Blog post
Michael Jordan and Same Name Fraud
SentiLink
Published
December 17, 2020
It’s undeniable that Michael Jordan accomplished many one-of-a-kind feats as an all-star basketball player with the Chicago Bulls. But, what’s life like for a guy named Michael Jordan who is a 40 year old SVP for iHeartMedia based in Lexington, KY? Or, the Michael Jordan who is a 34 year old data scientist from the Bronx?
While a non-famous Michael Jordan might get a well-located table at a restaurant when mistaken for the “GOAT,” the reality is that sharing the same name with an NBA legend can create confusion. Like when former NBA star, Michael Jordan, goes on a spending spree and the credit card company sends the bill to Michael Jordan the iHeartMedia executive because they’ve mixed up their identities.
To be fair, there are over 3,000 Michael Jordans in the U.S. alone.
If that seems like a lot, there are over 38,000 people named James Smith, over 32,000 named Maria Garcia and over 30,000 people named Maria Rodriguez according to ancestry.com.
These so called “common names” are a veritable treasure trove for fraudsters who are skilled in creating fake identities.
Consider a fraud case recently detected by SentiLink that illuminates this scenario. Note: the personally identifiable information in this example has been changed.
This phenomenon where there are multiple credit files at the bureau that have the same name and address, but different date of birth and Social Security numbers is a common fraud vector for sophisticated fraudsters.
We’ve seen it so frequently here at SentiLink that we refer to it as, “Same Name Fraud.”
And, it’s estimated to have the potential to generate $250M in fraud losses.
Sophisticated fraudsters know how to create new profiles at the credit bureaus and/or steal identities to execute Same Name Fraud.
While we don’t know for sure, in the example above, how Jane Doe is attaching her name and address to the credit record of other people named Jane, we do have a theory. We suspect the real Jane Doe might be stealing identities of other people named Jane, using their date of birth and Social Security number when applying for credit along with the 678 Elm address. Each time she applies for credit with her name and address and the date of birth and Social Security number of a different person named Jane, the credit bureau adds her address to the different Jane’s file.
Traditional identity theft models are not equipped to flag this fraud vector. They rely on matching phone numbers or email addresses to names. In the Jane Doe case, if the phone number or email provided ties to someone named Jane Doe, then even if another Jane Doe’s date of birth or Social Security number were provided, most models will consider this a match. And, when these fabricated or stolen profiles are subjected to manual review, they look legitimate. They may have address history, a mobile phone, and a Social Security number created around the time the date of birth.
Detecting Same Name Fraud requires analyzing the incidence of common names tied to specific addresses across applications submitted to different banks and lenders. SentiLink analyzed data from one of the three US based credit bureaus and detected nearly 8,000 incidences where the same name appeared 4 or more times at the same address with a different date of birth and Social Security number. These nearly 8,000 incidences combine for a total of nearly 34,000 identities that can be used to commit fraud.
As illustrated in the chart below, most of these nearly 8,000 name and address combinations have just 4 or 5 records at the credit bureau. This makes them much harder for lenders to detect. For example, if there are 50 records at the credit bureau listing Jane Doe living at 678 Elm but each record has a different date of birth and Social Security number combination, this is a clear example of fraud. But if there’s only 4 or 5 records like this then it can potentially be considered coincidental or possibly an issue with how the credit bureau created the records.
Each falsified identity can be reused many times. For example, just one of these nearly 34,000 identities applied at the same credit card issuer 25 times over the course one year.
If just 10,000 of these nearly 34,000 falsified identities applies for credit and successfully opens an account five times and is approved for a $5,000 loan, that’s $250M in fraudulent loans.
Same Name fraud is detected in many verticals including personal loans, patient finance, banking, and credit cards.
While some Same Name fraud is committed using synthetic identities, nearly 90% of the incidences studied by SentiLink are a result of ID theft.
Given the high incidence of this type of fraud, and the sheer volume of common names in the U.S. this fraud vector is likely to be regularly exploited in the future.
So, while it might be painful, at times, to share the name Michael Jordan with a famous basketball player, it might be far more frustrating to have an even more common name like James Smith. Banks and lenders, in particular, have a tough time discerning an honest James Smith from a fraudulent one.