What Is Synthetic Identity Fraud?

Key Takeaways:

As alarming as these statistics are, there is an even greater issue at hand. Financial institutions and enterprises affected by this type of fraud are often at a loss for effective countermeasures. Many are unsure if their current strategies are sufficient. The sophistication, complexity, and danger of synthetic identity fraud can be overwhelming. So let’s dive into, what exactly is synthetic identity fraud, and what measures are currently proving effective for some financial institutions.

What Is a Synthetic Identity?

A synthetic identity is a fabricated persona created by combining real and fictitious information. This typically involves using actual details, such as a Social Security number or date of birth that may belong to a legitimate individual, along with invented elements like a name or address. The result is a seemingly credible identity that can be used to access various services and make transactions.

The increasing prevalence of synthetic identities raises significant concerns, particularly with the rise of synthetic identity fraud.

What Is Synthetic Identity Fraud?

Synthetic identity fraud occurs when criminals exploit synthetic identities to commit various forms of financial fraud. This type of fraud involves using these fabricated personas to access services or financial products without any intention of repaying debts or fulfilling obligations.. Unlike traditional identity theft, where a perpetrator assumes the identity of a specific individual, synthetic identity fraud relies on the creation of entirely new personas.

What Are the Two Types of Synthetic Identity Fraud?

1. Manipulated Synthetics

Manipulated synthetics involve making slight alterations to real data in order to exploit weaknesses in verification systems for credit or loans. These fraudulent identities are based on actual individuals’ information, with minor modifications such as altered addresses or dates of birth. For example, users with poor credit histories may create manipulated identities to access new credit with the intention of repaying it. However, this practice is still considered fraudulent and poses significant risks to lenders and financial institutions.

2. Manufactured Synthetics

Manufactured synthetic identity fraud, often referred to as “Frankenstein fraud,” involves combining both real and fictitious information to create an entirely new identity. This type of fraud is particularly challenging to detect and trace. Fraudsters generate these identities by mixing legitimate elements, such as Social Security Numbers (SSNs) or dates of birth, with fabricated information like phone numbers or email addresses. For instance, a fraudster might create a new name and address while using a genuine SSN. Recently, some fraudsters have taken this a step further by employing entirely fabricated information, including generating random SSNs from the same range used by the Social Security Administration. This method allows criminals to construct completely fictitious identities, making it even harder for verification systems to identify fraudulent activities.

How Synthetic Identity Fraud Works

Below are the key steps involved in carrying out synthetic identity fraud:

1. Acquiring Foundational Data: The fraudster starts by obtaining a core element of a real person’s identity, such as a Social Security number (SSN), personal identification number (PIN), or other government-issued IDs. This foundational data is essential for creating the synthetic identity.
2. Fabricating Additional Information: Next, the fraudster creates fictitious details, such as names, dates of birth, and addresses, to complement the valid SSN and form a complete synthetic identity.
3. Establishing a Credit Profile: Using the synthetic identity, the fraudster applies for various financial products like credit cards, loans, or utilities, starting to build a credit history and making the identity appear legitimate.
4. Building a Trustworthy Credit Profile: Over time, the fraudster demonstrates responsible usage of credit and makes timely payments, increasing the credit limit and building a high credit score. This further legitimizes the synthetic identity in the eyes of lenders.
5. Cashing Out and Defaulting: Once a trustworthy credit profile is built, the fraudster maximizes the available credit by taking out loans and making large purchases. Eventually, they default on the debt, leaving lenders with significant financial losses.
6. Evading Detection: To make detection more difficult, fraudsters use various addresses, phone numbers, and other details to complicate verification processes and evade fraud prevention measures.

Synthetic Identity Fraud vs. Identity Theft

While both synthetic identity fraud and traditional identity theft involve fraudulent activities, there are significant differences between the two. Traditional identity theft typically involves stealing and using an individual’s full personal information to commit fraud, whereas synthetic identity fraud involves creating a fictitious identity by combining real and fabricated details.

Below is a detailed comparison of synthetic identity fraud vs. identity theft to help better understand how each works:

Key Challenges in Combatting Synthetic Identity Fraud

Financial institutions are facing a growing challenge in combating synthetic identity fraud. This type of fraud thrives due to several contributing factors:

1. Complex Financial Systems

The interconnectedness of modern financial systems creates vulnerabilities for synthetic identities. Criminals can exploit discrepancies in verification standards across different institutions, making it difficult to detect fraud as the synthetic identity moves through the system. For example, two men in Miami used synthetic identities and shell companies to steal over $3 million from multiple banks.

2. SSN Randomization

While the Social Security Administration’s (SSA) decision to randomize SSNs in 2011 was intended to improve security, it has unintentionally aided synthetic identity fraud. Fraudsters can now create fake identities with less risk of detection by fraud systems programmed to identify non-randomized SSNs.

3. Exploiting Unassigned SSNs

Fraudsters often target SSNs belonging to children or deceased individuals. These SSNs are valid but not actively monitored, making them ideal for creating synthetic identities that lack a credit history and evade initial detection.

4. Fragmented and Inconsistent Data

Synthetic identities are a blend of real and fabricated information, making them difficult to detect with traditional fraud detection systems. These systems typically rely on identifying inconsistencies, but a synthetic identity may use a real address while incorporating a fabricated name or birthdate, complicating detection.

5. Lack of a Single Victim

Unlike traditional identity theft, synthetic identity fraud does not target a specific person. Without a single victim to report the crime, detection becomes much more difficult. For instance, in 2019, a fraud ring used hundreds of fake identities to obtain credit cards and loans, causing millions in losses for financial institutions.

6. Regulatory Gaps

Current regulations may not fully address the complexities of synthetic identity fraud. For example, financial reporting regulations may not cover the sophisticated tactics employed by fraudsters. These regulatory gaps allow synthetic identity fraud to proliferate, making it one of the fastest-growing financial crimes in the U.S.

7. Data Breaches and Information Availability

Frequent data breaches provide fraudsters with the information needed to create synthetic identities. For instance, the Equifax data breach in 2017 exposed the personal information of 147 million people, including SSNs, which fraudsters could use to create synthetic identities​.

8. Delayed Detection

Synthetic identity fraud can remain undetected for long periods, often until the fraudster defaults on significant loans. For instance, a group of 11 individuals in New York defrauded multiple financial institutions of $1 million before being caught.

9. Inadequate Identity Verification Processes

Many institutions rely on basic verification processes that can be easily bypassed with fabricated data. For example, a synthetic identity with a valid but stolen SSN and a fabricated name might pass through automated verification systems without triggering red flags.

How Financial Institutions Can Protect Themselves from Synthetic Identity Fraud

An industry where scammers steal an average of $81,000 to $97,000 per incident before detection must act quickly to avoid significant financial losses. Below are steps financial institutions can take to reduce the impact of synthetic identity fraud:

1. Enhance Identity Verification Processes

Financial institutions already utilize multi-factor authentication (MFA) to add security layers, but biometric verification offers an even stronger defense. This technology requires a customer’s physical attribute, such as a fingerprint or facial ID, making it difficult for fraudsters to bypass security measures. JPMorgan Chase is a prime example of a financial institution using MFA to prevent unauthorized access and ensure multiple security layers.

2. Implement Decentralized Identity Verification with Verifiable Credentials (VCs)

Verifiable Credentials (VCs) offer a secure and tamper-proof way to verify an individual’s identity. These digital credentials go beyond traditional methods by not only holding government-issued ID information, but also incorporating biometric data like fingerprints or facial scans. This combined approach provides a strong layer of security. Biometric data is unique to each person, making it highly effective in verifying an individual’s uniqueness. Additionally, VCs can confirm genuine presence through real-time interactions such as live video verification or real-time biometric scans. This ensures the person using the credential is truly present at the time of verification.

3. Artificial Intelligence (AI) and Machine Learning (ML) Detection

Implementing AI/ML allows institutions to detect unusual patterns and behaviors that might indicate synthetic identities. For example, HSBC has successfully used AI to improve the detection of financial fraud, resulting in increased positive alerts and a reduction in false positives. Google’s Anti-Money Laundering AI (AML AI), tested with HSBC, demonstrated these capabilities by providing risk scores based on transaction data and other relevant information, significantly enhancing fraud detection efficiency.

4. Real-Time Monitoring and Data Analysis

Real-time monitoring systems can quickly detect and respond to fraudulent activities. By utilizing data analytics tools, institutions can assess risk and continuously flag suspicious activities.

5. Education and Compliance

Regularly train employees to recognize and respond to potential fraud attempts. Educate customers about the importance of safeguarding their personal information and how to recognize phishing attempts. Regularly train employees to recognize and respond to potential fraud attempts. 

6. Strict Compliance with Regulations

Follow regulatory guidelines and industry standards for identity verification and fraud prevention. Implement Know Your Customer (KYC) and Anti-Money Laundering (AML) protocols rigorously.

How to Protect Yourself from Synthetic Identity Theft

While financial institutions are often the primary victims of synthetic identity fraud, the personal information of real individuals, such as Social Security Numbers (SSNs), is frequently exploited in these schemes. To protect yourself from identity theft that could lead to synthetic identity fraud, consider the following steps:

1. Monitor Your Credit Regularly: Utilize credit monitoring services that alert you to changes or suspicious activities on your credit report. By regularly reviewing your credit reports, you can quickly spot unfamiliar accounts or inquiries that may indicate synthetic identity fraud.
2. Freeze Your Credit: Freezing your credit with the major credit bureaus prevents fraudsters from opening new accounts in your name. A credit freeze restricts access to your credit report, making it much harder for synthetic identities to be approved for credit.
3. Watch for Unusual Activities: Stay vigilant and do not ignore mail or bills from unfamiliar sources. Receiving unexpected correspondence may signal that someone is using your personal information to create synthetic identities.
4. Protect Personal Information: Exercise caution with your personal information, both online and offline. Avoid sharing sensitive details such as SSNs, birthdates, and addresses unless it is absolutely necessary. 
5. Protect Your Login Details: Do not share your login credentials with third parties. Use strong and unique passwords for all your accounts, and consider adding an extra layer of security through multi-factor authentication (MFA) for all your online accounts.
6. Be Cautious with Social Media: Be mindful of the information you share on social media platforms. Fraudsters can gather details from your profiles to create synthetic identities. Adjust your privacy settings to limit the number of people who can view your personal information.

Why Is Synthetic Identity Fraud Rising?

Synthetic identity fraud is increasing due to several key factors, including:

1. Data Breaches and Security Vulnerabilities

Many organizations, particularly those using centralized systems, lack proactive measures to effectively protect customer data. This vulnerability often leads to data breaches where vast amounts of personal information are exposed. High-profile breaches, such as the 1.5 billion records leaked in Real Estate Wealth Network data breach, demonstrate the ease with which fraudsters can acquire the foundational data needed for synthetic identity fraud when organizations fail to implement robust security protocols, encrypt sensitive data, or regularly update their defenses against cyberattacks.

2. Weaknesses in Lenders’ Verification Processes

Lenders often have verification processes that can be exploited by fraudsters. These processes might rely heavily on basic data points, such as Social Security Numbers and dates of birth, which can be fabricated or manipulated. Additionally, the pressure to approve loans quickly can lead to less rigorous checks, allowing synthetic identities to slip through the cracks. The loosening of credit requirements, aimed at making credit more accessible, can also unintentionally facilitate fraud.

3. Challenges in the Credit Reporting System

The credit reporting system struggles to keep up with the evolving nature of synthetic identity fraud. Since synthetic identities are created using a mix of real and fake information, they can establish a credible credit history over time, making detection difficult. Credit bureaus may not have the means to cross-verify the authenticity of all the information they receive, leading to synthetic identities maintaining good credit scores for extended periods. This lag in detection allows fraudsters to exploit the system for significant financial gains before being caught.

4. Impact of Generative Artificial Intelligence (AI)

AI is a powerful tool used by fraudsters for analyzing large amounts of data. AI algorithms can piece together bits of real and fabricated data to create identities that appear legitimate. Furthermore, the rise of deepfake technology, a by-product of AI advancements, poses additional concerns. In the hands of bad actors, deepfake tools can create realistic fake images and videos, making synthetic identities more believable, even to sophisticated verification systems. This capability significantly complicates the detection and prevention of synthetic identity fraud. AI can automate tasks like data analysis and identity generation, streamlining the creation of synthetic identities for fraudsters.

Conclusion

Identity.com

Identity.com, as a future-oriented organization, is helping many businesses by giving their customers a hassle-free identity verification process. Our organization envisions a user-centric internet where individuals maintain control over their data. This commitment drives Identity.com to actively contribute to this future through innovative identity management systems and protocols.

As members of the World Wide Web Consortium (W3C), we uphold the standards for the World Wide Web and work towards a more secure and user-friendly online experience. Identity.com is an open-source ecosystem providing access to on-chain and secure identity verification. Our solutions improve the user experience and reduce onboarding friction through reusable and interoperable Gateway Passes. Please get in touch for more information about how we can help you with identity verification and general KYC processes.