Synthetic Identity Fraud: The Billion-Dollar Threat No One Talks About
Synthetic identity fraud blends real and fake data to create false identities, costing billions globally. Learn its methods, impact, and how to combat it.
Synthetic identity fraud is an emerging and rapidly growing type of financial crime, costing billions around the globe every year.
Unlike traditional identity theft, which uses accurate personal information to impersonate actual persons, SIF uses fabricated and stolen personal data to make a "new" identity or person, making detection extremely challenging.
This article takes a peek into the workings of synthetic identity fraud, why it matters as such a threat, and what can be done to combat it.
What is Synthetic Identity Fraud?
Synthetic identity fraud (SIF) constructs a false identity based on actual and fabricated data. Unlike identity theft, which involves the outright theft of someone else's identity, SIF creates a profile that does not match any individual. These identities could remain undetected for years, leaving behind trails that account for financial losses.
Critical Components of Synthetic Identities
- Actual Data: This was often stolen from data breaches or the dark web, such as Social Security Numbers (SSNs) or Taxpayer Identification Numbers (TINs). Preferred data sources are children's and deceased SSNs because their activity is low and they lack credit histories.
- Fictional Data: This includes fictitious names, addresses, and phone numbers to finish the identity.
How Fraudsters Use Synthetic Identities
- Applying for Credit: Fraudsters take a loan against a synthetic identity or apply for a credit card. Even if they decline, they leave footprints, starting an essential record to credit history.
After some time, the fraudster seems to have established a fake identity because financial institutions report payments to credit bureaus. Bust-out schemes are where the criminal maxes out loans or credit cards and vanishes, leaving the institution with a loss.
A fraudster could take a child's unassigned SSN, pair it with a fictitious name and address, and then use this synthetic identity to apply for a loan. After engaging those loans and becoming accessible to funds, he defaults, resulting in a loss to the bank.
Why is Synthetic Identity Fraud So Hard to Detect?
Combining Real and Fake Data:
Synthetic identification is not linked to a single identifiable victim. Take, for instance:
- SSNs of Children: Children generally don't have a credit history, which makes their SSNs most preferred.
- Fictitious Names and Birthdates: A fictitious name with a real SSN evades many detection schemes designed to match existing records.
Evasive Nature:
- Invisible to Victims: Since synthetic fraud does not touch real people, this does not become evident until the creditors/institutions face losses.
- The challenge to Credit Bureaus: This inadvertently makes credit agencies validate synthetic identities by creating records for them.
The sample in 2021 was that of the criminal network using synthetic identities to defraud an American bank of loans amounting to $39 million. By the time discrepancies were raised, the network had vanished.
The Billion-Dollar Impact of Synthetic Identity Fraud
Global Financial Loss
With an estimated $20 billion in costs worldwide, synthetic identity fraud will cost the world economy in 2022. Furthermore, the report from Deloitte enumerates almost 20% of all credit card fraud losses in America as having been associated with identity fraud.
Industries at Risk
- Banking: Fraudsters use the loopholes in KYC procedures to create accounts using synthetic identities.
- Healthcare: Criminals can obtain medical benefits or drugs by using false identification.
- Retail and E-Commerce: Fraudsters use BNPL (Buy Now Pay Later) services to acquire possessions they will never pay for.
A global fraud was relayed on BNPL in 2020, involving hundreds of synthetic identities, which incurred losses of $12 million for retailers.
How Synthetic Identity Fraud Works
An artificial way of doing things is a pro-step process for harvesting data:
Fraudsters' collection of SSNs usually targets children or dead ones. Due to data breaches, millions of SSNs and confidential information are sometimes exposed (e.g., Equifax Record Breach, 2017).
- The Identity Creation: Combine the stolen SSN with fabricated information such as phony name, address, and telephone number. Apply to the credit bureaus to create a file.
- Establishing Credit: Low-limit credit cards or loans, then make small, timely payments to build credibility.
- Fraud Executed (as in Bust-Out): Live large on credit or take loans, then default and disappear, leaving all financial institutions to suffer losses.
In 2019, a synthetic identity linked with a fictitious business obtained $5 million in loans from various banks before defaulting on all loans.
Technological Enablers of Synthetic Identity Fraud
- Informed the public about data attacks: Data breaches expose sensitive information from the millions of records that have just fallen to the MOVEit hack in 2023. The price for stolen Social Security Numbers on the dark web is as little as $2.
- AI-Driven Tools: Frauds create realistic IDs, deepfake videos, and voice patterns through AI that pass verification. Generative AI fosters synthetic identity creation by facilitating its advanced phishing and social engineering capabilities.
- Fraud-as-a-Service (FaaS): "Buyers can now easily carry out their fraud activities using these synthetic identities linked to pre-created credit scores" - criminals, in this case, sell synthetic identities.
How to Detect and Prevent Synthetic Identity Fraud
Technological Defenses
- Artificial Intelligence and Machine Learning: Traces of unusual patterns are determined in account openings and transactions through predictive analytics. For example, AI measures may detect inconsistencies like the mismatch or validity of identity document issuance dates, such as in Social Security Numbers.
- Biometric Authentication: With fingerprints or facial recognition, identity verification reduces dependence on static information. Cross-
- Reference Data: Consistent application of SSN against public death records or child registers aids in identifying discrepancies.
Institutional Efforts
- KYC and AML Programs: Banks will strengthen the KYC methods and authenticate the customer. Anti Money Laundering (AML) tools notify unusual financial activities.
- Cross-functional collaboration: Sharing fraud intelligence among financial institutions through law enforcement and credit bureaus.
Consumer Awareness and Protection
Although synthetic identity theft is mainly targeted at institutions, there is also a part of consumer prevention:
- Periodic Monitoring of Credit: Look for strange accounts or inquiries on your credit report. Experian and TransUnion provide such free credit monitoring.
- Safety of Personal Information: Do not share too much personal information online or via insecure channels.
- Report Fraud: Notify the Federal Trade Commission (FTC) or local authorities if you suspect misuse of your information.
Future Trends in Synthetic Identity Fraud
- Heightened Sophistication: AI tools and blockchain technologies are also used to launder proceeds from synthetic fraud.
- Stronger Regulations: The most recent are the nations applying stiffer protection laws regarding data, including GDPR and CCPA, to reduce data breaches.
- Joint Initiatives: Financial institutions, regulators, and technology firms have developed common platforms to track and fight against fraud trends.
Synthetic identity fraud is arguably one of the most silent but gravest financial threats globally. It feeds on systemic weaknesses and flourishes in the digital era, inflicting businesses with losses running into billions.
Detection and prevention have remained tough, although advancement in AI, much augmentation of collaboration, and greater awareness offer some hope. Individuals and businesses must remain alert to stay ahead of fraudsters to protect the financial ecosystem.
