What is synthetic identity theft?
Synthetic identity theft is an insidious type of financial fraud that involves stealing a real person’s information, such as their government identity card or their date of birth and combining it with falsified personal information to create a new “synthetic” identity. The most common victims are children, the homeless and the elderly; those who are least likely to have a credit history or monitor credit carefully. Still, synthetic identity theft can happen to anyone, living or deceased.
While this blog will detail prevention and detection methods for organizations across sectors, there are signs that consumers should be on the lookout for in case synthetic identity happens to you.
What are the signs of synthetic identity theft to look out for?
Unusual activity on your credit reports and bank accounts.
Did you receive a statement for an account that doesn’t look familiar to you? Does the information look consistent to other reports you have? Perhaps your credit card bill is suspiciously higher than usual? Or, more worryingly still, you have received notice from a debt collector for a debt you never incurred. Be on alert; a portion of your personally identifiable information (PII) has perhaps been stolen to create a false identity and open a new account.
New activity on an old account.
It’s common for fraudsters to attempt to access accounts and cards to steal funds and boost credit files (for further thieving). This includes old or unused accounts. Be on the lookout for suspicious activity, such as a request for credit line increases or payment history.
Notifications from accounts you never opened.
In order to boost their synthetic persona’s credit score, fraudsters will add the victims of their identity theft as authorized users on credit card accounts that the victim never opened. This enables them to receive funds from new credit or loan applications that they submit in your name.
How does a fraudster create a synthetic identity?
There are a few ways a sophisticated fraudster can create a synthetic identity, also known as a “Frankenstein identity.” First, there’s identity compilation, described above; the fraudster purchases an individual’s Social Security Number (SSN), for example, off the dark web and combines it with an invented PII. Second, there is identity manipulation, which involves the fraudster stealing legitimate PII and altering it slightly so as to pass it as a completely new identity. Finally, there is also a method to this fraud known as identity fabrication which involves the creation of a completely false identity using completely made-up PII.
Synthetic identity fraud around the world.
According to Reuters, synthetic identity fraud has officially surpassed credit-card fraud and identity theft as the fastest-growing type of fraud around the world. In fact, consumer credit firm TransUnion uncovered that synthetic identity fraud, which accounted for 5.3% of global digital fraud in 2022, jumped in volume by 132%. Meanwhile, nearly 50% of global organizations have experienced synthetic identity fraud in the past year, with 96% of those in the banking sector going on record as perceiving synthetic identity fraud as a real threat to their business.
Indeed, the Federal Reserve has been calling it the fastest-growing financial crime in the United States for some time, accounting for nearly 80% of all identity fraud in the country. This year alone, 2023, it is estimated that synthetic identity theft will result in losses of up to $US2.42 BN in unsecured credit products and $6BN in total losses to the US banking sector.
Meanwhile, across the pond, 8.6 million people in the UK (16%) have admitted to using someone else’s identity, or a fake identity and 33% of residents aged 16-24 have used a synthetic, fake or stolen identity to access services or credit.
More worryingly, 61% of merchants in APAC have reported recent higher rates of synthetic identity fraud, the most amongst any other region globally.
How does synthetic identity theft impact your bottom line?
With numbers as startling as $6BN being quoted (and that’s just one region’s banking sector) it’s hard not to imagine the impact synthetic identity fraud has to a business’s bottom line. While banks and payment processors can (and inevitably do) raise their prices and interest rates to account for this loss and protect their bottom line, merchants cannot do this.
Indeed, when consumers finally notice something is amiss, there are some mechanisms in place when it comes to recouping chargebacks costs that can protect them. The same is not true for merchants, making the costs associated with synthetic identity fraud particularly impactful. Moreover, even if banks don’t demand a merchant compensate for lost revenue due to synthetic identity fraud, merchants are still impacted by a loss of merchandise and related expenses such as shipping and processing costs.
Of course, the impact on a financial institution’s bottom line goes beyond the initial monetary loss too. For example, too much loss damages their reputation as a trusted organization. Furthermore, the fines can be steep for noncompliance with Know Your Customer. And finally, as a bank’s margins grow thinner and rates rise, everyone is left footing the bill.
How to prevent synthetic identity theft at your organization
As we detail in our eBook dedicated to combatting synthetic identity theft, when it comes to preventing this type of fraud, it’s important to think of it as a game of chess; fraudsters think three steps ahead, so you need to think four steps ahead.
A key piece of information to remember is this: to be successful at synthetic identity fraud, fraudsters depend on static identifiers such as SSNs (which, let’s face it, are really easy to purchase or steal). Therefore, leveraging these identity attributes to verify your customer or client’s identity could be your downfall. Even if your risk assessment tools apply rules-based algorithms…. it’s simply not enough.
Indeed, to prevent synthetic identity theft, it’s important to remember that true digital identity involves dynamic identity elements, which are attributes that are can change (unlike a static attribute such as an SSN). Furthermore, dynamic attributes are global and can leverage multiple linkages, metadata, history and activity patterns to validate an identity.
The core dynamic identity elements that we consider the global standard for identity verification and fraud prevention are name, phone number, email address, home address and IP address. By validating these elements and understanding how they are linked online, businesses across sectors can get a much more accurate picture of who their customer is and, importantly, if they are who they say they are.
Why? Because these five attributes are commonly used to verify legitimate identities, which means they are also relevant in assessing and, in turn, preventing synthetic identities. What’s important to remember is the difference in how each signal changes. For example,
the link between identity elements matters more for a synthetic identity because there is often low consistency between the identity elements. Indeed, with metadata, you can see that address history versus the length of credit history would be a useful indicator for fraud because the duration should be similar. More still, IP risk is particularly effective to detect the origination and location of an identity.
At the end of the day, whether it be at account opening application or a transaction, the information that a customer enters into a record should be evaluated. And, the results of this evaluation relies on a probabilistic risk assessment, providing predictive signals of potential fraud by validating the dynamic attributes and how they behave with each other.
How to detect synthetic identity theft at your organization
Synthetic identities and their associated fraud schemes are a growing, evolving and significant threat for any organization operating online, no matter the industry. While these fraudsters show no signs of retreating, it is possible to prevent, or at the very least detect and stop these thieves before they open an account or transact with your business.
The fact is synthetic identity theft is really difficult to detect with traditional fraud monitoring systems. Indeed, Reuters estimates that, at financial institutions, 95% of synthetic identities are not detected during the onboarding process. Meanwhile, most of the losses that online retailers experience due to synthetic identity theft are either never detected or simply written off as an unrecoverable loss of doing business.
As explained above, it’s not enough to implement static identity checks and bare-minimum fraud rules that validate them, only to then leave your program on autopilot. Ultimately, detecting and preventing synthetic identity fraud requires a multi-layered strategy that places identity validation and authentication as a focal point, assisted by data quality and data-sharing layers. This means outfitting your fraud prevention platform with a combination of internal and authoritative, third-party identity data that has been vetted according to rigid acceptance criteria to ensure accuracy and security compliance. Layering this dynamic data verification with sophisticated machine learning and rules-based decisioning further strengthens security measures, enabling your fraud team to better delineate good customers from bad actors.
Indeed, it is this ability to distinguish between genuine customers and fraudulent behavior that will set you in good stead in this ever-competitive digital marketplace. Investing in effective fraud monitoring software that continuously learns and adapts to patterns, refining risk assessment models and reducing false positives, can ensure legitimate transactions and onboarding are enabled and not unnecessarily flagged as fraudulent.
Want to learn more about providing a seamless customer experience without opening the door to synthetic identity thieves? Contact us today.
