Synthetic Identity Fraud

What is Synthetic Identity Theft? Learn How to Stop It

Quick Answer

Synthetic identity theft is a form of digital fraud where an identity thief combines stolen information with other real or invented data to create phony credentials that can be used to commit acts of financial fraud.

Synthetic identity theft represents a growing threat to digital customers and online businesses. It works by piecing together fragments of the victim’s identity from multiple sources, creating a composite that can be used for fraudulent credit applications and purchases.

This constitutes a more sophisticated form of identity theft than conventional attack methods, making it more difficult to stop. Fortunately, there are steps that companies can take to protect themselves and their customers from synthetic identity fraud. In this article, we’ll provide you with the information you need to understand how synthetic identity theft occurs and how to prevent it.

Synthetic Identity Theft Definition

Synthetic identity theft is a digital fraud method that combines data from multiple sources (real and invented) to create phony credentials to commit financial crimes. Typically, pieces of real Personally Identifiable Information (PII) are combined with false information to give the appearance of legitimacy. For example, a person’s real name and Social Security Number (SSN) may be combined with a different email and bank account to divert funds from a loan application in the victim’s name to the criminal’s bank account.

What Are the Types of Synthetic Identity Theft?

Synthetic identities typically fall into two main categories:

Identity Compilation

Also known as “Frankenstein fraud,” this method involves combining real information with fabricated credentials to create a new, false identity.

Identity Manipulation

This approach alters genuine identity details to form a synthetic identity. For instance, an individual with poor credit might change their name on applications to conceal their credit history. This type of fraud is generally easier to detect compared to identity compilation.

How Do You Create a Synthetic Identity?

Creating a synthetic identity typically begins with the theft of a real credential such as a Social Security Number or Employer Identification Number (EIN). This may be combined with other real credentials, such as real names or dates of birth.

Then, real information gets combined with false data such as fake addresses or emails and bank accounts not owned by the victim of the identity theft scam. Combining real and fake information enables the perpetrator to commit financial crimes such as applying for a credit card in the victim’s name, or applying for a loan. Some fraudsters also use synthetic identities to make fraudulent purchases and have them sent to the wrong address, from which they can be returned for a refund or sold for profit.

How Does Synthetic Identity Theft Occur?

Synthetic identity theft happens when fraudsters create a false identity by combining real and fake information. Here’s a simplified breakdown of the process:

  • Obtaining Real Information: Fraudsters acquire genuine data, such as Social Security numbers (SSNs), often from vulnerable individuals like children or seniors.
  • Creating Synthetic Profiles: Using the real SSN, they fabricate other details like names, birthdates, and addresses to form a new identity.
  • Building Credibility: The synthetic identity is used to apply for low-level credit products. After some initial rejections, some applications are approved, and these accounts are managed to build a positive credit history.
  • Exploiting the Identity: Once the synthetic identity has a solid credit profile, fraudsters apply for larger loans and credit cards, eventually maxing out the credit and disappearing, leaving financial institutions with losses.
  • Evading Detection: These identities often bypass traditional fraud detection systems because they include real data mixed with fake elements, making them harder to spot.

Synthetic Fraud Detection

Synthetic identity theft is difficult to detect for several reasons. The synthetic identity represents a non-existent person or business composed of pieces of real accounts, so the warning signs which accompany the impersonation of real individuals may go under the radar for a while. If the perpetrator is using the SSN of a small child, the fake identity may be used for years before anyone notices. Even when the victim is older, the thief may spend a long time building fake credit before disappearing with unpaid debt. Only then do creditors contact the original information owner to inquire what’s wrong. By then, the thief may be using another new identity, and the stolen money may be in a bank account in another country.

Tips for Early Detection of Synthetic Fraud

To help mitigate the risks and detect synthetic identity theft early, consider these proactive measures:

  1. Monitor Credit Reports Regularly: Regularly check your credit reports for any unfamiliar accounts or activities. Promptly report any discrepancies.
  2. Use Credit Monitoring Services: Consider using credit monitoring services that alert you to changes in your credit report, such as new accounts or inquiries.
  3. Freeze Credit for Minors: If you have children, freeze their credit until they are old enough to use it. This prevents fraudsters from using their SSNs.
  4. Enable Alerts on Financial Accounts: Set up alerts for your bank and credit card accounts to notify you of any suspicious transactions.
  5. Verify Personal Information: Be cautious when sharing personal information online or over the phone. Ensure you are dealing with legitimate organizations.
  6. Stay Informed About Data Breaches: Keep track of data breaches that may involve your information and take appropriate actions, such as changing passwords or monitoring accounts more closely.

What Are the Consequences of Synthetic Identity Theft?

Synthetic identity theft affects the individual victims whose data is stolen and the institutions targeted for fraud. An individual or business whose identity is stolen may come under suspicion by authorities, potentially placing them in legal jeopardy. Even if they can prove their identity was stolen, they may face hassles when applying for credit cards or loans. Fortunately, as long as consumers report identity theft promptly, their financial liability for misuse of their accounts is limited to $50.

However, the full impact of synthetic identity theft extends beyond individual victims. Financial institutions and retailers also suffer from this type of fraud. Since consumers have limited liability for the cost of theft, financial providers and retailers often bear the brunt of the losses. Additionally, their customers may blame them for inadequate preventive measures, damaging their brand reputation.

How to Prevent Synthetic Identity Theft

To guard against the financial loss and brand damage associated with synthetic identity theft, security experts recommend that financial providers, fintech companies, eCommerce retailers, and other affected businesses take several preventive measures:

  • Following Know Your Customer (KYC) best practices to authenticate the identity of new customers
  • Using artificial intelligence machine learning to cross-reference customer data with other databases and automate the process of detecting suspicious data patterns and discrepancies
  • Implementing multi-factor authentication to confirm customer identity during transactions
  • Adopting biometric identification methods such as facial recognition to strengthen customer authentication procedures

Taking these steps can reduce the risk of you and your customers falling prey to synthetic identity theft.

Protect Your Company and Customers from Synthetic Identity Theft with Incode

Stealing digital credentials and using them to build synthetic identities has become a favored tactic of cybercriminals, and financial service providers often end up footing the bill. Fortunately, you can protect your company by deploying automation to implement powerful new security strategies such as machine learning and biometric authentication. The Incode Omni platform provides an end-to-end identity authentication platform that lets you implement robust security procedures while delivering a fast, frictionless experience for online customers. Contact our team to schedule a demo and see how we can help you protect your company and customers from synthetic identity theft.

FAQs About synthetic Identity Fraud

Is Synthetic Identity Theft Common?

The growth of online financial transactions has increased the incidence of synthetic identity theft. As physical credit card security technology has improved, criminals have turned to synthetic identity theft as an alternate way to exploit credit cards. In 2021, the Federal Trade Commission received 2.8 million fraud reports from consumers, with losses of over $5.8 billion, an increase of 70% from 2020. This total included several different categories of fraud, with identity impersonation topping the list.

What Is the Difference Between Synthetic Identity Fraud and “Traditional” Identity Theft?

Synthetic identity theft differs from previous types of identity theft in the way stolen data is used, assembled, applied, and detected:

  • While traditional identity theft involves impersonating an entire identity, synthetic identity theft steals fragments of different identities to create a new, artificial one.
  • Traditional theft often relies on a single data source, whereas synthetic theft combines multiple real and fictional credentials.
  • Traditional scams use the victim’s original identity for fraudulent activities, while synthetic scams use fabricated identities.
  • Detection also varies: traditional identity theft is usually discovered through suspicious charges, but synthetic theft can go unnoticed since the synthetic identity is not directly linked to the original owner.

These distinctions make synthetic identity theft more sophisticated and harder to detect than traditional identity theft.