Our cofounder and CEO, Naftali Harris was invited to speak at the House Financial Services Committee’s virtual roundtable on “Understanding the Cyber Threats and Actors Exploiting the COVID-19 Crisis” on May 28, 2020. Below is the transcript of his opening statement and a link to the roundtable recording can be found here.
Chairman Cleaver, Ranking Member Hill, Chairwoman Waters, Ranking Member McHenry, and the members of the subcommittee — thank you very much for having me here. I’m honored to be here and excited to share some of the cyber threats we’re seeing during this crisis.
I’d like to talk about synthetic fraud, which is the most significant risk issue facing the financial services industry today. The pandemic and the resulting recession have made this much worse.
“Synthetic fraud” is when a criminal makes up a fake person and uses that fake person to commit financial crimes. They start by inventing a fake name, date of birth, and SSN and then trick the three credit bureaus into creating a credit report for that fake person. Once they’ve done that, they can pass KYC processes and open up accounts at financial institutions. They use these synthetic identities to steal money, launder funds, and commit other financial crimes.
We estimate that synthetic fraud cost US lenders $1–2 billion of losses last year, and expect losses to be a lot higher this year because of the crisis. But this problem also impacts local, state, and federal governments. That’s because fraudsters use synthetic identities to apply for benefits like Medicare, Medicaid, unemployment insurance, and even SNAP benefits.
The PPP funds are particularly at risk. Fake businesses with synthetic owners are able to access CARES Act money, since most organizations distributing the money don’t have checks for synthetic fraud. Bad actors are also adding fake employees on payrolls to inflate the loan amounts they are eligible for. This is already happening: just last week, a Texas man was indicted for making up 400 fake employees and trying to steal $5 million. But the ones who are being caught are only the dumbest criminals.
We estimate that between $3.3 and $7.9 billion of the PPP program will go to fake businesses or employees.
The taxpayer dollars that bad actors are stealing should have gone to struggling small businesses. But synthetic fraud also undermines our national security, since accurate KYC checks are critical for keeping Americans safe from terrorism and other threats. It also causes real problems for young people and immigrants because these people have shorter histories and are harder to distinguish from synthetic identities.
Fortunately, we can stop this. We founded SentiLink with a mission to end fraud in the United States. We use machine learning and technology to detect fraud in real time but employ a team of investigators to show the models where to look.
We’ve learned a lot from this experience, and I appreciate your attention to this important issue. I’d also like to call on banking regulators to modernize KYC and AML regulations and incorporate synthetic fraud into bank exams. The solutions that we and others have built for the private sector can also be used by government agencies, such as the SBA. Given the importance of the PPP to the nation, I’d like to make available our services to them free of charge if they’re interested.
Lastly, as a citizen, I’d like to thank all of the members of this committee for their hard work to support a financial services industry that is robust, fair, efficient, and capable of delivering value to all Americans. I look forward to helping in a small way by answering your questions.