In the realm of digital security, synthetic identity fraud poses a significant threat to individuals and organizations alike. This sophisticated form of fraud combines genuine and altered personally identifiable information (PII) to create fabricated identities, often referred to as “Frankenstein IDs.”
During a recent presentation at the Identity Connect Panel in London, experts discussed the alarming ease with which these fraudulent identities can be created and the proactive measures companies like Mastercard are taking to combat this growing issue.
Article at a glance:
- Understanding synthetic identity fraud: Learn how fraudsters combine real and fake personally identifiable information (PII) to create convincing false identities.
- Exploring dark web tactics: Discover how easily accessible PII on the dark web empowers sophisticated fraudulent schemes.
- Navigating trust challenges: Examine the critical balance between security measures and user experience in online transactions.
- Data utilization strategies: Uncover effective methods for leveraging data to detect and prevent synthetic identity theft.
Frankenstein IDs
Who here has accessed the dark web?
A simple yet provocative question was posed by Decoded’s Global Head of Facilitation, Nisha Aubeeluck, during a presentation to kick off our Identity Connect Panel in London. We gathered to discuss synthetic identity fraud – what it is, how easily it can be committed and what companies like Mastercard are doing to stop it.
Synthetic identity fraud, as defined by Decoded, involves using a combination of genuine personally identifiable information (PII) and forged or altered information to fabricate a person or entity. This sophisticated tactic of creating a “Frankenstein ID” is a fraudster’s evolved response to the enhanced cybersecurity measures implemented by organisations such as ours.
“They’re simply upping their game,” explains Aubeeluck, referring to synthetic identity thieves. She then turns to her browser to show us just how easily this game can be played.
Buying PII on the dark web
A Tor circuit (The Onion Router) is a web browser that enables users to access a network that anonymizes web traffic, providing private web browsing. Often used to access the dark web, a Tor browser hides the IP address and enables browsing by redirecting web traffic through a series of different routers called nodes.
To illustrate these layers of encryption, Aubeeluck searches for a UK passport. Immediately, several links are offered on the deep web, which will take you directly to the dark web upon clicking. Perhaps the most disconcerting aspect of this presentation isn’t the ease at which Aubeeluck was able to search for the documents needed to create a synthetic identity, but rather how legitimate the browser looked to begin with.
“We have to remember how smart these fraudsters are – UX (user experience) is really important. These browsers look like (everyday) e-commerce sites. Beyond the feature products being things like passports and undetectable bank notes… it doesn’t scream out dark web!”
Navigating trust in face of fraud
Accompanying Aubeeluck on the panel is Raphael Lawson, Fraud Director at THG, one of Britain’s major e-commerce retail companies. Lawson, who acknowledges the increasing sophistication of fraudsters, is particularly wary given the surge in first-party fraud that he has seen first-hand.
Lawson shares that trust is a challenge with online transactions. However, he recognises that preventing fraud requires a balance to avoid adding too much friction and deterring legitimate customers.
Andrew Stolz, Director of Global Partnerships at Mastercard, acknowledges the paranoia that many merchants he works with across the UK and Europe have regarding friction and PSD2.
“Strong Customer Authentication (SCA) still has such an important role to play in optimising the customer journey,” Stolz explains. “It’s all about having access to the right data, turning that data into insights and turning those insights into intelligence.”
Transforming data into trusted identities
Data is paramount to enable more confident, streamlined identity verification, but knowing how to leverage this data is key. As Stolz details, fraud such as synthetic identity theft isn’t new and yet, it remains incredibly hard to detect because issuers and merchants alike are looking at data elements that can be so easily purchased on the dark web.
For this reason, Stolz emphasises the importance of not only validating each data element but also assessing how they interact with each other and the wider digital ecosystem. By understanding these relationships, merchants can better protect themselves from synthetic identity theft, scams, deepfakes, first-party fraud – the works.
In today’s ever-evolving digital landscape, ensuring a seamless and secure experience for our customers is paramount. A trusted identity lies at the heart of this endeavour, one that extends beyond mere validation of fragmented digital identity elements. At Mastercard, we are committed to helping clients like Lawson at THG trust their customers. We combine behavioral, personal and device data in the context of real-time payment data and global fraud insights to enable our clients to truly evaluate an identity and understand the complete digital footprint. These capabilities help to build the trust required to raise the ceiling for business growth.
