Understanding Synthetic Identity Fraud: A Growing Threat

Synthetic identity fraud is one of the fastest-growing financial crime trends in the United States, accounting for over 80% of all new account fraud, costing businesses billions of dollars annually. The trends suggest that synthetic identity fraud will inflict nearly $5 billion in losses by 2024. Synthetic identity fraud uniquely eludes traditional fraud detection models primarily because it blends authentic and fabricated information, creating a seemingly "new" identity that doesn't raise immediate red flags. Unlike conventional fraud, which exploits existing individual identities, synthetic fraud crafts entirely new personas, making it challenging for traditional systems to pinpoint discrepancies or trace suspicious activities to known fraud indicators.

This guide explores how synthetic identity fraud works and discusses why businesses should adopt new fraud detection and prevention approaches to stop the unique nature of synthetic identity fraud to protect businesses and their customers.

What is Synthetic Identity Fraud?

Synthetic identity fraud represents a sophisticated and increasingly pervasive form of financial deceit, combining real and fabricated information to craft a new or synthetic identity. These deceptive personas, often composed of valid social security numbers (SSN) combined with fictitious names and birthdates, are used by fraudsters to defraud financial institutions, businesses, and individuals. Due to their composite nature, synthetic identities pose a complex problem for traditional identity verification measures, slipping through the cracks of conventional data checks. Fraudsters utilize synthetic identities to procure credit or goods under false pretenses, leaving institutions vulnerable to losses when these fabricated identities fail to fulfill financial obligations.

READ MORE: Synthetic Identity Fraud, Burner Phones & Drop Bank Accounts

How Fraudsters Create Synthetic Identities

Let's look at how synthetic identity fraud works with an example involving a fraudster named Phil. Here's how Phil perpetrates his fraudulent activities:

1. Getting Real Information: Phil starts by obtaining someone's actual information, usually a Social Security Number (SSN). He can acquire this in various ways, including buying this information on the dark web. Phil typically targets vulnerable individuals like children, the elderly, or homeless people. For example, a child might have a valid SSN but lack any credit history and have a long time horizon before anyone checks their real credit, making them a prime target for a fraudster like Phil.
2. Creation of Synthetic Identity: Phil combines this authentic SSN with fake details such as a name, date of birth (DOB), and address to create an entirely new identity. This is sometimes referred to as a "Frankenstein ID." Alternatively, Phil might use his actual details (name, DOB, and address) with an SSN that does not belong to him. With this new identity, Phil is ready to establish credit under this new identity.
3. Establishing a Credit File: Phil starts by using his synthetic identity to apply for credit and builds up the credit rating of this new identity. Often, fraudsters like Phil play the long game, gradually building credit - fraudsters will make payments on newly acquired credit accounts to increase their credit limits.
4. The Big Move (Bust-Out Fraud): Once this new identity has a solid credit history with numerous credit lines, Phil makes the big move. Phil maxing out the established credit lines and defaults on all the accounts.  Often, these losses are misclassified as credit losses and not fraud.
5. Repeated at Scale: Phil does not just do this with one synthetic identity. Fraudsters perpetrate this at scale by creating and managing multiple synthetic identities simultaneously. At scale, fraudsters operate and manage synthetic identities as a business, even selling identities they have curated for others to use for fraud.  The losses incurred due to these schemes are estimated to exceed $20 billion annually.

Synthetic identity fraud is incredibly challenging to combat due to several reasons. First, it's tough to detect since no direct individual victim reports the crime – the credit bureaus just see it as a new person building credit. Second, it often targets the most vulnerable population groups (children, the elderly, and the deceased) who are less likely to detect fraud. And lastly, it's highly scalable, meaning fraudsters can create and nurture many synthetic identities simultaneously.

The above example illustrates how synthetic identity fraudsters can exploit vulnerabilities to create, nurture, and exploit synthetic identities, resulting in significant monetary losses for financial institutions, particularly in the credit industry, with negative implications for the economy and the integrity of credit systems. 

Synthetic Identity Fraud vs. Traditional Identity Theft

One of the complicating factors in tackling synthetic identity fraud is the frequent misclassification of such crimes. Due to its unique nature, synthetic identity fraud often goes unnoticed or is mistaken for credit loss, primarily because it doesn't match the typical profile of identity theft. Traditional fraud detection systems are designed to flag cases where an existing identity is being misused, but they fall short when faced with completely fabricated or partially constructed identities. This misclassification contributes to underreporting, obscuring the accurate scale of synthetic identity fraud, and often delays the necessary response and development of preventative measures. The lack of clarity and understanding surrounding synthetic identity fraud remains a significant obstacle in the fight against this growing threat.

Synthetic identity fraud differs from impersonation, where a bad actor gains access to complete packages of individuals' identifying information - details such as a person's name, Social Security number (SSN), birth date, account numbers, and other data necessary for a full impersonation. This data type is often sold in batches on the dark web, obtained via data breaches, phishing, or other forms of cybercrime.

READ MORE: 3 Reasons to Use Face Biometrics For Multi-Factor Authentication (MFA)

The Impact of Synthetic Identity Fraud

Synthetic identity fraud affects consumers and businesses in various ways:

1. For Consumers:

• Financial losses suffered by victims
• Damaged credit scores and difficulties in securing loans
• Emotional stress and lost time trying to resolve fraudulent activities
  
  

2. For Businesses: 

• Financial losses due to fraudulent transactions and write-offs
• Increased costs in fraud detection and prevention
• Damage to brand reputation and loss of customer trust
• Regulatory consequences due to non-compliance with fraud prevention standards
  
  

How to Detect and Protect Against Synthetic Identity Fraud?

In the battle against synthetic identity fraud, businesses and financial institutions must adopt proactive measures to safeguard their operations and customers. These include:

1. Velocity Graylist: Trust Stamp's velocity graylist is pivotal in the battle against synthetic identity fraud. At its core, the service challenges an individual to capture a selfie during the account opening process. Subsequently, the facial image is converted into a unique and non-reversible Identity Token (IT2). This transformation allows financial institutions and businesses to identify repeat applicants, even when there are variations in other identity attributes, presenting a robust and effective countermeasure to fabricated synthetic profiles. 
   
   When integrated with traditional identity verification mechanisms, such as ID document verification, the velocity graylist not only strengthens the security posture but also disrupts the efficiency and profitability of synthetic identity fraudsters.  It limits their ability to create multiple identities, preventing them from scaling their fraud operations.
   
   
2. Emphasis on Identity Verification and Robust Fraud Prevention: Identity verification is vital to preventing synthetic identity fraud. Businesses should implement robust fraud prevention solutions that go beyond traditional methods. Comprehensive identity verification processes should be in place to confirm the legitimacy of individuals applying for credit or services.

Conclusion

Synthetic identity fraud is a pervasive and evolving threat that requires vigilance and proactive measures from individuals, businesses, and financial institutions. By understanding the complexities of this fraud, implementing robust detection and prevention measures, and staying informed about evolving solutions, we can combat synthetic identity fraud and protect our identities and finances.

Learn more about Trust Stamp’s Velocity Graylist and biometric verification solutions, which can help you prevent potential losses due to synthetic identity fraud while ensuring you deliver a seamless customer experience.