Combatting Synthetic Identity Fraud

Synthetic identity fraud (SIF) is rapidly becoming a major headache for financial institutions and businesses worldwide. Unlike traditional identity theft, where someone steals an individual’s data, synthetic identity fraud involves creating entirely new identities by piecing together real and fabricated information.

This approach allows fraudsters to exploit financial systems, establish credibility under a fake persona, and eventually leave lenders and service providers with significant losses.

The scale of synthetic identity fraud is immense. The Federal Reserve estimates that SIF accounts for 80-85% of all identity fraud losses, costing billions of dollars annually.

What is Synthetic Identity Fraud?

With more than 2,200 successful cyber attacks reported daily, synthetic identity fraud often goes unnoticed because it lacks a traditional victim. It hinges on blending legitimate data—like a real Social Security Number (SSN)—with fictitious details such as names, addresses, and dates of birth.

Often, fraudsters utilize SSNs belonging to minors, the elderly, or even deceased individuals because these numbers are less likely to be actively monitored. Due to incidents like the National Public Data leak, fraudsters can more easily purchase SSNs on the dark web, making the right tools accessible even to inexperienced fraudsters. Once constructed, criminals exploit a synthetic identity for years, gradually establishing creditworthiness and manipulating the financial system for their gain.

This type of fraud is particularly challenging to detect because there is no real person who can complain, and law enforcement runs into dead ends at every turn. As a result, investigators and financial institutions are often left in the dark until it’s too late.

The Mechanism Behind Synthetic Identity Fraud

To fully understand the mechanics of synthetic identity fraud, it’s essential to recognize the key steps fraudsters follow:

1. Acquisition of personal data: Due to the prevalence of data leaks and companies’ lack of concern, millions of readily available SSNs are on the dark web and in shady Telegram groups. Since SSNs from minors or the elderly have little to no associated credit history, they are prime targets for creating synthetic profiles.
2. Constructing a new identity: After acquiring an SSN, fraudsters fabricate details such as names, addresses, and dates of birth to match the acquired number. They then apply for credit using the synthetic identity. Though these initial applications are likely to be denied, they serve the crucial purpose of creating a record at credit bureaus, effectively planting the synthetic identity into the financial system.
3. Building credibility: Once they’re in the system, fraudsters take steps to establish a synthetic identity as a credible borrower. They may make small purchases and promptly pay off balances or become authorized users on legitimate credit accounts. This process can take months or even years but is crucial for increasing the synthetic identity’s creditworthiness.
4. Bust-out phase: Once the synthetic identity has established a good credit score, fraudsters enter the exploitation phase. They take out large loans or credit lines, max out the credit, and disappear. When the financial institution realizes that the identity was fraudulent, the criminal has already cashed out, leaving behind unpaid debts.

Why Synthetic Identity Fraud is Hard to Detect

Synthetic identity fraud is one of the toughest challenges for financial institutions. Even though specialists know the playbook well known by now, there are still difficulties related to:  

No Immediate Victims

Traditional identity theft usually involves a real person noticing and reporting suspicious activity. However, with SIF, no actual individual can notice unusual behavior and alert authorities. The fraud often remains undetected until it reaches the bust-out phase.

Even though the IRS locks the SSN of a deceased person, the process is notoriously slow, and it’s very easy for an identity to be created in the meantime.

Manipulated Credit Profiles

Credit bureaus unwittingly assist in the creation of synthetic identities. When an SSN is used with a new name and address, a new credit profile is often generated. Over time, the fraudster feeds this credit profile with enough legitimate-looking data to pass as genuine.

These profiles typically appear as “thin files” or credit records with minimal information. Over time, fraudsters strategically feed these profiles with enough legitimate-looking data, such as small loans, utility payments, or secured credit cards, to build a history that mimics genuine credit activity. Once established, they exploit these synthetic identities for large-scale fraud, leaving victims and financial institutions grappling with the aftermath.

Blending in with Genuine Customers

Fraudsters design synthetic identities to behave like real customers. They pay bills on time, have consistent purchasing patterns, and may even maintain accounts for several years, making them exceptionally difficult to distinguish from legitimate customers.

Not to mention, like businesses leverage machine learning to prevent fraud, criminals can also use ML models and algorithms to create hyper-realistic identities and mimic the purchasing patterns of real humans.

Industries at Risk

While financial institutions are the most prominent victims, synthetic identity fraud affects a range of industries. More and more companies are aware of the importance of data analytics in this regard, which only resulted in fraudsters aiming for the following data-heavy industries:

• Banks: Fraudsters use synthetic identities to open accounts, secure loans, and exploit overdraft protection. These activities undermine the trust and security of banking systems, often bypassing traditional identity verification processes. Banks must adopt advanced fraud detection tools and cross-institution data sharing to mitigate these threats.
• Payments: Payment processors are prime targets for synthetic fraud schemes. Fraudsters exploit vulnerabilities in payment systems to process unauthorized transactions or launder money. This often involves creating synthetic accounts that mimic legitimate users, making it essential for payment companies to implement multi-layered security protocols.
• Lenders: Fraudsters use synthetic identities to apply for loans, max out credit limits, and disappear without repayment. Lenders face significant financial losses when synthetic borrowers default, making it critical to enhance identity verification processes with machine learning algorithms and shared fraud intelligence networks.
• Digital commerce: Online retailers and marketplaces are vulnerable to synthetic identities used to make fraudulent purchases with stolen or fake payment details. Fraudsters often acquire high-value goods for resale, leaving businesses to shoulder the losses.
• Healthcare: Fraudsters use synthetic identities to obtain controlled substances, expensive medical treatments, or equipment. The sensitivity of medical data can also lead to HIPAA compliance issues if healthcare providers inadvertently share real patient information with fraudsters. Hence, institutions must use HIPAA-compliant hosting and data practices to prevent unauthorized access.‍
• Telecommunications: Mobile phone accounts are often targeted in synthetic fraud schemes, as they can provide fraudsters with a utility bill or similar proof of address, further solidifying the synthetic identity’s credibility. These attacks work well with SIM cloning, allowing scammers to gain valuable inside info from companies and giving them more ammo for creating a new identity.

The Impact of Synthetic Identity Fraud

Synthetic identity fraud poses a substantial threat to businesses and the broader economy. For financial institutions, the direct financial losses from unpaid loans are only part of the problem. Reports indicate the total loss sustained by US banks is $6 billion a year.

In addition, investigation, litigation, and the tightening of security measures to prevent future incidents incur significant costs. Moreover, synthetic identity fraud skews risk models, as fraudulent accounts distort the accuracy of credit data, leading to misinformed lending decisions.

For consumers, the impacts are often indirect but no less damaging. When synthetic fraud goes undetected for long periods, it can lead to increased interest rates and stricter credit requirements as financial institutions attempt to mitigate the risk of fraud-related losses.

Combatting Synthetic Identity Fraud: Detection and Prevention

Detecting synthetic identity fraud requires a multi-layered approach combining technology, cross-industry collaboration, and public awareness. Fortunately, advanced tools and shared intelligence critically uncover fraudulent activity that often evades traditional detection methods:

AI

Traditional fraud detection systems struggle with combatting synthetic identity fraud, given the absence of a real victim. However, AI algorithms can identify anomalies and suspicious patterns by analyzing vast datasets and flagging inconsistencies that may indicate synthetic fraud.

For example, these algorithms can detect unusual discrepancies in application details, such as addresses linked to multiple names or an SSN associated with an improbable age group. They can also analyze payment patterns and other factors invisible to the human eye.

Consortium Data Sharing

Cross-industry collaboration is crucial for combating synthetic fraud. When financial institutions, telecommunications companies, and government agencies share data, it becomes easier to detect synthetic identities that may have been used across multiple sectors.

Shared databases help spot suspicious behaviors that individual entities might miss when acting alone. In particular, organizations like Interpol play a significant role in this, as many organizations still depend on law enforcement to even begin to grasp synthetic identity fraud.

KYC and Identity Verification

Strengthening KYC procedures is essential for preventing synthetic fraud. Financial institutions must go beyond basic credit checks and incorporate AI tools and measures for biometric verification, document authentication, and behavioral analysis into their onboarding processes.

Multi-factor identity verification, including facial recognition and document verification, can help ensure that the person applying for credit or services is genuine. Not only will fraud go down, but existing customers will have more trust in relevant platforms.

Monitoring Dormant SSNs

Governmental agencies also have a role to play—in fact, their role is the most important one. By regularly checking and monitoring SSNs belonging to children, the elderly, or deceased individuals, authorities can spot when fraudsters use these numbers to establish new credit profiles and, in some cases, set up honeypots to distract or deter cybercriminals. Collaborative initiatives between credit bureaus and government bodies, such as shared fraud databases, have also shown promise in significantly reducing synthetic fraud.

An Evolving Threat Landscape

Synthetic identity fraud is an evolving threat that adapts quickly to new security measures. As technology advances, so do the tactics used by fraudsters.

The recent increase in data breaches has provided fraudsters with abundant information to create increasingly sophisticated synthetic identities. Generative AI has also opened new avenues for creating realistic but fictitious personas that can pass many security checks.

Organizations must be proactive rather than reactive in combatting synthetic identity fraud. This means investing in advanced technologies, training staff to recognize signs of synthetic identities, and continually adapting to emerging threats.

Businesses should also prepare for the possibility of being targeted—including being hacked—by ensuring they have strong protocols and a clear plan for responding to breaches.

Combatting Synthetic Identity Fraud with Advanced Technologies

Synthetic identity fraud poses a unique and complex challenge requiring a comprehensive detection and prevention approach.

Financial institutions, healthcare providers, and other at-risk industries must adopt advanced technologies like machine learning, promote data-sharing initiatives, and tighten KYC procedures to safeguard against this ever-growing threat.

With fraudsters continuing to evolve their methods, staying one step ahead cannot be overstated. Combatting synthetic identity fraud is not just about mitigating financial losses. It’s about preserving the integrity of our economic systems and protecting consumers from the hidden costs of these sophisticated schemes.

‍

Disclaimer: This article is a guest post from an external third-party contributor. The views, opinions, and information expressed within this piece are those of the author and do not necessarily reflect the official stance or views of Fraud.net. Readers are encouraged to verify any information independently and consult with professionals as needed.