CUNA Mutual Group Risk Alert: Credit Privacy Numbers Fraudulently Used to Obtain Loans

Credit Privacy Numbers (CPNs) – a nine-digit number, similar to Social Security Numbers (SSN) – are being used fraudulently in an attempt to obtain new credit cards and loans. The CPN is being used to obscure the connection between an applicant’s name and the actual contents of credit reports. Using any number in place of a SSN on a credit application is considered fraud and is a federal crime.

Credit Privacy Numbers (CPN) are being used to obtain new credit cards and loans at credit unions. The CPN is entered into the Social Security Number (SSN) field on a loan application to obscure the connection between an applicant’s name and the actual content of credit reports – typically containing bad credit. In many cases, CPNs are stolen SSNs, typically of a minor.

The use of a CPN is likely one component of synthetic identity fraud which uses a combination of real and fake information to create a new identity for the purpose of opening fraudulent accounts and gaining credit. Credit unions have indicated that the common method of using the CPN has been through online applications. Conducting fraudulent business online is typically easier to masquerade one’s identity.

The CPN, a nine-digit number, looks very similar to a SSN and was originally introduced as a way to protect privacy on credit documents and prevent identity theft. However, the use of any number in place of a SSN on a credit application is considered fraud and is a federal crime. CPNs are not issued by any federal agency.

CPNs are often sold to consumers by credit repair companies to open new accounts or apply for credit. In some cases, CPNs are sold as a replacement for a SSN and purchasers are encouraged to alter their address. This creates a new profile in the eyes of creditors that cannot be linked to the customer with their old SSN.

To minimize the risk of loan application fraud, your strategy and fraud detection system should include a combination of identity verification, account onboarding protection, and account monitoring.

Risk Mitigation
Consider these risk mitigation tips:

  • Apply increased scrutiny of new account and loan applications received via online or non-member facing channels.
  • Utilize a fraud detection service to validate addresses associated with the name and SSN provided on the loan application.
  • Remember to apply your ID Theft Red Flag rules for all new member applications and be alert for:
    o Mismatched names – member name provided on the application does not match the credit report for that specific SSN; 
    o Mismatched address – address provided on the application does not match the current address with the credit bureau; 
    o Mismatched date of birth – date of birth provided on the application does not match the date of birth with the credit bureau; and 
    o Mismatched employer – employer provided on the application does not match the current employer on the credit report.
  • Look for these following potential fraud indicators:
    o Stolen SSNs typically issued to minor children; 
    o Multiple identities and applications associated with a common physical address; and 
    o Multiple member applications submitted from the same IP address.
  • Use social media accounts of members to help verify addresses and identities.
  • Educate lending staff and hiring managers to be alert for scams related to CPNs and synthetic identity fraud.

Risk Prevention Resources
Access CUNA Mutual Group’s Protection Resource Center at cunamutual.com for exclusive risk and compliance resources to assist with your loss control. The Protection Resource Center requires a User ID and password. To learn more, review these resources: