What Is Synthetic Identity Fraud?

Key Takeaways:

In 2022, 46% of organizations encountered synthetic identity fraud, and by 2023, auto loan fraud linked to synthetic identities reached $1.8 billion. When factoring in other financial products, total U.S. lender losses soared to $3 billion. Projections indicate that this figure could rise to $5 billion by the end of 2024, highlighting an alarming trend in financial crime.

The challenge isn’t just the rising numbers—it’s the difficulty of stopping it. Unlike traditional identity theft, synthetic identity fraud doesn’t have a direct victim who reports unauthorized activity, making it extremely difficult to detect. Many financial institutions still rely on outdated fraud detection methods, leaving them vulnerable to evolving tactics. As fraudsters refine their strategies, businesses must adopt stronger identity verification and fraud prevention measures to keep up.

What Is a Synthetic Identity?

A synthetic identity is a fabricated persona created by combining real and fake information. Fraudsters typically steal legitimate details, such as an SSN or date of birth, and pair them with fictitious elements, like a fake name, address, or phone number. This deception creates an identity that appears real, allowing fraudsters to open accounts, secure credit, and conduct transactions without detection.

With advancements in AI, deepfake technology, and automated fraud techniques, synthetic identities are becoming harder to identify. As a result, financial institutions must enhance their fraud detection systems to keep pace with these evolving threats.

What Is Synthetic Identity Fraud?

What Are the Two Types of Synthetic Identity Fraud?

1. Manipulated Synthetics

Manipulated synthetics involve slight modifications to real personal information to bypass verification systems. Fraudsters alter addresses, birthdates, or contact details while keeping key identifiers, like an SSN, intact. While some users engage in this practice to circumvent poor credit histories, it remains fraudulent and poses significant risks to financial institutions.

2. Manufactured Synthetics

Manufactured synthetic identity fraud—often called “Frankenstein fraud”—involves combining real and fake information to create an entirely new identity. Fraudsters mix legitimate details, like an SSN or birthdate, with fabricated elements, such as fake names, addresses, and phone numbers.

Recently, some fraudsters have fully fabricated identities, generating random SSNs that fall within valid Social Security Administration (SSA) number ranges. These synthetic identities can establish credit, apply for loans, and engage in transactions without an actual person attached, making fraud detection even more difficult.

How Synthetic Identity Fraud Works

Fraudsters execute synthetic identity fraud through several calculated steps:

1. Acquiring Foundational Data: They obtain a real SSN, personal identification number (PIN), or other valid government-issued ID, often from children, the deceased, or individuals with limited credit history.
2. Fabricating Additional Information: Fraudsters create fake names, birthdates, addresses, and contact details to construct a full identity.
3. Establishing a Credit Profile: They apply for financial products like credit cards, loans, and utilities to start building a credit history.
4. Building Creditworthiness: By making small payments on time, fraudsters improve their synthetic identity’s credit score, making it appear legitimate to lenders.
5. Cashing Out: Once a strong credit profile is built, they maximize available credit by taking out large loans or making major purchases—then disappear without repaying debts.
6. Evading Detection: Fraudsters use multiple addresses, phone numbers, and false details to bypass verification systems and avoid detection.

Synthetic Identity Fraud vs. Identity Theft

While both synthetic identity fraud and traditional identity theft involve fraudulent activities, there are significant differences between the two. Traditional identity theft typically involves stealing and using an individual’s full personal information to commit fraud, whereas synthetic identity fraud involves creating a fictitious identity by combining real and fabricated details.

Below is a detailed comparison of synthetic identity fraud vs. identity theft to help better understand how each works:

Key Challenges in Combatting Synthetic Identity Fraud

Financial institutions face increasing challenges in detecting and preventing synthetic identity fraud. This type of fraud thrives due to several factors:

1. Complex Financial Systems

The interconnected nature of modern financial systems creates vulnerabilities that fraudsters exploit. Variations in identity verification standards across banks, lenders, and credit bureaus make it easier for synthetic identities to slip through detection. For example, two men in Miami used synthetic identities and shell companies to steal over $3 million from multiple banks before being caught.

2. SSN Randomization

The Social Security Administration (SSA) randomized SSNs in 2011 to enhance security, but this has unintentionally benefited fraudsters. Since SSNs are no longer issued sequentially, criminals can generate synthetic identities that evade traditional fraud detection systems programmed to flag non-randomized SSNs.

3. Exploiting Unassigned SSNs

Fraudsters frequently use SSNs belonging to children, deceased individuals, or those with little to no credit history. These SSNs are valid but often remain unmonitored, making them ideal for creating synthetic identities that go undetected for years.

4. Fragmented and Inconsistent Data

Synthetic identities are a blend of real and fabricated information, making them difficult to detect with traditional fraud detection systems. These systems typically rely on identifying inconsistencies, but a synthetic identity may use a real address while incorporating a fabricated name or birthdate, complicating detection.

5. Lack of a Single Victim

Unlike traditional identity theft, synthetic identity fraud does not target a specific person. Without a single victim to report the crime, detection becomes much more difficult. For instance, in 2019, a fraud ring used hundreds of fake identities to obtain credit cards and loans, causing millions in losses for financial institutions.

6. Regulatory Gaps

Many financial regulations do not fully account for the evolving tactics of synthetic identity fraud. Fraudsters exploit loopholes in identity verification and financial reporting that were originally designed to prevent traditional fraud. Without standardized identity verification across financial institutions, criminals continue to circumvent detection and exploit regulatory blind spots.

7. Data Breaches and Stolen Personal Information

Major data breaches fuel synthetic identity fraud by exposing personal data such as SSNs, birthdates, and financial records. The 2017 Equifax breach leaked the personal information of 147 million people, giving fraudsters a rich source of data to create synthetic identities.

8. Delayed Detection

Synthetic identity fraud can remain undetected for long periods, often until the fraudster defaults on significant loans. For instance, a group of 11 individuals in New York defrauded multiple financial institutions of $1 million before being caught.

9. Weak Identity Verification Processes

Many institutions still rely on outdated identity verification methods, such as basic SSN matching and credit history checks. Synthetic identities with valid SSNs but fabricated names often pass through automated fraud detection systems, making them difficult to flag. Without advanced fraud prevention tools like biometric verification, behavioral analytics, or AI-powered risk assessment, financial institutions remain vulnerable to these attacks.

How Financial Institutions Can Protect Themselves from Synthetic Identity Fraud

An industry where scammers steal an average of $81,000 to $97,000 per incident before detection must act quickly to avoid significant financial losses. Below are steps financial institutions can take to reduce the impact of synthetic identity fraud:

1. Enhance Identity Verification Processes

Financial institutions already utilize multi-factor authentication (MFA) to add security layers, but biometric verification offers an even stronger defense. This technology requires a customer’s physical attribute, such as a fingerprint or facial ID, making it difficult for fraudsters to bypass security measures. JPMorgan Chase is a prime example of a financial institution using MFA to prevent unauthorized access and ensure multiple security layers.

2. Implement Decentralized Identity Verification with Verifiable Credentials (VCs)

Verifiable Credentials (VCs) offer a secure and tamper-proof way to verify an individual’s identity. These digital credentials go beyond traditional methods by not only holding government-issued ID information, but also incorporating biometric data like fingerprints or facial scans. This combined approach provides a strong layer of security. Biometric data is unique to each person, making it highly effective in verifying an individual’s uniqueness. Additionally, VCs can confirm genuine presence through real-time interactions such as live video verification or real-time biometric scans. This ensures the person using the credential is truly present at the time of verification.

3. Artificial Intelligence (AI) and Machine Learning (ML) Detection

Implementing AI/ML allows institutions to detect unusual patterns and behaviors that might indicate synthetic identities. For example, HSBC has successfully used AI to improve the detection of financial fraud, resulting in increased positive alerts and a reduction in false positives. Google’s Anti-Money Laundering AI (AML AI), tested with HSBC, demonstrated these capabilities by providing risk scores based on transaction data and other relevant information, significantly enhancing fraud detection efficiency.

4. Real-Time Monitoring and Data Analysis

Real-time monitoring systems can quickly detect and respond to fraudulent activities. By utilizing data analytics tools, institutions can assess risk and continuously flag suspicious activities.

5. Education and Compliance

Regularly train employees to recognize and respond to potential fraud attempts. Educate customers about the importance of safeguarding their personal information and how to recognize phishing attempts. Regularly train employees to recognize and respond to potential fraud attempts. 

6. Strict Compliance with Regulations

Follow regulatory guidelines and industry standards for identity verification and fraud prevention. Implement Know Your Customer (KYC) and Anti-Money Laundering (AML) protocols rigorously.

How to Protect Yourself from Synthetic Identity Theft

While financial institutions are often the primary victims of synthetic identity fraud, the personal information of real individuals, such as Social Security Numbers (SSNs), is frequently exploited in these schemes. To protect yourself from identity theft that could lead to synthetic identity fraud, consider the following steps:

1. Monitor Your Credit Regularly: Utilize credit monitoring services that alert you to changes or suspicious activities on your credit report. By regularly reviewing your credit reports, you can quickly spot unfamiliar accounts or inquiries that may indicate synthetic identity fraud.
2. Freeze Your Credit: Freezing your credit with the major credit bureaus prevents fraudsters from opening new accounts in your name. A credit freeze restricts access to your credit report, making it much harder for synthetic identities to be approved for credit.
3. Watch for Unusual Activities: Stay vigilant and do not ignore mail or bills from unfamiliar sources. Receiving unexpected correspondence may signal that someone is using your personal information to create synthetic identities.
4. Protect Personal Information: Exercise caution with your personal information, both online and offline. Avoid sharing sensitive details such as SSNs, birthdates, and addresses unless it is absolutely necessary. 
5. Protect Your Login Details: Do not share your login credentials with third parties. Use strong and unique passwords for all your accounts, and consider adding an extra layer of security through multi-factor authentication (MFA) for all your online accounts.
6. Be Cautious with Social Media: Be mindful of the information you share on social media platforms. Fraudsters can gather details from your profiles to create synthetic identities. Adjust your privacy settings to limit the number of people who can view your personal information.

Why Is Synthetic Identity Fraud Rising?

Synthetic identity fraud is increasing due to several key factors, including:

1. Data Breaches and Security Vulnerabilities

Many organizations, particularly those using centralized systems, lack proactive measures to effectively protect customer data. This vulnerability often leads to data breaches where vast amounts of personal information are exposed. High-profile breaches, such as the 1.5 billion records leaked in Real Estate Wealth Network data breach, demonstrate the ease with which fraudsters can acquire the foundational data needed for synthetic identity fraud when organizations fail to implement robust security protocols, encrypt sensitive data, or regularly update their defenses against cyberattacks.

2. Weaknesses in Lenders’ Verification Processes

Lenders often have verification processes that can be exploited by fraudsters. These processes might rely heavily on basic data points, such as Social Security Numbers and dates of birth, which can be fabricated or manipulated. Additionally, the pressure to approve loans quickly can lead to less rigorous checks, allowing synthetic identities to slip through the cracks. The loosening of credit requirements, aimed at making credit more accessible, can also unintentionally facilitate fraud.

3. Challenges in the Credit Reporting System

The credit reporting system struggles to keep up with the evolving nature of synthetic identity fraud. Since synthetic identities are created using a mix of real and fake information, they can establish a credible credit history over time, making detection difficult. Credit bureaus may not have the means to cross-verify the authenticity of all the information they receive, leading to synthetic identities maintaining good credit scores for extended periods. This lag in detection allows fraudsters to exploit the system for significant financial gains before being caught.

4. Impact of Generative Artificial Intelligence (AI)

AI is a powerful tool used by fraudsters for analyzing large amounts of data. AI algorithms can piece together bits of real and fabricated data to create identities that appear legitimate. Furthermore, the rise of deepfake technology, a by-product of AI advancements, poses additional concerns. In the hands of bad actors, deepfake tools can create realistic fake images and videos, making synthetic identities more believable, even to sophisticated verification systems. This capability significantly complicates the detection and prevention of synthetic identity fraud. AI can automate tasks like data analysis and identity generation, streamlining the creation of synthetic identities for fraudsters.

Conclusion

Identity.com

Identity.com, as a future-oriented organization, is helping many businesses by giving their customers a hassle-free identity verification process. Our organization envisions a user-centric internet where individuals maintain control over their data. This commitment drives Identity.com to actively contribute to this future through innovative identity management systems and protocols.

As members of the World Wide Web Consortium (W3C), we uphold the standards for the World Wide Web and work towards a more secure and user-friendly online experience. Identity.com is an open-source ecosystem providing access to on-chain and secure identity verification. Our solutions improve the user experience and reduce onboarding friction through reusable and interoperable Gateway Passes. Please get in touch for more information about how we can help you with identity verification and general KYC processes.