How Synthetic Identity Fraud Is Evolving

Jeffrey Wixted

Apr 2, 2021

Synthetic identity fraud is the fastest-growing financial crime in the United States, costing billions of dollars each year. However, despite its prevalence, this form of identity theft remains one of the most challenging crimes to detect. Why? Because of the synthetic piece of synthetic identity fraud.

Unlike with other forms of identity fraud, perpetrators are not stealing someone’s identity. Instead, they are making a new one up entirely. The lack of a consumer victim means no one to report the theft, and therefore allows criminals to go undetected, and the charged-off balances are usually listed as a loss instead of fraud.

To get ahead of this trending form of fraud, you need to understand how synthetic identity fraud started, how it occurs, and how to prevent it.

A New Form of Fake

The first synthetic identities were created by combining different aspects of identification information from multiple people. For example, a perpetrator would start with one person’s legitimate social security number, then add in someone else’s email address, another person’s cell phone number, and so on. Piece by piece, a new – and completely synthetic – identity was created.

These “Frankenstein identities” are still common practice, but new and improved ways to commit synthetic identity fraud have emerged. Because social security numbers are now issued randomly, identity fraud investigators can no longer use the previously significant numbers (like the area and group numbers) in a social security number to match with birthplace or age information. This leaves the door open for criminals to make up social security numbers to go with the synthetic identities they create. This form of synthetic identity fraud presents almost insurmountable obstacles for financial institutions to determine identity legitimacy.

Skilled Criminal Minds

Perpetrators of synthetic identity fraud continue to refine their methods, making their schemes harder to detect and more costly to unravel. One of their latest tactics is to open multiple bank and credit card accounts under their fictitious identities. They start out using the accounts and even make timely payments. This allows them to begin to establish a credit history for the synthetic identity, leading to improved credit scores and incremental purchasing power.

After several months – or even years – of doing this, a criminal can amass dozens of accounts with large credit limits. They then use their credit to buy products they can easily resell and max out their cash-advance limits before banks detect the problem. In some cases, offenders have even convinced creditors that their fake personas were victims of fraud, got their credit restored, and then defraud the institution again.

Data, Data, & More Data

We live in a digital world, and the pace at which individuals and organizations create, store, and share data is extraordinary. This data overload enables synthetic identity fraud in two ways:

  1. The sheer amount of public personal data disseminated online in forums and social media makes it easy for criminals to gather the information they need to piece together fake personas.
  2. Techniques like phishing, smishing, and vishing[1] have enabled criminals to opportunistically solicit personally identifiable information from unsuspecting consumers.  These actions are normally carried out under the guise of a trusted organization.

Data is so accessible that perpetrators can buy a person’s name, birth date, and social security number on the dark web for just a few dollars, especially when purchasing in bulk. Individual pieces of personal data can cost even less and might be all a villain needs to build an identity.

Phishing for Faces

Cybercriminals work to outsmart the tools banks’ use to authenticate their customers. Fraudsters have become more sophisticated at creating emails and spoofed sites that look real even to more discerning customers. They have set up sophisticated phishing schemes to trick people into submitting large amounts of personal information. These schemes are not only successful in obtaining usernames and passwords, but they’re often able to trick consumers into answering even more personal questions. These can then be used to takeover the victim’s identity.

How can you stop it?

Combat Fake Data with Real Data

As synthetic identity theft continually evolves, so too must the fight against it.

While criminals go to great lengths to make their fake identities seem like real, functioning individuals, they naturally concentrate their efforts on the companies and accounts they are attempting to scam. The real power to unravel these schemes may be in combining link analysis techniques and consortium data to provide actionable intelligence to flag the transaction and mitigate the risk upfront.  An example may be to discern that multiple institutions have an account in different names but tied to the same address, phone number, or email address.

Accertify’s established relationships with the largest banks and eCommerce brands in the world enable us to have unparalleled insight to rich community data that we can use to detect synthetic identities at account origination and continually monitor, quarantine, and remove ones that may already exist in your portfolio. Our machine learning capabilities and risk-decision engine uses behavioral biometrics, device intelligence, and third party data to provide a risk score and explainable reason codes that organizations can trust. Based on this score and the organization’s risk policies, the credit-issuer can flag account openings and transactions to challenge. All of this is done without impacting the customer experience.

Request a Consultation to learn how Accertify Digital Identity can protect your institution against synthetic identity fraud and new account opening fraud.


[1]https://www.americanexpress.com/us/security-center/phishing-scam-awareness/