The perfect cyber crime

Synthetic Identities and COVID-19 Relief Funds

Nearly three years into the pandemic, COVID-19 has impacted diverse aspects of our lives—perhaps surprisingly, though, is its effect on ways cyber criminals can perpetrate crimes. While most banks and lenders are already acquainted with synthetic identity fraud, the pandemic has delivered the fastest-growing financial crime to the U.S. government’s attention. In a follow-up to our introductory articles, we’ll dive into this timely use case and consider the ramifications of synthetic identities on COVID-19 relief funds and subsequent government responses.

What is the PPP?

As the arrival of COVID-19 prompted a widespread shutdown of the U.S. economy, businesses grappled with how to overcome resulting financial burdens. In response, the U.S. government passed the coronavirus Aid, Relief, and Economic Security (CARES) Act on March 27th, 2020.1 One constituent of the CARES Act is the Paycheck Protection Program (PPP), “an SBA-backed loan that helps businesses keep their workforce employed during the COVID-19 crisis,” according to the U.S. Small Business Administration (SBA).2

A PPP loan provides small businesses with up to eight weeks of payroll costs and can additionally be used to cover interest on mortgages, rent, and utilities. In less than five months, $525 billion had been distributed to over 5 million businesses by nearly 5,500 banks and lenders. 3

The role of lenders

While the PPP aimed to provide aid to struggling small businesses, fees and interest paid from each loan incentivized banks and lenders to participate. JPMorgan Chase & Co., for example, was estimated to collect between $823 million to $1.4 billion in fees from PPP loans.4 Furthermore, an analysis from S&P Global Market Intelligence reports that more than thirty banks could earn as much from emergency small-business loans as they reported in net revenue for all of 2019.5

Prospect of a significant payday willed lenders to grant as many loans as possible, inadvertently providing a near-frictionless path for fraudsters to exploit relief funds through skillfully crafted synthetic identities.

Leveraging synthetic identities

Hasan Hakim Brown is one example of a malicious actor who took advantage of this opportunity. On June 29th, 2021, in Ft. Lauderdale, Florida, Brown pled guilty to “working with co-conspirators to steal $24 million of COVID- 19 relief money by using synthetic identities and shell companies they had created years earlier to commit other bank fraud.”6 This case highlights not only the potential of synthetic identities in defrauding the government, but also these identities’ longevity and ability to fly under the radar for years before being caught.

In another example across the country, on June 25th, 2021, a federal judge convicted four California residents for “scheming to submit fraudulent loan applications seeking millions of dollars in Paycheck Protection Program (PPP) and Economic Injury Disaster Loan (EIDL) COVID-19 relief funds” using synthetic identities.7

What’s next: fraudulent rent relief

In addition to COVID-19 fraud via PPP loans, there’s been increasing interest in the role of identity theft in fraudulent rent relief claims filed through the Emergency Rental Assistance Program (ERAP).8 The ERAP was developed to help keep families in their homes, making funds available to assist households that are unable to pay rent or utilities. Seeking to take advantage of the opportunity, criminals may file fraudulent ERAP claims, which not only divert funds but also delay responses to those in need.9

Cognizant of potential crime occurring, the Office of Management and Budget (OMB) listed these ERA programs as “higher risk” in its 2021 Compliance Supplement, including risks to payment integrity.10

The U.S. Government Accountability Office (GAO) offered its consequent recommendation in a recent report, stating, “GAO recommends that Treasury design and implement processes … to help ensure timely identification and recovery of overpayments … in the ERA programs. Treasury agreed with this recommendation and stated that it is working to establish post-payment reviews and recovery audit activities.”11

Interestingly, the California Department of Housing and Community Development (HCD) asserts that fraud has been virtually nonexistent. The agency cites they have identified 1,800 fraudulent rental assistance applications out of nearly 500,000 statewide, and none were paid out.12

Haywood Talcove, CEO of Lexis Nexis Risk Solutions Group, disagrees, however. Talcove states that he’s “noticed at least 18 individuals advertising access to rental assistance fraud in the state of California” and found what criminals refer to as “sauce,” the guides and personal identifiable information enabling malicious actors to perpetrate fraud.13 In contrast to HCD’s claim, Talcove estimates that 25% to 35% of claims for rent relief are fraudulent.

While the disparity in the state versus Talcove’s figures may seem shocking at first, it underscores a potential for awareness and education. Ultimately, HCD may not be aware of certain types of fraud occurring, especially if they still rely on traditional detection models.

Government response and awareness

From prior installments in this series, we understand synthetic identities present a challenge to detect, even for institutions well-aware of their potential. Now fresh on the government’s radar, in May 2021, Attorney General Garland announced a task force dedicated to combating COVID-19 fraud, condemning those seeking to profit from the pandemic.14 A goal of the Task Force, comprised of the Department of Justice (DOJ) in partnership with other government agencies, is to identify resources and techniques to uncover fraudulent actors, a topic discussed in our last article.

More recently, in his 2022 State of the Union Address, President Biden announced new steps to combat criminal fraud and identity theft in pandemic relief programs.15 These efforts include new initiatives, like the DOJ appointing a Chief Prosecutor to focus on pandemic fraud and heightening resources and penalties for fraud in areas like PPP loans, and build on existing ones, such as Attorney General Garland’s task force. The government’s overarching objective is to re-establish respect for and transparency with the oversight community.

The Federal Reserve—which has been closely monitoring synthetic identity fraud through its FedPayments Improvement site—has also taken action, publishing a Synthetic Identity Fraud Mitigation Toolkit to increase awareness in response to its ongoing engagement with payment fraud experts.16 The toolkit includes four modules, spanning from the basics of synthetic identities to detecting them.

Detection, in the context of this use case, is especially important because a caveat to disaster relief is that it becomes potentially illegal to stop the fraud once an application has been approved. This is where advanced analytics plays a crucial role, as most traditional third-party identity theft solutions and detection models are not optimized for the synthetic identity fraud use case.17 In fact, a study found that 85% to 95% of synthetic identities were not flagged by third-party fraud models.18

What you can do

KPMG Center for Cyber Analytics Research possesses the knowledge and tools necessary to detect the kind of fraudulent behavior that continues to exploit lending programs like these well-intentioned COVID-19 relief funds. Driven by machine learning, our unique methodology flags indicators of fraudulent behavior at a speed and scale needed by lending operations, protecting both lenders and legitimate borrowers alike while providing consumers with a seamless experience. Learn more about our approach and seek a fraud diagnostic by contacting Matt Miller and Chadd Carr.


  1. U.S. Department of the Treasury, “COVID-19 Economic Relief”.
  2. U.S. Small Business Administration, “Paycheck Protection Program”.
  3. SentiLink, “Synthetic Fraud in PPP Loans”, Sarah Hoisington (September 10, 2020).
  4. The Wall Street Journal, “Banks Could Get $24 Billion in Fees From PPP Loans”, David Benoit and Peter Rudegeair (July 7, 2020).
  5. S&P Global Market Intelligence, “US banks stack millions in PPP loan fees, but risks abound”, Zach Fox and Zain Tariq (July 6, 2020).
  6. The United States Attorneys Office South District of Florida, “Defendant Pleads Guilty to Stealing $24 Million in COVID-19 Relief Money Through Fraud Scheme that Used Synthetic Identities”, Marlene Rodriguez (June 29, 2021).
  7. The United States Department of Justice, “Four California Residents Found Guilty of Scheming to Fraudulently Obtain Millions of Dollars in COVID-19 Relief Programs” (June 29, 2021).
  8. U.S. Department of the Treasury, Emergency Rental Assistance Program.
  9. ABC 7 News, “Fraudulent rent relief claims divert funds, delay responses to those in need”, Michael Finney and Randall Yip (January 28, 2022).
  10. White House, “Compliance Supplement”, Dexter Brereton and Kimberly Butler (July 2021).
  11. GAO, “COVID-19: Significant Improvements Are Needed for Overseeing Relief Funds and Leading Responses to Public Health Emergencies”, Jessica Farb and Chuck Young (January 27, 2022).
  12. ABC News, “So far, little fraud evident in rental assistance programs”, Adam Beam and Michael Casey (November 18, 2021).
  13. ABC News, “So far, little fraud evident in rental assistance programs”, Adam Beam and Michael Casey (November 18, 2021).
  14. The United States Department of Justice, “Attorney General Announces Task Force to Combat COVID-19 Fraud” (May 17, 2021).
  15. The White House, “Fact Sheet: President Biden to Announce New Steps to Combat Criminal Fraud and Identity Theft in Pandemic Relief Programs” (March 1, 2022).
  16. The Federal Reserve, “Synthetic Identity Fraud Mitigation Toolkit”.
  17. LexisNexis Risk Solutions, “Synthetic Identity Fraud is a Complex and Growing Challenge”.
  18. The Federal Reserve, “Synthetic Identity Fraud in the U.S. Payment System” (July 2019). 

Contact us

Sophia Chen

Sophia Chen

Associate Advisory, Cyber Security Services, KPMG US

+1 949-885-5511
Matthew P. Miller

Matthew P. Miller

Principal, Advisory, Cyber Security Services, KPMG US

Chadd Carr

Chadd Carr

Director Advisory, Cyber Security Services, KPMG US

+1 571-619-4448
Thomas Stanton

Thomas Stanton

Advisory Managing Director, Forensic, KPMG US

+1 212-872-7758