but you're pushing the dirt around here.

You're not solving the problem of ID Theft, you're just making it more likely that the criminals who are going to do it are going to use it are going to use ID's of real people.

Congrats and all for figuring it out how to do it, and for developing a market around it. But to me, encouraging banks to continue to make loans with just a web site or app seems like a really bad idea.

Edited to add:

Data is not a person. A person is a person.