Synthetic Identity Fraud: What It Is & How To Stop It

The Fastest Growing Financial Crime in the U.S. – Synthetic identity fraud is a serious threat to the financial industry, costing billions annually. This article explores the tactics fraudsters use to create and exploit fake identities, the challenges in detection, and the practical steps banks and fintechs can take to combat this growing menace.
Picture of Ravi Sandepudi

Ravi Sandepudi

June 25, 2024

$994 million.

That’s how much U.S. financial institutions lost to synthetic identity fraud through bank credit cards alone in the first half of 2023, according to TransUnion. This represents an 8.4% increase from the previous year, underlining the rapidly growing threat of synthetic identity fraud.

While traditional identity theft has long been a concern, this new, more sophisticated form of fraud is causing significant financial losses and keeping fraud executives up at night.

Synthetic identity fraud has far-reaching consequences that extend beyond just financial institutions (FI). While FIs bear the financial and reputational impact, the consequences don’t just end at the consumer but also impact the economy.

As fraudsters become increasingly adept at creating and exploiting fake identities, the potential for widespread financial disruption grows.

In this article, we dive into the complexities of synthetic identity fraud, exploring its types, techniques used by fraudsters, and strategies to combat it. We’ll also look at the tools available to fight this fraud to better safeguard institutions, protect customers, and contribute to a more secure and resilient financial landscape.

What is Synthetic Identity Fraud?

Synthetic identity fraud—a sophisticated and insidious form of financial crime—involves creating fictitious identities using a combination of real and fake personal information.

Unlike traditional identity theft, where a victim’s entire financial identity is stolen and exploited, synthetic identity fraud involves the creation of “Franken-fraud” identities. Fraudsters typically combine legitimate personally identifiable information (PII), such as Social Security numbers (SSNs), names, and addresses, from multiple individuals, sometimes augmenting them with fabricated details.

For example, a real SSN (often stolen from a child or elderly person) may be combined with another person’s name, address, phone number, and a newly created email account controlled by the fraudster.

This amalgamation of real and fake information makes synthetic identity fraud particularly challenging to detect.

Although the identity may appear valid and pass initial verification checks, fraudsters use these synthetic identities to apply for credit cards, loans, and other financial services. They intend to “bust out” by maxing out credit limits and disappearing without a trace, leaving financial institutions with significant losses.

Types of Synthetic ID Fraud

Synthetic identity fraud comes in various forms, each presenting unique challenges for fintechs and financial institutions. Understanding these different types is crucial for developing effective prevention and detection strategies.

Here are three common types of synthetic identity fraud:

 
Serial No.Type of Synthetic ID FraudKey Characteristics
1Manipulated SyntheticsReal SSN + Fake details (name, address).
2Manufactured SyntheticsCompletely fabricated identities using fake SSN, name, address.
3Identity CompilationPatchwork of real info from breaches or social media to create a fake identity.

Understanding Synthetic Identity Fraud

Synthetic identity fraud is a complex and evolving threat. So, it’s important to understand exactly this type of fraud occurs, the methods fraudsters use, and the challenges it presents to financial institutions.

How Synthetic Identity Fraud Occurs

Synthetic identity fraud is a complex and multi-faceted process that typically unfolds over a significant period. Here’s a breakdown of how it typically happens:

Step 1: Acquiring a Valid SSN 

The fraudster starts by obtaining a real SSN, often belonging to someone with little to no credit history. This could be a child, a deceased individual, or a person with limited financial activity.

Step 2: Creating a Fictitious Identity 

With a valid SSN in hand, the fraudster begins to craft a fake identity around it. They attach fabricated personal details like names, addresses, and birthdates to the SSN, bringing to life a seemingly legitimate persona.

Step 3: Establishing Credit 

The fraudster then uses this newly minted synthetic identity to apply for credit cards, loans, and other financial services. They start small to build a credit history and patiently nurture the identity over time, gradually increasing credit limits.

Step 4: Legitimizing the Persona 

To further validate the synthetic identity, the fraudster employs resorts to tactics. These include using drop addresses, creating fake social media profiles, or adding the identity as an authorized user on existing credit accounts. This process can span months or even years as the fraudster meticulously cultivates a strong credit profile.

Step 5: The “Bust-Out” Scheme 

Once the synthetic identity has established a strong credit profile and secured high credit limits, the fraudster strikes. They max out the credit lines, siphoning as much money as possible. Then, like a ghost, the fraudster vanishes, leaving the financial institution to bear the losses with no recourse for recovery.

How Fraudsters Create Synthetic Identities

The rise of social media and online platforms has made it easier for fraudsters to create synthetic identities. They can use these channels to establish a digital footprint for their fictitious personas. For example, they may create social media profiles, then post content, and engage with other users to give the appearance of a legitimate individual.

Creating synthetic identities involves several steps, each aimed at constructing a persona that appears legitimate to financial institutions and other entities.

Here’s an overview of the process:

1. Data Gathering 

Fraudsters begin by gathering personal information from multiple sources. This may include stolen SSNs, names, dates of birth, addresses, and other identifying details. They acquire this information through data breaches, phishing schemes, and social engineering tactics, or by purchasing it on the dark web.

2. Combination of Real and Fake Information

Fraudsters mix and match real and fabricated information to create a new identity. For instance, they might use a real Social Security number with a fake name and address. Alternatively, they could use a real address with a fake name and SSN. This blending of real and fake details enhances the credibility of the synthetic identity.

3. Creation of Supporting Documentation 

To further legitimize the synthetic identity, fraudsters may create fake documents. These documents include driver’s licenses, utility bills, or pay stubs. They are designed to match the fabricated details of the identity. Fraudsters use them to provide additional verification when applying for financial products or services.

4. Establishment of Initial Credit Profile

Once the synthetic identity is created, fraudsters begin building a credit history for it. They may start by applying for small loans, secured credit cards, or store credit. Initially, they may only be approved for low-limit credit products. However, the goal is to gradually improve the creditworthiness of the synthetic identity over time.

5. Credit Building and Maintenance

Fraudsters work to maintain the synthetic identity’s credit profile by making timely payments and managing credit responsibly. This may involve paying off debts, keeping credit utilization low, and avoiding actions that could raise red flags with credit bureaus or financial institutions.

6. Expansion and Monetization

As the synthetic identity’s credit profile improves, fraudsters may apply for larger credit lines, loans, or other financial products. They may also engage in activities such as credit card fraud, identity theft, or money laundering to exploit the synthetic identity for financial gain. Additionally, in some cases, they may sell the synthetic identity to other criminals for use in fraudulent activities.

Methods for Constructing Synthetic Identities Over Time

Synthetic identity fraud is particularly insidious due to the prolonged, meticulous process fraudsters undertake. To establish credible credit profiles, they patiently nurture fake identities over extended periods, sometimes spanning years. Here are the key methods they use:

1. Piggybacking on Existing Accounts

Fraudsters add synthetic identities as authorized users on legitimate credit accounts. This tactic allows the synthetic identity to inherit a positive credit history, lending it an appearance of credibility,  tactic known as “piggybacking.”

Here’s how they execute it:

  • They recruit account holders with good credit to add the synthetic identity as an authorized user
  • The synthetic identity piggybacks on the primary account holder’s positive credit history, improving its credit score
  • With an enhanced credit score, fraudsters use the synthetic identity to apply for new credit cards, loans, and other financial products
  • After establishing a credible credit profile, fraudsters max out the credit lines and cease payments, causing significant losses for lenders

Fraudsters may also use the established synthetic identity to create and nurture additional synthetic identities, expanding their network of fraudulent identities

2. Gradual Credit Buildup 

Fraudsters employ a patient, calculated approach to establish credibility for their synthetic identities.

They start by opening bank accounts and securing credit cards with low limits, using a fake persona. Over time, they make small purchases and consistently pay off the balances, demonstrating responsible credit behavior.

This process can take months or even years, as the fraudster meticulously builds a positive credit history.

  • Fraudsters may also take out small loans and pay them back promptly to further bolster the synthetic identity’s creditworthiness.
  • They gradually increase the credit limits on their accounts, slowly building trust with financial institutions.
  • This drawn-out process makes it challenging for banks and lenders to detect fraud in its early stages, as the synthetic identity’s credit behavior appears legitimate.

By the time the fraudster is ready to execute the “bust-out” scheme, the synthetic identity has a well-established, positive credit profile, allowing it to secure significant credit lines and inflict substantial financial damage.

3. Exploiting Data Breaches and Vulnerabilities 

Fraudsters capitalize on the wealth of personal information exposed through data breaches to create synthetic identities.

They exploit vulnerabilities in the credit system, such as:

  • The lack of a unified, real-time system for verifying identities across financial institutions
  • The reliance on static personal identifiers like SSN, which can be easily stolen or misused
  • The difficulty in distinguishing between real and fabricated identities, especially when genuine data is used

By combining data from multiple breaches, fraudsters can gather a comprehensive set of personal details, including names, addresses, birthdates, and SSNs.This information enables them to construct convincing personas that are difficult to detect as illicit.

Furthermore, the lag time between data breaches and the reporting of compromised information allows fraudsters ample time to exploit the stolen data before preventive measures can be implemented. 

4. Manipulating the Credit Repair Process 

Fraudsters take advantage of the credit repair process to enhance the credibility of their synthetic identities.

They deliberately dispute accurate negative information on the credit report, such as late payments or collections, knowing that credit bureaus have limited time to investigate and verify these claims. As a result:

  • The disputed negative items are often removed from the credit report
  • The credit score of the synthetic identity artificially improves
  • The enhanced credit score allows the fraudster to secure higher credit limits and better loan terms 

This manipulation tactic exploits the provisions of the Fair Credit Reporting Act (FCRA), which gives consumers the right to challenge inaccurate information on their credit reports.

By abusing this consumer protection measure, fraudsters can effectively “clean up” the credit history of their synthetic identities. This makes them appear more creditworthy and less suspicious to lenders. Fraudsters can subsequently perpetrate larger-scale fraud, causing significant financial harm to banks and credit unions.

5. Utilizing Fake Businesses and Shell Companies 

Fraudsters frequently leverage fake businesses and shell companies to facilitate synthetic identity fraud.

They create fictitious business entities, complete with fake tax identification numbers and business licenses to establish credit lines and generate false income streams.

These fabricated companies may even have convincing websites and online presence to further the illusion of legitimacy. Key tactics include:

  • Registering shell companies with state authorities and obtaining Employee ID Numbers (EIN) from the Internal Revenue Service (IRS)
  • Opening business bank accounts and securing business credit cards under fake company names
  • Generating fake income statements, invoices, and other financial documents to support loan applications
  • Providing false employment verification for synthetic identities, claiming they work for these fake businesses

By intertwining synthetic identities with these fake businesses, fraudsters construct a complex web of deceit that can be difficult for FIs to untangle.

The multi-layered nature of this fraud, spanning both personal and business credit, makes detection a significant challenge.

Fraudsters may also exploit the often less stringent verification processes associated with business credit applications, making it easier to secure larger credit lines and inflict more significant financial damage.

Real-World Examples of Synthetic Identity Fraud

These real-world instances reveal the intricate methods employed by cybercriminals to deceive even the most stringent security measures. They also underscore the importance of vigilance in safeguarding against such threats.

Jay Patterson, a Forensic Accountant, Falls Victim to Synthetic Identity Theft

This case study highlights the fact that anyone, even financial industry experts, can fall victim to synthetic identity theft. It underscores the importance of vigilance on the part of both consumers and financial institutions in detecting and preventing this type of fraud.

Summary

Jay Patterson, a forensic accountant who routinely collaborated with consumer lawyers to investigate financial institutions, became a victim of synthetic identity theft.

A thief used Patterson’s personal information, combined with falsified details, to open an unauthorized Wells Fargo account in his name. The account remained operational for a significant period, and the thief attempted to transfer thousands of dollars through it.

How Synthetic Identity Fraud Affected Jay Patterson:

  • Financial Exposure: The fraudster attempted to transfer a substantial amount of money through the unauthorized account, potentially exposing Patterson to financial losses and legal complications.
  • Reputational Risk: As a forensic accountant who investigates financial institutions, Patterson’s professional reputation could have been damaged by the fraudulent activities conducted in his name.
  • Time and Effort: Patterson had to invest significant time and effort to resolve the issue, including filing a class action lawsuit against Wells Fargo with 50 other alleged plaintiffs who experienced similar fraudulent account openings.
  • Emotional Distress: Falling victim to synthetic identity theft can cause emotional distress, as it violates an individual’s sense of security and trust in financial institutions.
  • Potential Credit Score Impact: If the fraudulent account had gone undetected for an extended period, it could have negatively affected Patterson’s credit score, making it more difficult for him to secure loans or lines of credit in the future.

Hong Kong Company Loses $25 Million to Deepfake Fraud

This case study underscores the growing threat of deepfake technology and its potential to enable sophisticated synthetic identity fraud. It highlights the importance of robust cybersecurity measures, employee education, and vigilance in detecting and preventing such scams.

Summary

In January 2023, scammers used deepfake technology to trick an employee at the Hong Kong branch of an unnamed multinational company, resulting in a loss of approximately $25 million. 

The employee, who worked in the company’s finance department, received a message from someone claiming to be the company’s UK-based chief financial officer (CFO). The employee then participated in a video call with deepfake versions of the CFO and other company employees.

Following instructions received during the fraudulent video call, the employee transferred a total of HK$200 million ($25.6 million) to various Hong Kong bank accounts across 15 separate transfers. The scam was discovered a week later when the employee contacted the company’s headquarters and realized that something was amiss.

How Synthetic Identity Fraud Affected the Hong Kong Company:

  • Significant Financial Loss: The company lost approximately $25 million due to the deepfake fraud, which could have a substantial impact on its financial stability and operations.
  • Reputational Damage: The incident harmed the company’s reputation, as it highlights vulnerabilities in its internal controls and employee training regarding cybersecurity and fraud prevention.
  • Employee Morale: The employee who fell victim to the scam may experience emotional distress, guilt, and a loss of confidence in their ability to perform their job effectively.
  • Legal and Regulatory Consequences: Depending on the jurisdiction and the company’s industry, the incident may lead to legal and regulatory scrutiny, potentially resulting in fines or penalties.
  • Increased Cybersecurity Costs: In response to the incident, the company may need to invest in enhanced cybersecurity measures, employee training, and fraud detection systems to prevent similar incidents in the future.

Detecting Synthetic Identity Fraud: Key Indicators for Banks and Fintechs

Experts agree that the best defense against synthetic identity fraud is a multi-layered approach. This approach leverages a wide range of available information, including data from in-house sources, public records, and digital footprints.

Elements from various accessible data sources can help build a comprehensive profile of the person presenting themselves to the financial institution.

These sources include financial history, property records, and social media accounts. Additionally, data analytics services, mobile phone number ownership, and email address history provide further insights into the individual’s background and activities. 

This information can then be compared to the account opening details, and any discrepancies should be further examined.

Despite the challenges, there are several red flags that banks and fintech institutions can watch for to detect synthetic identity fraud:

  • Inconsistencies in personal information, such as mismatched names, addresses, or SSNs can indicate a fabricated identity using a mix of real and fake information.
  • Unusual credit behavior, like a sudden surge in credit applications or a high credit score without history, can signal a synthetic identity created for fraud.
  • Multiple credit inquiries or applications from the same IP address or device can signal fraudsters using onee the same computer or network to create and manage multiple synthetic identities, leaving a detectable digital trail.
  • Suspicious account activity, like a new account rapidly accumulating a high balance or making large transactions may indicate a synthetic identity being used for fraud after being “aged.”
  • Inconsistencies in social media presence, such as minimal activity or sudden profile creation, often suggest a synthetic identity with a limited or fabricated digital footprint, indicating potential fraud. 

Preventing Synthetic Identity Theft

To effectively prevent synthetic identity theft, it’s essential to implement robust security measures and proactive strategies. Here are key steps financial institutions can take to safeguard against this type of fraud:

1. Implement Strong Identity Verification Processes

One of the most effective ways to prevent synthetic identity theft is by implementing rigorous identity proofing processes. Here are some strategies to consider:

  • Multi-Layered Verification: Use multiple data points to verify identities. Combining checks such as SSN validation, address history, and phone number verification can make it harder for synthetic identities to pass through. 
  • Document Verification: Require customers to submit government-issued identification and verify these documents through secure and reliable methods. Automated document verification systems can cross-check the authenticity of submitted IDs. This can be done through KYC or KYB.
  • Biometric Verification: Employ biometric data such as fingerprints or facial recognition. These are much harder for criminals to fake and can add an extra layer of security.

Streamline Customer Onboarding

Say goodbye to manual KYC processes and hello to fully customizable automation that onboards customers faster and safer than ever.

Effectiv's platform ensures compliance while minimizing friction.

2. Monitor for Unusual Activity

Synthetic identities often exhibit behavior that can be flagged as unusual. Monitoring for these patterns can help detect and prevent fraud early:

  • Credit Application Patterns: Synthetic identities often apply for credit at multiple institutions in a short period. Monitoring for such patterns can help flag potential synthetic identity fraud.
  • Transaction Monitoring: Look for unusual transaction patterns, such as rapid increases in credit limits or high-value transactions, shortly after opening an account.
  • Address and Contact Information Changes: Frequent changes in contact details can be a red flag. Regularly review and validate these changes to ensure they are legitimate.

3. Educate and Train Employees

Your employees are the first line of defense against synthetic identity theft. Regular training and awareness programs can help them recognize and respond to potential fraud:

  • Awareness Training: Educate employees about synthetic identity theft and its signs. Provide examples and case studies to illustrate how these frauds occur.
  • Fraud Detection Skills: Train employees in advanced fraud detection techniques. This can include recognizing patterns, understanding common fraud tactics, and knowing how to escalate suspicious activity.
  • Regular Updates: Keep your team updated on the latest trends and methods used by fraudsters. Cybercriminals are constantly evolving their techniques, and staying informed is crucial.

4. Collaborate With Industry Peers

Sharing information and collaborating with other organizations can strengthen your defenses against synthetic identity theft:

  • Industry Groups: Join industry groups and forums where information about fraud trends and prevention strategies is shared. This can help you stay ahead of new threats.
  • Data Sharing: Participate in data-sharing initiatives where possible. Sharing anonymized data about fraud attempts can help build a broader understanding of emerging threats.

5. Use Advanced Technology Solutions

Leveraging technology can provide a significant advantage in the fight against synthetic identity theft:

  • Artificial Intelligence (AI): Implement AI-driven fraud detection systems that can analyze vast amounts of data and identify patterns indicative of synthetic identity fraud.
  • Machine Learning: Use machine learning algorithms to continuously improve fraud detection capabilities. These systems can learn from each fraud attempt and adapt to new tactics used by criminals.
  • Identity Resolution Platforms: Consider platforms that specialize in identity resolution. These platforms use advanced analytics to connect disparate data points and identify synthetic identities.

Stay Ahead of Evolving Fraud Tactics

Staying one step ahead in the ever-changing landscape of financial crime is crucial. Partner with Effectiv to access cutting-edge AI and machine learning technologies that continuously adapt to emerging fraud patterns.

6. Regularly Review and Update Security Measures

The tactics used by fraudsters are always evolving, so it’s important to review and update your security measures regularly:

  • Periodic Audits: Conduct regular audits of your identity verification processes and fraud detection systems. Look for gaps and areas where improvements can be made.
  • Policy Updates: Ensure your policies and procedures are up-to-date with the latest best practices and regulatory requirements.
  • Continuous Improvement: Foster a culture of continuous improvement where feedback from fraud detection efforts is used to enhance security measures.

Impact of Synthetic Identity Fraud

The consequences of synthetic identity fraud extend far beyond immediate financial losses for banks and businesses. This insidious form of financial crime creates a ripple effect, impacting individuals, communities, and the economy as a whole.

For victims whose personal information is used to create synthetic identities, the impact can be devastating.

Even though the synthetic identity isn’t directly linked to their credit history, the use of their SSN or other details can cause numerous problems. Victims may struggle to obtain credit, secure employment, or rent an apartment. Fraudulent activities tied to their information can raise red flags in background checks and credit reports.

Financial institutions bear a heavy burden when it comes to synthetic identity fraud. They face direct financial losses from fraudulent loans and credit lines. Additionally, banks must invest significant resources in fraud detection and prevention measures. This includes implementing sophisticated analytics tools and training staff to recognize signs of synthetic identity fraud. Banks also collaborate with law enforcement and other institutions to share information and best practices.

Moreover, synthetic identity fraud undermines trust in the financial system. As more consumers fall victim to this crime, confidence in banks, credit card companies, and other financial institutions erodes. This loss of trust can have far-reaching consequences. These range from reduced economic activity to reluctance to participate in the digital economy.

The Effectiv Platform – A Solution for Combating Synthetic Identity Theft

In conclusion, synthetic identity fraud is a major threat to financial institutions, but with the right tools, it can be mitigated.

Effectiv’s AI-powered platform offers a robust solution by providing real-time data checks, customizable AI/ML models, and enterprise-level protection at an affordable cost. By leveraging advanced technology like Effectiv, banks and fintechs can enhance their fraud prevention strategies, safeguard their customers, and secure their operations.

Stay proactive and explore how Effectiv can fortify your institution against synthetic identity fraud.

Synthetic ID Fraud FAQs

What is the difference between identity theft and identity fraud?

Identity theft involves stealing someone’s personal information, while identity fraud is the actual use of that information for illicit gain. In the case of synthetic identity fraud, identity theft is used to obtain real SSNs or other personal data, which is then combined with fake information to create a new, synthetic identity. This synthetic identity is then used to commit fraud.

How can financial institutions educate their customers about synthetic identity fraud?

Financial institutions can educate customers about synthetic identity fraud by providing clear information on their websites, in account statements, and through targeted campaigns. Key points to cover include what synthetic identity fraud is, how it works, signs that one’s identity may have been compromised, and steps to take if fraud is suspected. Encouraging regular credit monitoring and prompt reporting of suspicious activity is also important.

How can a bank detect synthetic identity fraud during the account opening process?

Banks can detect synthetic identity fraud during account opening by using a multi-layered approach that combines identity verification, fraud detection tools, and manual reviews. This may include:

  1. Verifying applicant information against multiple data sources
  2. Using machine learning to detect inconsistencies or red flags
  3. Employing biometric verification and device fingerprinting
  4. Checking for suspicious patterns, such as multiple applications from the same IP address
  5. Providing employee training on spotting synthetic identities 

What steps can entrepreneurs take to protect their businesses from synthetic ID fraud?

Entrepreneurs should implement robust verification processes, educate employees about recognizing fraud risks, and utilize advanced fraud detection tools. Regularly updating security protocols and collaborating with financial institutions for shared insights can further enhance protection against synthetic ID fraud.

Why is synthetic ID fraud particularly challenging to prevent?

Synthetic ID fraud is challenging because it combines real and fake data, making it harder to detect with traditional methods that rely on verifying identity information.

More from Effectiv

More from Effectiv

Prevent Fraud In Real-Time & Safely Onboard Customers with One Platform