What is synthetic identity fraud?

Synthetic identity fraud is a type of fraud where criminals combine fake and real information, such as Social Security Numbers (SSNs) and names, to create a new identity. This new identity is used to defraud financial institutions, government agencies or individuals by opening fake accounts and making fraudulent purchases.

Synthetic identities are generally more common in the US. This is because identity verification in the US often relies heavily on personally identifiable information (PII) such as SSNs. McKinsey estimates that synthetic identity fraud is in fact the fastest growing type of financial crime in the US.

But this type of fraud is difficult to detect. Victims are typically individuals who are less likely to access their credit information regularly, such as children, the elderly or homeless. Plus, fraudsters often nurture these identities over time, gradually applying for more and more credit and building up a positive online payment history. They often go years before ‘busting-out’ the credit line and disappearing. So the fraud goes unreported and undetected for longer periods of time.

Large payouts and the ability to go undetected for so long are some of the reasons synthetic identity fraud is so attractive to fraudsters and crime rings. It’s expert-level fraud which is carried out by some of the most sophisticated identity thieves.

How synthetic identity fraud differs from ‘traditional’ fraud methods

Traditional fraud generally involves a fraudster impersonating someone else. They will often use stolen identity documents or information. These fraudsters try to max out the credit line as quickly as possible, so the victim is more likely to notice unusual activity from their accounts or on their financial statements. As a result, the fraud gets reported more quickly.Synthetic identity fraud, on the other hand, involves the creation of a completely new identity. This can be achieved through several methods:

• Identity fabrication—a completely fictitious identity without any real PII

• Identity manipulation—slightly modified real PII creates a new identity

• Identity compilation—a combination of real and fake PII, such as a false driver’s license, to form a new identity

By combining real and fake information, it becomes much more difficult to identify a fraudster. Especially when the real information is taken from those who are less likely to keep an eye on their credit files. In some cases, synthetic identity fraud can go undetected for years.

Inside the mind of a fraudster: creating a synthetic identity

1. They create a new, fake identity

This process often starts on the dark web. Here a fraudster can purchase exposed PII, obtained via data breaches, social engineering or other methods. Or, they’ll use entirely false information.

2. They apply for credit

Using the newly created synthetic identity, a fraudster applies for credit online. The financial institution they’ve applied to then submits the query to credit bureaus for checking. This initial application is normally rejected, as the synthetic identity will not have a credit history. However, the application alone is enough to start a credit file.

3. They continue to apply for credit until they are successful

The fraudster applies for credit repeatedly at various financial institutions until finally approved. Often it will be a high-risk lender which grants this first approval. They continue to use this line or credit, making timely repayments and building up a solid credit record. In time, they can gain access to other lower-risk lenders and higher credit limits. This cultivation takes place over months or years, and on paper, the fraudster looks just like any other credit user.

4. They accelerate a positive credit history

Some fraudsters will accelerate the process by piggybacking. This means they are added as an authorized user to an account with good credit, in return for compensation to that existing account holder. The fraudster will use a variety of tactics to make the synthetic identity appear real, so as to ensure higher payouts. For example, creating false identity documents, establishing a social media presence, using drop addresses and creating fake businesses. Sophisticated crime rings use these tactics at scale.

5. The fraudster ‘busts out’

As they nurture the synthetic identity’s credit score, they can secure larger extensions of credit. Eventually, they will ‘bust out’. They max out the credit line before vanishing. It’s also possible for the fraudster to double the payout by claiming identity theft in order to remove charges. Or, by using fake cheques to pay off the balance before maxing out the credit for a second time.

What is the impact of synthetic identity fraud?

Synthetic identities have a far-reaching impact in the US. And they can affect a variety of sectors, including financial services, healthcare, government entities and individual consumers.

The impact on individuals

Children are more likely to be a target of synthetic identity fraud because it will often be years until they discover their SSN has been compromised. One million children were victims of synthetic identity fraud in 2017 alone. This can create severe problems for them down the line. Imagine turning 18 and applying for a student loan, only to find out you’ve been a victim of identity fraud.

And it’s generally assumed that the first individual to open a line of credit under an SSN is the true owner of that SSN. So the real individual whose SSN is compromised faces the difficult task of proving to credit bureaus and financial institutions that they are in fact the true SSN holder. Not only will they need to prove their identity, but they’ll need to clean up their credit history.

The impact on businesses

While it’s difficult to measure the exact impact of this type of fraud in the US, estimates suggest that US credit-card accounts lost $820 million to synthetic identity fraud in 2018, and losses are projected to climb to $1.25 billion by 2020. But this doesn’t take into account the millions of dollars lost in personal time and aggravation for the victims.

Synthetic identity fraud is costing businesses billions of dollars, as well as the countless hours they spend chasing down people who don’t even exist. The question is: why aren’t businesses conducting more rigorous screening and onboarding methods to identify potential cases of synthetic identity fraud?

Clearly synthetic identity fraud is a growing threat, so businesses need a more efficient process to confirm the identities of their users. Given the scale of data breaches, compromised PII and ease of access to the dark web, it’s no longer enough to rely on social security numbers and credit bureaus alone. Traditional tools which are meant to help reduce identity fraud, aren’t able to catch synthetic identity fraud.

Businesses need to invest in more sophisticated methods of identity verification, such as document verification and Digital IDs. While a synthetic identity which combines a real SSN with fake data can bypass a credit bureau check, it’s less likely to get past a document check. By introducing document verification, the fraudster will have to submit a fabricated identity document. They won’t have a genuine identity document which matches the synthetic identity. Devcode Identity Platform offers several document verification solutions that uses data consistency checks, image analysis, and font anomalies detection, among other methods, to identify fraudulent documents. By adding an extra layer of security, you can force the fraudsters hand and stop instances of synthetic identity fraud.

‍