Identity Fraud at Credit Unions: A Review of 2022 Trends
By Jason Kratovil, Head of Public Policy and External Affairs | SentiLink
At SentiLink, we are fortunate to work with many credit unions to help them stop identity fraud at the point of new member application, while also making it possible to onboard and make loans available to more members with confidence. We are pleased to share the accompanying year-in-review analysis that includes aggregated trends from across the diverse population of credit unions of all sizes with whom we partner.
Overall Trends
Credit unions entered 2022 in a challenging place. Across the industry, rates of synthetic identities being associated with applications at credit unions started off the year near two-year pandemic-level highs. While the rate of identity theft associated with new applications was a few points down from the high observed in August of 2021 (where over 11% of credit union applications reviewed by SentiLink were tied to identity theft for a period of time), it was still very elevated.
Over the course of 2022, the identity fraud landscape stabilized at more expected average levels. Rates of application fraud associated with both synthetic identities and traditional identity theft followed a similar seasonal trendline, dipping through spring but rising at the start of summer and holding relatively steady through November. Industry average rates of synthetic identity fraud peaked toward the beginning of the year at 0.79% and fell to an annual low of 0.43% in June. As previously mentioned, identity theft rates were at their highest at the very beginning of January, which is likely attributable to continued pressure from large-scale unemployment benefit scams that involved the establishment of DDAs using stolen identities as a vehicle to launder funds.
In addition, of the cases we identified as likely identity theft:
- 60% included an area code that had never been associated with the consumer previously (compared to less than 10% where this would be the case for the general population of applicants).
- 55% used a never-before-seen email address.
- 30% provided a VoIP phone number.
Geographic Trends
Geographic concentrations of identity theft victims whose information was used to apply at credit unions throughout 2022 were notably high in New York, Ohio, Idaho, Nevada and Oregon.
Across the financial services industry broadly, credit unions were not alone in experiencing higher rates of identity fraud. However, rates of identity theft in particular -- as shown in the accompanying chart below -- remained higher than those at banks, but lower than those at fintechs across all 50 states.
When observing concentrations of synthetic identity fraud, as a general rule, we find that approximately 70% of identified cases are first-party synthetic fraud -- where an individual provides most of their actual PII on an application but alters some aspect–most often the SSN–to mask their true identity and credit-worthiness. This is in contrast to third-party synthetics, where an identity is created with a combination of PII that does not correlate to any actual person. Since the vast majority of synthetic fraud uses the real address of the perpetrator, the application concentrations noted in the accompanying map serve as an indicator of where the perpetrator lives, rather than where any victim may reside.
Conclusion and a Look Ahead
Credit unions play a vital role in countless communities across the country, and fraudsters have shown a keen interest in targeting community-based financial institutions. As our data indicates, identity crime isn't confined to major metropolitan areas, and is quite prevalent throughout states and communities served by credit unions. Being proactive and aggressive when addressing fraud prevention and risk management is vital to protecting the integrity of members' identities and minimizing losses due to identity fraud.