$994 million.
That’s how much U.S. financial institutions lost to synthetic identity fraud through bank credit cards alone in the first half of 2023, according to TransUnion. This represents an 8.4% increase from the previous year, underlining the rapidly growing threat of synthetic identity fraud.
While traditional identity theft has long been a concern, this new, more sophisticated form of fraud is causing significant financial losses and keeping fraud executives up at night.
Synthetic identity fraud has far-reaching consequences that extend beyond just financial institutions (FI). While FIs bear the financial and reputational impact, the consequences don’t just end at the consumer but also impact the economy.
As fraudsters become increasingly adept at creating and exploiting fake identities, the potential for widespread financial disruption grows.
In this article, we dive into the complexities of synthetic identity fraud, exploring its types, techniques used by fraudsters, and strategies to combat it. We’ll also look at the tools available to fight this fraud to better safeguard institutions, protect customers, and contribute to a more secure and resilient financial landscape.
What is Synthetic Identity Fraud?
Synthetic identity fraud—a sophisticated and insidious form of financial crime—involves creating fictitious identities using a combination of real and fake personal information.
Unlike traditional identity theft, where a victim’s entire financial identity is stolen and exploited, synthetic identity fraud involves the creation of “Franken-fraud” identities. Fraudsters typically combine legitimate personally identifiable information (PII), such as Social Security numbers (SSNs), names, and addresses, from multiple individuals, sometimes augmenting them with fabricated details.
For example, a real SSN (often stolen from a child or elderly person) may be combined with another person’s name, address, phone number, and a newly created email account controlled by the fraudster.
This amalgamation of real and fake information makes synthetic identity fraud particularly challenging to detect.
Although the identity may appear valid and pass initial verification checks, fraudsters use these synthetic identities to apply for credit cards, loans, and other financial services. They intend to “bust out” by maxing out credit limits and disappearing without a trace, leaving financial institutions with significant losses.
Types of Synthetic ID Fraud
Synthetic identity fraud comes in various forms, each presenting unique challenges for fintechs and financial institutions. Understanding these different types is crucial for developing effective prevention and detection strategies.
Here are three common types of synthetic identity fraud:
| Serial No. | Type of Synthetic ID Fraud | Key Characteristics |
| 1 | Manipulated Synthetics | Real SSN + Fake details (name, address). |
| 2 | Manufactured Synthetics | Completely fabricated identities using fake SSN, name, address. |
| 3 | Identity Compilation | Patchwork of real info from breaches or social media to create a fake identity. |
Understanding Synthetic Identity Fraud
Synthetic identity fraud is a complex and evolving threat. So, it’s important to understand exactly this type of fraud occurs, the methods fraudsters use, and the challenges it presents to financial institutions.
How Synthetic Identity Fraud Occurs
Synthetic identity fraud is a complex and multi-faceted process that typically unfolds over a significant period. Here’s a breakdown of how it typically happens:
Step 1: Acquiring a Valid SSN
The fraudster starts by obtaining a real SSN, often belonging to someone with little to no credit history. This could be a child, a deceased individual, or a person with limited financial activity.
Step 2: Creating a Fictitious Identity
With a valid SSN in hand, the fraudster begins to craft a fake identity around it. They attach fabricated personal details like names, addresses, and birthdates to the SSN, bringing to life a seemingly legitimate persona.
Step 3: Establishing Credit
The fraudster then uses this newly minted synthetic identity to apply for credit cards, loans, and other financial services. They start small to build a credit history and patiently nurture the identity over time, gradually increasing credit limits.
Step 4: Legitimizing the Persona
To further validate the synthetic identity, the fraudster employs resorts to tactics. These include using drop addresses, creating fake social media profiles, or adding the identity as an authorized user on existing credit accounts. This process can span months or even years as the fraudster meticulously cultivates a strong credit profile.
Step 5: The “Bust-Out” Scheme
Once the synthetic identity has established a strong credit profile and secured high credit limits, the fraudster strikes. They max out the credit lines, siphoning as much money as possible. Then, like a ghost, the fraudster vanishes, leaving the financial institution to bear the losses with no recourse for recovery.
How Fraudsters Create Synthetic Identities
The rise of social media and online platforms has made it easier for fraudsters to create synthetic identities. They can use these channels to establish a digital footprint for their fictitious personas. For example, they may create social media profiles, then post content, and engage with other users to give the appearance of a legitimate individual.
Creating synthetic identities involves several steps, each aimed at constructing a persona that appears legitimate to financial institutions and other entities.
Here’s an overview of the process:
1. Data Gathering
Fraudsters begin by gathering personal information from multiple sources. This may include stolen SSNs, names, dates of birth, addresses, and other identifying details. They acquire this information through data breaches, phishing schemes, and social engineering tactics, or by purchasing it on the dark web.
2. Combination of Real and Fake Information
Fraudsters mix and match real and fabricated information to create a new identity. For instance, they might use a real Social Security number with a fake name and address. Alternatively, they could use a real address with a fake name and SSN. This blending of real and fake details enhances the credibility of the synthetic identity.
3. Creation of Supporting Documentation
To further legitimize the synthetic identity, fraudsters may create fake documents. These documents include driver’s licenses, utility bills, or pay stubs. They are designed to match the fabricated details of the identity. Fraudsters use them to provide additional verification when applying for financial products or services.
4. Establishment of Initial Credit Profile
Once the synthetic identity is created, fraudsters begin building a credit history for it. They may start by applying for small loans, secured credit cards, or store credit. Initially, they may only be approved for low-limit credit products. However, the goal is to gradually improve the creditworthiness of the synthetic identity over time.
5. Credit Building and Maintenance
Fraudsters work to maintain the synthetic identity’s credit profile by making timely payments and managing credit responsibly. This may involve paying off debts, keeping credit utilization low, and avoiding actions that could raise red flags with credit bureaus or financial institutions.
6. Expansion and Monetization
As the synthetic identity’s credit profile improves, fraudsters may apply for larger credit lines, loans, or other financial products. They may also engage in activities such as credit card fraud, identity theft, or money laundering to exploit the synthetic identity for financial gain. Additionally, in some cases, they may sell the synthetic identity to other criminals for use in fraudulent activities.
Methods for Constructing Synthetic Identities Over Time
Synthetic identity fraud is particularly insidious due to the prolonged, meticulous process fraudsters undertake. To establish credible credit profiles, they patiently nurture fake identities over extended periods, sometimes spanning years. Here are the key methods they use:
1. Piggybacking on Existing Accounts
Fraudsters add synthetic identities as authorized users on legitimate credit accounts. This tactic allows the synthetic identity to inherit a positive credit history, lending it an appearance of credibility, tactic known as “piggybacking.”
Here’s how they execute it:
- They recruit account holders with good credit to add the synthetic identity as an authorized user
- The synthetic identity piggybacks on the primary account holder’s positive credit history, improving its credit score
- With an enhanced credit score, fraudsters use the synthetic identity to apply for new credit cards, loans, and other financial products
- After establishing a credible credit profile, fraudsters max out the credit lines and cease payments, causing significant losses for lenders
Fraudsters may also use the established synthetic identity to create and nurture additional synthetic identities, expanding their network of fraudulent identities
2. Gradual Credit Buildup
Fraudsters employ a patient, calculated approach to establish credibility for their synthetic identities.
They start by opening bank accounts and securing credit cards with low limits, using a fake persona. Over time, they make small purchases and consistently pay off the balances, demonstrating responsible credit behavior.
This process can take months or even years, as the fraudster meticulously builds a positive credit history.
- Fraudsters may also take out small loans and pay them back promptly to further bolster the synthetic identity’s creditworthiness.
- They gradually increase the credit limits on their accounts, slowly building trust with financial institutions.
- This drawn-out process makes it challenging for banks and lenders to detect fraud in its early stages, as the synthetic identity’s credit behavior appears legitimate.
By the time the fraudster is ready to execute the “bust-out” scheme, the synthetic identity has a well-established, positive credit profile, allowing it to secure significant credit lines and inflict substantial financial damage.
3. Exploiting Data Breaches and Vulnerabilities
Fraudsters capitalize on the wealth of personal information exposed through data breaches to create synthetic identities.
They exploit vulnerabilities in the credit system, such as:
- The lack of a unified, real-time system for verifying identities across financial institutions
- The reliance on static personal identifiers like SSN, which can be easily stolen or misused
- The difficulty in distinguishing between real and fabricated identities, especially when genuine data is used
By combining data from multiple breaches, fraudsters can gather a comprehensive set of personal details, including names, addresses, birthdates, and SSNs.This information enables them to construct convincing personas that are difficult to detect as illicit.
Furthermore, the lag time between data breaches and the reporting of compromised information allows fraudsters ample time to exploit the stolen data before preventive measures can be implemented.
4. Manipulating the Credit Repair Process
Fraudsters take advantage of the credit repair process to enhance the credibility of their synthetic identities.
They deliberately dispute accurate negative information on the credit report, such as late payments or collections, knowing that credit bureaus have limited time to investigate and verify these claims. As a result:
- The disputed negative items are often removed from the credit report
- The credit score of the synthetic identity artificially improves
- The enhanced credit score allows the fraudster to secure higher credit limits and better loan terms
This manipulation tactic exploits the provisions of the Fair Credit Reporting Act (FCRA), which gives consumers the right to challenge inaccurate information on their credit reports.
By abusing this consumer protection measure, fraudsters can effectively “clean up” the credit history of their synthetic identities. This makes them appear more creditworthy and less suspicious to lenders. Fraudsters can subsequently perpetrate larger-scale fraud, causing significant financial harm to banks and credit unions.
5. Utilizing Fake Businesses and Shell Companies
Fraudsters frequently leverage fake businesses and shell companies to facilitate synthetic identity fraud.
They create fictitious business entities, complete with fake tax identification numbers and business licenses to establish credit lines and generate false income streams.
These fabricated companies may even have convincing websites and online presence to further the illusion of legitimacy. Key tactics include:
- Registering shell companies with state authorities and obtaining Employee ID Numbers (EIN) from the Internal Revenue Service (IRS)
- Opening business bank accounts and securing business credit cards under fake company names
- Generating fake income statements, invoices, and other financial documents to support loan applications
- Providing false employment verification for synthetic identities, claiming they work for these fake businesses
By intertwining synthetic identities with these fake businesses, fraudsters construct a complex web of deceit that can be difficult for FIs to untangle.
The multi-layered nature of this fraud, spanning both personal and business credit, makes detection a significant challenge.
Fraudsters may also exploit the often less stringent verification processes associated with business credit applications, making it easier to secure larger credit lines and inflict more significant financial damage.
Real-World Examples of Synthetic Identity Fraud
These real-world instances reveal the intricate methods employed by cybercriminals to deceive even the most stringent security measures. They also underscore the importance of vigilance in safeguarding against such threats.
Jay Patterson, a Forensic Accountant, Falls Victim to Synthetic Identity Theft
This case study highlights the fact that anyone, even financial industry experts, can fall victim to synthetic identity theft. It underscores the importance of vigilance on the part of both consumers and financial institutions in detecting and preventing this type of fraud.
Summary
Jay Patterson, a forensic accountant who routinely collaborated with consumer lawyers to investigate financial institutions, became a victim of synthetic identity theft.
A thief used Patterson’s personal information, combined with falsified details, to open an unauthorized Wells Fargo account in his name. The account remained operational for a significant period, and the thief attempted to transfer thousands of dollars through it.
How Synthetic Identity Fraud Affected Jay Patterson:
|
Hong Kong Company Loses $25 Million to Deepfake Fraud
This case study underscores the growing threat of deepfake technology and its potential to enable sophisticated synthetic identity fraud. It highlights the importance of robust cybersecurity measures, employee education, and vigilance in detecting and preventing such scams.
Summary
In January 2023, scammers used deepfake technology to trick an employee at the Hong Kong branch of an unnamed multinational company, resulting in a loss of approximately $25 million.
The employee, who worked in the company’s finance department, received a message from someone claiming to be the company’s UK-based chief financial officer (CFO). The employee then participated in a video call with deepfake versions of the CFO and other company employees.
Following instructions received during the fraudulent video call, the employee transferred a total of HK$200 million ($25.6 million) to various Hong Kong bank accounts across 15 separate transfers. The scam was discovered a week later when the employee contacted the company’s headquarters and realized that something was amiss.
How Synthetic Identity Fraud Affected the Hong Kong Company:
|
Detecting Synthetic Identity Fraud: Key Indicators for Banks and Fintechs
Experts agree that the best defense against synthetic identity fraud is a multi-layered approach. This approach leverages a wide range of available information, including data from in-house sources, public records, and digital footprints.
Elements from various accessible data sources can help build a comprehensive profile of the person presenting themselves to the financial institution.
These sources include financial history, property records, and social media accounts. Additionally, data analytics services, mobile phone number ownership, and email address history provide further insights into the individual’s background and activities.
This information can then be compared to the account opening details, and any discrepancies should be further examined.
Despite the challenges, there are several red flags that banks and fintech institutions can watch for to detect synthetic identity fraud:
- Inconsistencies in personal information, such as mismatched names, addresses, or SSNs can indicate a fabricated identity using a mix of real and fake information.
- Unusual credit behavior, like a sudden surge in credit applications or a high credit score without history, can signal a synthetic identity created for fraud.
- Multiple credit inquiries or applications from the same IP address or device can signal fraudsters using onee the same computer or network to create and manage multiple synthetic identities, leaving a detectable digital trail.
- Suspicious account activity, like a new account rapidly accumulating a high balance or making large transactions may indicate a synthetic identity being used for fraud after being “aged.”
- Inconsistencies in social media presence, such as minimal activity or sudden profile creation, often suggest a synthetic identity with a limited or fabricated digital footprint, indicating potential fraud.
Preventing Synthetic Identity Theft
To effectively prevent synthetic identity theft, it’s essential to implement robust security measures and proactive strategies. Here are key steps financial institutions can take to safeguard against this type of fraud:
1. Implement Strong Identity Verification Processes
One of the most effective ways to prevent synthetic identity theft is by implementing rigorous identity proofing processes. Here are some strategies to consider:
|
Streamline Customer Onboarding
Effectiv's platform ensures compliance while minimizing friction.
2. Monitor for Unusual Activity
Synthetic identities often exhibit behavior that can be flagged as unusual. Monitoring for these patterns can help detect and prevent fraud early:
|
3. Educate and Train Employees
Your employees are the first line of defense against synthetic identity theft. Regular training and awareness programs can help them recognize and respond to potential fraud:
|
4. Collaborate With Industry Peers
Sharing information and collaborating with other organizations can strengthen your defenses against synthetic identity theft:
|
5. Use Advanced Technology Solutions
Leveraging technology can provide a significant advantage in the fight against synthetic identity theft:
|
Stay Ahead of Evolving Fraud Tactics
6. Regularly Review and Update Security Measures
The tactics used by fraudsters are always evolving, so it’s important to review and update your security measures regularly:
|
Impact of Synthetic Identity Fraud
The consequences of synthetic identity fraud extend far beyond immediate financial losses for banks and businesses. This insidious form of financial crime creates a ripple effect, impacting individuals, communities, and the economy as a whole.
For victims whose personal information is used to create synthetic identities, the impact can be devastating.
Even though the synthetic identity isn’t directly linked to their credit history, the use of their SSN or other details can cause numerous problems. Victims may struggle to obtain credit, secure employment, or rent an apartment. Fraudulent activities tied to their information can raise red flags in background checks and credit reports.
Financial institutions bear a heavy burden when it comes to synthetic identity fraud. They face direct financial losses from fraudulent loans and credit lines. Additionally, banks must invest significant resources in fraud detection and prevention measures. This includes implementing sophisticated analytics tools and training staff to recognize signs of synthetic identity fraud. Banks also collaborate with law enforcement and other institutions to share information and best practices.
Moreover, synthetic identity fraud undermines trust in the financial system. As more consumers fall victim to this crime, confidence in banks, credit card companies, and other financial institutions erodes. This loss of trust can have far-reaching consequences. These range from reduced economic activity to reluctance to participate in the digital economy.
The Effectiv Platform – A Solution for Combating Synthetic Identity Theft
In conclusion, synthetic identity fraud is a major threat to financial institutions, but with the right tools, it can be mitigated.
Effectiv’s AI-powered platform offers a robust solution by providing real-time data checks, customizable AI/ML models, and enterprise-level protection at an affordable cost. By leveraging advanced technology like Effectiv, banks and fintechs can enhance their fraud prevention strategies, safeguard their customers, and secure their operations.
Stay proactive and explore how Effectiv can fortify your institution against synthetic identity fraud.
Synthetic ID Fraud FAQs
What is the difference between identity theft and identity fraud?
Identity theft involves stealing someone’s personal information, while identity fraud is the actual use of that information for illicit gain. In the case of synthetic identity fraud, identity theft is used to obtain real SSNs or other personal data, which is then combined with fake information to create a new, synthetic identity. This synthetic identity is then used to commit fraud.
How can financial institutions educate their customers about synthetic identity fraud?
Financial institutions can educate customers about synthetic identity fraud by providing clear information on their websites, in account statements, and through targeted campaigns. Key points to cover include what synthetic identity fraud is, how it works, signs that one’s identity may have been compromised, and steps to take if fraud is suspected. Encouraging regular credit monitoring and prompt reporting of suspicious activity is also important.
How can a bank detect synthetic identity fraud during the account opening process?
Banks can detect synthetic identity fraud during account opening by using a multi-layered approach that combines identity verification, fraud detection tools, and manual reviews. This may include:
- Verifying applicant information against multiple data sources
- Using machine learning to detect inconsistencies or red flags
- Employing biometric verification and device fingerprinting
- Checking for suspicious patterns, such as multiple applications from the same IP address
- Providing employee training on spotting synthetic identities
What steps can entrepreneurs take to protect their businesses from synthetic ID fraud?
Entrepreneurs should implement robust verification processes, educate employees about recognizing fraud risks, and utilize advanced fraud detection tools. Regularly updating security protocols and collaborating with financial institutions for shared insights can further enhance protection against synthetic ID fraud.
Why is synthetic ID fraud particularly challenging to prevent?
Synthetic ID fraud is challenging because it combines real and fake data, making it harder to detect with traditional methods that rely on verifying identity information.
