The expertise, severity, and frequency of synthetic identity theft is increasing. It has been documented that hackers accessed the US government’s Office of Personnel Management and obtained the Social Security information of about 22 million individuals.
These figures considerably grew in 2021, with 85% of those instances classified as cases of synthetic identity fraud.
While data breach is already a rising issue, cybercriminals have raised the stakes by creating synthetic identities, making it more challenging to combat cybercrime.
What is a synthetic identity?
Synthetic identity is a made-up identity established through bogus qualifications and identifying factors that aren’t linked to an actual individual. It usually uses fake social security numbers (SSNs) and fraudulent personally identifiable information (PII) to make institutions think that a person is real.
What is synthetic identity fraud?
Synthetic identity fraud (SIF) is a form of theft that involves creating a false persona and using it to commit a felony. A cybercriminal creates a new identity by combining actual and fraudulent data. Most of the time, the genuine information utilized in this activity is stolen from real people.
This data is then leveraged to create fake accounts and make bogus purchases. With synthetic identity theft, stealing money from creditors, such as credit card issuers, is possible. Fraudsters may create bank accounts and utilize them to improve their lending history and credit score. Cybercriminals may also file false accusations and use factual information in certain situations.
2 Types of Synthetic Identity Fraud
1. Manipulated Synthetics
Manipulated synthetic identities are created by altering an actual person’s SSN and other components. Scammers often use these forged personas to conceal past credit history and gain loan approvals.
Individuals with poor credit records may construct false identities to get fresh credit for legitimate purchases that they plan to pay back. The good news for businesses is that forged credentials are detectable. The key to spotting modified details is that they often clash with the genuine identity they’re enhancing and fail to pass validity tests.
2. Manufactured Synthetics
Manufactured synthetic identities include combined legal data gathered from different individuals. Dubbed ‘Frankenstein’ personas, scammers piece together various PIIs from actual persons to construct false profiles.
They’re constructed using invalid information, such as SSNs chosen by fraudsters from the same pool of numbers that the Social Security Administration uses to issue SSNs at random. There are no known consumers whose PII was utilized to establish the account. Even with current tools, identifying this new kind of produced synthetics is challenging.
How does synthetic identity fraud work?
In synthetic identity fraud, cybercriminals will often establish a false credit history of a fake identity over several months to a year. They’ll create a bank account, get credit cards, and make on-time payments to establish solid credit standing throughout the period. Scammers will file for progressively enormous lines of credit as their credit limit climbs, just to vanish in a ‘bust out.’
1. Fraudsters steal information from real people
Criminals will go to tremendous lengths to create a new persona. For example, they manufacture phony identification papers and even set up social media profiles with images and posts built over a significant period to give the appearance of a genuine profile by combining real and fake PII.
Synthetic fraud is dangerous for companies because, unlike third-party fraud in which a complete identity is obtained and exploited to deceive businesses and individuals, SIF typically has no identifiable consumer victim. Consumer victims are an essential tool for discovering and preventing fraud, and the absence of a complainer can make the activity difficult to detect until it’s too late to fix.
2. They combine this with fake information
A fraudster could acquire or purchase someone’s personal information on the dark web, then merge it with a fictitious profile. An estimated 40% of SIF accounts were created using data obtained from individuals born after 2011.
Moreover, an Experian research from 2021 found that fraudsters even develop counterfeit faces for biometric authentication. These faces mix physical features from several individuals to create a new look and fool facial recognition software.
3. They open an account or multiple accounts
Scammers can construct several identities using a single SSN. They can use the stolen ID number to establish new accounts and apply for programs such as insurance, medical benefits, and unemployment stipend. Cybercriminals may also use bots to generate multiple credit card applications in a short period using a single SSN.
Scammers imitate typical credit behavior, making prompt repayments and keeping a clean credit record after establishing a bank account or acquiring a credit card using a false identity, only to vanish after getting a big loan or maxing it out.
4. Creditors are left to declare a charge-off
When a creditor claims that a debt is unlikely to be collected, this is known as a charge-off. Financial institutions will record a charge-off when cybercriminals refuse to return their debts. While this is typically done in response to a debtor filing for bankruptcy, lenders are required to report a loss in the case of SIF since the borrower never existed in the first place.
Synthetic identities with a prime credit often score a charge-off 75% of the time within 23 months, resulting in an average loss of $13,000 for lenders. The rate of charge-off is significantly higher than authentic customers, who charge off at a rate of 1.5% over the same period.
6 Ways to Prevent Synthetic Identity Fraud
Although SIF is difficult to detect, careful monitoring of transactions, exercising due diligence, and leveraging technological innovations can mitigate it. Institutions should take preventive recommendations and actions to guarantee that they are safeguarded against potential fraud losses.
1. Integrate an effective KYC process
Customer risk assessment and Know Your Client (KYC) processes are a legal obligation of financial institutions to comply with Anti-Money Laundering (AML) rules. Verifying a client’s identity, financial activity, and risk level is essential in establishing effective KYC protocols.
The extensive data that banks handle and have to investigate is an immense pool that is constantly expanding, making KYC, through authentication solutions, the best solution.
Artificial intelligence (AI), authentication solutions, and machine learning algorithms, for example, may help you better validate the expanding amount of digital data you have on your clients’ identities.
2. Utilize a robust identity proofing method
Companies need to build reliable partnerships that allow them to leverage technology and innovate verification systems that are also easy to process for consumers. Partnerships are the best solution to overcome traditional yet accurate systems (that mandate the physical presence of an applicant for their identity to be verified).
3. Use monitoring software
When an account that has been existing for less than a year exhibits surges in the number of transactions, this might be a sign of new account fraud linked to SIF. Once its wire transfers, cleared checks, and credit transactions increase suspiciously, it’s possible the account is being used for fraud and should be banned from making further transactions.
Monitoring applications with accurate detecting tools can spot certain anomalies, outliers, and susceptible transactions. Outliers may be utilized to identify possible trends in the deployment of synthetic identities.
Be Smart in Combatting Synthetic Identity Fraud
Financial institutions are facing an alarming and growing danger from synthetic identity theft. It has caused and will continue to cause substantial losses if it goes undetected. To run a more trustworthy organization, you must provide an additional layer of security for your clients.
Enhanced due diligence, effective authentication solutions, KYC compliance, and fraud-monitoring tools that are tuned to the growing danger of SIF may help you achieve this.
For reliable and convenient authentication solutions, Q5id can help your company verify your customers’ identities and mitigate losses from SIF. Learn more about our services here.
With platforms powered by cooperation and the pursuit of the greater good, identity proofing, and verification are more efficient and effective for all stakeholders. Banks, for example, may adopt a platform that compels consumers who want to make the payment to scan a valid government-issued ID.
1. Leverage third-party data
Using third-party data can be a valuable tool in detecting fake identities. With individuals having natural histories, which leave digital and physical footprints, this data is difficult to imitate.
Real persons provide a consistent trail: the same address, email account, and phone number appear in many databases. Synthetic IDs are inconsistent because, although the applicant may provide certain facts (for example, a name that appears in many data systems), others are invented and will not appear.
A synthetic ID may be too constant when it is fabricated—there are no changes to the address, email account, or other data over many years. Third-party data can reveal these inconsistencies.
2. Collaborate with other companies
SIF detection has grown by more than 100%, and the capacity to capture fake personas has increased by 8%, thanks to teamwork. When total operational cost might surpass $1,000 US per occurrence, these considerable reductions in risk and losses could save many firms millions of dollars.
For far too long, businesses have approached digital identification operations alone. Fraudsters understand how crippling this can be, so they not only aim to exploit them in the organizations they target but also evade their operations by embracing networks.
Using new and more complex strategies along with a coordinated defense is crucial to combat cybercriminals. Platforms, where firms can anonymously communicate data fingerprints about bad actors with one another, are necessary so that you can detect fraudulent conduct more easily.
3. Heighten application requirements
Financial companies have made it simpler for customers to apply for loans and create bank accounts to stay ahead of the competition. Unfortunately, this process has prompted scammers to take advantage of them.
Financial institutions have a dilemma in making the procedure more difficult for fraudsters but not for genuine applicants. One method to achieve this is by requiring additional identity and occupation documents for KYC verification, particularly for profitable transactions.
Contact us to learn more.
"*" indicates required fields