What Is Synthetic Identity Fraud?

Synthetic identity fraud occurs when criminals exploit synthetic identities to commit various forms of financial fraud. This type of fraud involves using these fabricated personas to access services or financial products without any intention of repaying debts or fulfilling obligations.. Unlike traditional identity theft, where a perpetrator assumes the identity of a specific individual, synthetic identity fraud relies on the creation of entirely new personas.

Fraudsters often utilize synthetic identities to open credit card accounts, secure loans, or make high-value purchases, leading to considerable financial losses for businesses and financial institutions. Since synthetic identities can often pass initial verification checks, detecting this form of fraud can be particularly challenging. The sophistication of synthetic identity creation has necessitated enhanced identity verification and fraud detection systems to effectively combat this evolving threat.

What Are the Two Types of Synthetic Identity Fraud?

There are two primary types of synthetic identity fraud: manipulated synthetics and manufactured synthetics.

1. Manipulated Synthetics

Manipulated synthetics involve making slight alterations to real data in order to exploit weaknesses in verification systems for credit or loans. These fraudulent identities are based on actual individuals’ information, with minor modifications such as altered addresses or dates of birth. For example, users with poor credit histories may create manipulated identities to access new credit with the intention of repaying it. However, this practice is still considered fraudulent and poses significant risks to lenders and financial institutions.

2. Manufactured Synthetics

Manufactured synthetic identity fraud, often referred to as “Frankenstein fraud,” involves combining both real and fictitious information to create an entirely new identity. This type of fraud is particularly challenging to detect and trace. Fraudsters generate these identities by mixing legitimate elements, such as Social Security Numbers (SSNs) or dates of birth, with fabricated information like phone numbers or email addresses. For instance, a fraudster might create a new name and address while using a genuine SSN. Recently, some fraudsters have taken this a step further by employing entirely fabricated information, including generating random SSNs from the same range used by the Social Security Administration. This method allows criminals to construct completely fictitious identities, making it even harder for verification systems to identify fraudulent activities.

Factors Contributing to the Complexity of Fighting Synthetic Identity Fraud

Financial institutions face a growing challenge in combating synthetic identity fraud. This type of fraud thrives due to several factors:

1. Complex Financial Systems

The interconnectedness of modern financial systems creates vulnerabilities for synthetic identities. Criminals can exploit discrepancies in verification standards across different institutions, making it difficult to detect fraud as the identity moves through the system. For example, two men in Miami used synthetic identities and shell companies to steal over $3 million from multiple banks.

2. SSN Randomization

While intended to improve security, the Social Security Administration’s (SSA) decision to randomize SSNs in 2011 has unintentionally aided synthetic identity fraud. Fraudsters can now create fake identities with less risk of detection by fraud systems programmed to identify non-randomized SSNs.

3. Exploiting Unassigned SSNs

Fraudsters often target SSNs belonging to children or deceased individuals. These numbers are valid but not actively monitored, making them ideal for creating synthetic identities that lack credit history and evade initial detection.

4. Fragmented and Inconsistent Data

Synthetic identities are a blend of real and fake information. This makes them difficult to detect with traditional fraud systems, which rely on identifying inconsistencies. For instance, an identity might use a real address but have a fabricated name and birthdate.

5. Lack of a Single Victim

Unlike traditional identity theft, synthetic identity fraud doesn’t target a specific person. There’s no single individual to report the crime, making detection more challenging. For example, in 2019, a ring used hundreds of fake identities to obtain credit cards and loans, causing millions in losses for financial institutions.

6. Regulatory Gaps

Existing regulations may not be comprehensive enough to address the nuances of synthetic identity fraud. Stringent financial reporting regulations, for example, might not cover the sophisticated methods used by fraudsters. This creates loopholes that allow synthetic identity fraud to flourish, making it one of the fastest-growing financial crimes in the US.

7. Data Breaches and Information Availability

Frequent data breaches provide fraudsters with the information needed to create synthetic identities. For instance, the Equifax data breach in 2017 exposed the personal information of 147 million people, including SSNs, which fraudsters could use to create synthetic identities.

8. Delayed Detection

Synthetic identity fraud can remain undetected for long periods, often until the fraudster defaults on significant loans. For instance, a group of 11 individuals in New York defrauded multiple financial institutions of $1 million before being caught.

9. Inadequate Identity Verification Processes

Many institutions rely on basic verification processes that can be bypassed with fabricated data. For example, a synthetic identity with a valid but stolen SSN and a fabricated name might pass through automated verification systems without raising any red flags.

The Process of Carrying Out Synthetic Identity Fraud

The process involved in carrying out synthetic identity fraud can be understood through its definition and components, as listed above. The following steps summarize these processes for easy understanding:

Acquiring Foundational Data: This involves obtaining a core element of a real person’s identity, such as a Social Security number, personal identification number (PIN), or other government-issued ID.
Fabricating Additional Information: Creating fictitious names, dates of birth, and other personal details to complement the valid SSN.
Establishing a Credit Profile: The fraudster uses the synthetic identity to apply for various financial products like credit cards, loans, or utilities to build a credit history.
Building a Trustworthy Credit Profile: Gradually increasing the credit limit by demonstrating responsible usage and timely payments, in turn building a high credit score over time.
Cashing out and Defaulting: Maximizing the available credit by taking out loans and making large purchases. Eventually, the identity defaults on the debt, leaving lenders with significant losses.
Evading Detection: Utilizing various addresses, phone numbers, and other details to complicate detection and hinder fraud prevention measures.

Traditional vs. Synthetic Identity Fraud

Traditional identity fraud involves stealing and using an individual’s complete personal information to commit fraud directly without modification, while synthetic identity fraud involves creating a new, fictitious identity by combining real and fabricated information.

While both types of fraud have a significant impact on individuals, there are key differences between them. Below is a detailed breakdown of both types:

S/N	Feature/Aspect	Traditional Identity Fraud	Synthetic Identity Fraud
1	Nature	Involves stealing and using the individual’s complete personal information to commit fraud directly without modification.	Involves creating a new, fictitious identity by combining real and fabricated information.
2	Process	Data theft through breaches, phishing, or physical theft. Using the stolen identity to open accounts, apply for credit cards, secure loans, and make purchases. Maxing out credit limits and defaulting on loans.	Acquiring a valid SSN. Creating fabricated additional information. Establishing a credit profile by applying for credit and building history. Exploiting financial systems for high-value loans and credit cards. Maxing out credit limits and defaulting on loans.
3	Detection	Easier to detect as it involves real individuals who report unauthorized activities.	The combination of real and fake data in synthetic identity fraud makes it hard to detect. Without victims reporting the fraud, discovery is delayed, leading to greater financial losses for organizations.
4	Impact	Directly impacts real individuals whose identities are stolen, causing financial and emotional distress.	It primarily impacts financial institutions and lenders. Secondarily, it can lead to the misuse of real individuals’ SSNs.

Why Is Synthetic Identity Fraud Rising?

Synthetic identity fraud is increasing due to several key factors, including:

1. Data Breaches and Security Vulnerabilities

Many organizations, particularly those using centralized systems, lack proactive measures to effectively protect customer data. This vulnerability often leads to data breaches where vast amounts of personal information are exposed. High-profile breaches, such as the 1.5 billion records leaked in Real Estate Wealth Network data breach, demonstrate the ease with which fraudsters can acquire the foundational data needed for synthetic identity fraud when organizations fail to implement robust security protocols, encrypt sensitive data, or regularly update their defenses against cyberattacks.

2. Weaknesses in Lenders’ Verification Processes:

Lenders often have verification processes that can be exploited by fraudsters. These processes might rely heavily on basic data points, such as Social Security Numbers and dates of birth, which can be fabricated or manipulated. Additionally, the pressure to approve loans quickly can lead to less rigorous checks, allowing synthetic identities to slip through the cracks. The loosening of credit requirements, aimed at making credit more accessible, can also unintentionally facilitate fraud.

3. Challenges in the Credit Reporting System:

The credit reporting system struggles to keep up with the evolving nature of synthetic identity fraud. Since synthetic identities are created using a mix of real and fake information, they can establish a credible credit history over time, making detection difficult. Credit bureaus may not have the means to cross-verify the authenticity of all the information they receive, leading to synthetic identities maintaining good credit scores for extended periods. This lag in detection allows fraudsters to exploit the system for significant financial gains before being caught.

4. Impact of Generative Artificial Intelligence (AI)

AI is a powerful tool used by fraudsters for analyzing large amounts of data. AI algorithms can piece together bits of real and fabricated data to create identities that appear legitimate. Furthermore, the rise of deepfake technology, a by-product of AI advancements, poses additional concerns. In the hands of bad actors, deepfake tools can create realistic fake images and videos, making synthetic identities more believable, even to sophisticated verification systems. This capability significantly complicates the detection and prevention of synthetic identity fraud. AI can automate tasks like data analysis and identity generation, streamlining the creation of synthetic identities for fraudsters.

How Financial Institutions Can Protect Themselves from Synthetic Identity Fraud

An industry where scammers steal an average of $81,000 to $97,000 per incident before detection must act quickly to avoid significant financial losses. Below are steps financial institutions can take to reduce the impact of synthetic identity fraud:

1. Enhance Identity Verification Processes

Financial institutions already utilize multi-factor authentication (MFA) to add security layers, but biometric verification offers an even stronger defense. This technology requires a customer’s physical attribute, such as a fingerprint or facial ID, making it difficult for fraudsters to bypass security measures. JPMorgan Chase is a prime example of a financial institution using MFA to prevent unauthorized access and ensure multiple security layers.

2. Implement Decentralized Identity Verification with Verifiable Credentials (VCs)

Verifiable Credentials (VCs) offer a secure and tamper-proof way to verify an individual’s identity. These digital credentials go beyond traditional methods by not only holding government-issued ID information, but also incorporating biometric data like fingerprints or facial scans. This combined approach provides a strong layer of security. Biometric data is unique to each person, making it highly effective in verifying an individual’s uniqueness. Additionally, VCs can confirm genuine presence through real-time interactions such as live video verification or real-time biometric scans. This ensures the person using the credential is truly present at the time of verification.

3. Artificial Intelligence (AI) and Machine Learning (ML) Detection

Implementing AI/ML allows institutions to detect unusual patterns and behaviors that might indicate synthetic identities. For example, HSBC has successfully used AI to improve the detection of financial fraud, resulting in increased positive alerts and a reduction in false positives. Google’s Anti-Money Laundering AI (AML AI), tested with HSBC, demonstrated these capabilities by providing risk scores based on transaction data and other relevant information, significantly enhancing fraud detection efficiency.

4. Real-Time Monitoring and Data Analysis

Real-time monitoring systems can quickly detect and respond to fraudulent activities. By utilizing data analytics tools, institutions can assess risk and continuously flag suspicious activities.

5. Education and Compliance

Regularly train employees to recognize and respond to potential fraud attempts. Educate customers about the importance of safeguarding their personal information and how to recognize phishing attempts. Regularly train employees to recognize and respond to potential fraud attempts.

6. Strict Compliance with Regulations

Follow regulatory guidelines and industry standards for identity verification and fraud prevention. Implement Know Your Customer (KYC) and Anti-Money Laundering (AML) protocols rigorously.

How to Protect Yourself from Synthetic Identity Theft

While financial institutions are often the primary victims of synthetic identity fraud, the personal information of real individuals, such as Social Security Numbers (SSNs), is frequently exploited in these schemes. Here are several ways to protect yourself from identity theft that can lead to synthetic identity fraud:

Monitor Your Credit Regularly: Consider utilizing credit monitoring services that alert you to any changes or suspicious activities on your credit report. By regularly reviewing your credit reports, you can quickly spot unfamiliar accounts or inquiries that may indicate synthetic identity fraud.
Freeze Your Credit: Freezing your credit with the major credit bureaus can prevent fraudsters from opening new accounts in your name. A credit freeze restricts access to your credit report, making it significantly harder for synthetic identities to be approved for credit.
Watch for Unusual Activities: Stay vigilant and do not ignore mail or bills addressed to you from unfamiliar sources. Receiving unexpected correspondence may indicate that someone is using your information to create synthetic identities.
Protect Personal Information: Exercise caution with your personal information, both online and offline. Avoid sharing sensitive details such as SSNs, birthdates, and addresses unless it is absolutely necessary.
Protect Your Login Details: Do not share your login credentials with third parties. Use strong and unique passwords for all your accounts, and consider adding an extra layer of security through multi-factor authentication (MFA) for all your online accounts.
Be Cautious with Social Media: Be mindful of the information you share on social media platforms. Fraudsters can gather details from your profiles to create synthetic identities. Adjust your privacy settings to limit the number of people who can view your personal information.

Conclusion

The rise of synthetic identity theft poses a significant threat, demanding a comprehensive strategy for mitigation. Advancements in decentralized identity with verifiable credentials can verify the genuineness of an an individual, offering a promising path toward more secure and efficient verification. Stricter data protection regulations can further limit the information fraudsters exploit. However, collaboration among institutions to standardize verification processes is equally crucial. Ultimately, success hinges on a collective effort – institutions working together and individuals taking proactive steps to safeguard their information.

Identity.com

Identity.com, as a future-oriented organization, is helping many businesses by giving their customers a hassle-free identity verification process. Our organization envisions a user-centric internet where individuals maintain control over their data. This commitment drives Identity.com to actively contribute to this future through innovative identity management systems and protocols.

As members of the World Wide Web Consortium (W3C), we uphold the standards for the World Wide Web and work towards a more secure and user-friendly online experience. Identity.com is an open-source ecosystem providing access to on-chain and secure identity verification. Our solutions improve the user experience and reduce onboarding friction through reusable and interoperable Gateway Passes. Please get in touch for more information about how we can help you with identity verification and general KYC processes.

What Is Synthetic Identity Fraud?

Author: Phillip Shoemaker

Key Takeaways:

What Is a Synthetic Identity?