Voice of the Industry

Are you for real? The rise of synthetic identity

Tuesday 25 July 2023 08:16 CET | Editor: Alin Popa | Voice of the industry

Synthetic identity is gaining prevalence and popularity with fraudsters in the financial crime space. What is Synthetic Identity? Why is it growing so quickly? And most important - is there any way it can be detected and stopped?


The Definition of Synthetic Identity

In the US, financing decisions are based on a credit score. The higher the score, the larger the line of credit extended. The only way to increase a credit score is to buy things on credit and repay it as often as possible.

Credit scores are built on a social security number (SSN). A fraudster will use the SSN of someone with no credit history to apply for a loan or credit card. These SSNs are often referred to as ‘credit invisible,’ and they account for 1 in 10 adults. They may be elderly or homeless people – unlikely to be checking their history regularly. Fraudsters also use the SSNs of children or fabricate numbers that look genuine. The fake personality is completed with address, phone number, and sometimes additional personal details.

When the ‘new’ SSN is provided, the credit bureau cannot unequivocally know whether the individual applying for a loan is real. All they can say is whether they have a record of the details or not. They just assume that the application is legitimate, generate a record based on those details, et voilà! They create a Synthetic ID without realising it.

How Synthetic ID is used in fraud schemes

A fraudster only needs a small amount to begin. They borrow USD 200 and pay it back. They do it again. This looks great to the financial system! To reward this upstanding consumer behavior, the credit score builds, and more credit is extended.

The next step in the process is referred to as ‘busting out.’ The fraudster gains a significant amount of credit (say, USD 20k) and maxes it out. Then they pay their balance with a fake check to ‘cover’ the credit. By the time the check fraud has been determined, the fraudster has already maxed the credit card again and doubled their money. They either disappear or claim identity theft, which reinstates their credit line so they can max it out one more time.

Why Synthetic ID is so easy to exploit

Industry experts have identified these contributing factors that have led to the explosion of synthetic identity fraud:
  • Randomised SSNs: The SSA began randomising the assignment of SSNs in 2011, which eliminated the geographical significance of the first three digits (once referred to as the area number) and, in turn, the predictable, chronological significance of the remaining digits.
  • Increase in PII available to fraudsters: The volume of PII exposed in data breaches increased by 126% between 2017 and 2018, according to the Identity Theft Resource Center, with over 446 million records exposed. Fraudsters can purchase these breached records for a dollar on a dark web marketplace. 

Aren’t there checks and preventative measures in place?

Of course, financial institutions follow Know Your Customer (KYC) processes to confirm a customer’s identity. Based on SSNs and PII, these measures fulfill legal, regulatory, and internal policy requirements that enable them to maintain compliance and mitigate risk. But they are limited, and those limits are exploited by bad actors.

A full validation of an SSN at the Social Security Administration (SSA) requires written consent on a specialised form. This is too time-consuming for the business and can potentially drive away customers, so it’s not often utilised. Instead, investigations and validations focus on what’s more readily available: profiling though open-source information such as social media accounts and online documentation. But these types of ‘proof’ are easy for fraudsters to fabricate.

Payments professionals can protect their organisations (and consumers) from Synthetic ID fraud 

It may seem like the odds are stacked against stopping Synthetic Identity fraud. But mitigation begins with awareness.

Risk and credit analysts and onboarding agents must be educated about Synthetic ID, its prevalence and scope, and the tactics employed to perpetuate these scams. Once they know what they are looking for, they have a significantly increasing chance of catching it.

Then comes cooperation. The intel and best practices should be shared with fellow payments professionals across organisations, advancing mitigation efforts throughout the industry for a greater scale of impact.

The next step is innovation. Traditional machine learning models that predict identity fraud do not usually catch the ‘long game’ play of Synthetics. But AI is continually evolving and can be trained to detect the unique differences between Synthetic IDs, real debtors, and other fraud schemes such as identity theft. 

With technology, collaboration and education, the payments industry can — and should —play a key role in stopping Synthetic Identity fraud.

About Anna Pogreb

Anna Pogreb (CFCS) is a senior risk strategist at EverC. With over 15 years' experience in payments, compliance, and technology, she is fervently dedicated to fighting fraud with integrity and intellect, as well as restoring dignity to those most impacted by it on a global scale. Her ability to analyze risk is built on a lifetime of diverse experiences that have given her unique knowledge of cultures, languages, and tactics used by fraudsters. Anna is a certified financial crime specialist and an active member of the Israeli Fraud Fighters community group.

About EverC

EverC is focused on powering growth for the ecommerce ecosystem. Our automated AI-driven, cross-channel risk management solution rapidly detects high-risk merchants, transaction laundering, and illicit products, and provides ongoing monitoring to uncover evolving risks. Our team comprises domain experts in risk intelligence, open-source, deep, and dark web, and online fraud detection. Learn more at www.everc.com!

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: identity theft, synthetic identity, KYC, digital identity
Categories: Fraud & Financial Crime
Countries: World
This article is part of category

Fraud & Financial Crime