Attackers use stolen and fabricated PII to deceive banks
Credit application fraud occurs when an attacker uses stolen personally identifiable information (PII), to apply for a credit card, loan, or other type of credit. They may even exploit the financial system to create a synthetic identity, i.e., a fictitious person, which is even harder for financial institutions to detect.
Other terms for credit application fraud: synthetic identities; identity theft; new account fraud; credit card origination fraud
Attackers Exploit Fundamental Banking Processes
Reliance on static PII
Attackers typically only need a victim’s social security number, address, and date of birth to apply for a credit card in their name. This type of PII is regularly available on the darknet from data breaches at organizations like credit bureaus and tax prep firms.
Automatic Credit File Creation
Creating a synthetic identity just requires an attacker to apply twice and with two different lenders. The first application will fail due to lack of credit history, but the record-check itself will start a credit file with a credit reporting agency. Then, the attacker’s second credit card application with a different issuer will typically succeed due to the existence of a credit file.
Periodic Limit Increases
Synthetic identities are often granted low lines of credit, typically $100-$500, due to the lack of credit history. Fraudsters may make small purchases and pay them off each month, establishing positive credit history and earning period limit increases. Once the credit limit is high enough, the fraudster will cash out, leaving the lender with thousands of dollars in losses.
3 lessons from top banks on how they successfully defeat key attack vectors used by cybercriminals.
Accenture outlines key banking trends, including the rise of synthetic identities.
Fill out the form to start trying Shape.