Synthetic Identity Fraud

Usually, fraudsters start to create a synthetic identity by stealing an SSN then collecting primary elements (first and last name, date of birth, along with other identifiers). On top of that, they will build a stronger identity by strengthening online and offline presence, through emails, social network profiles, and mailing or billing addresses. To make the profile more genuine and enhance the validity of the identity, they even may apply for a loan – even though they get rejected – or conduct transactions, which will help them establish a track-record. Building a solid synthetic identity can take months or years, but the results often outweigh the cost.

Other techniques such as “piggybacking,” enable fraudsters to add a synthetic identity to a valid account belonging to another individual or a synthetic identity, thus benefiting and “free riding” on the already existing good credit record. In the end, the user of the synthetic identity “busts out,” by maxing out cards and disappearing.

Because of its relative low cost, synthetic identities are quite easy to establish. This fact contributed to the spread of this fraud, and had a major impact on financial industries, as well as other businesses and governments. The U.S. Federal Reserve in a 2020 white paper reported that criminal organizations may also collide with related merchants in order to cash in the fruit of their synthetic identity frauds.

Criminal organizations conducting synthetic identity fraud are able to curate automatically tens or thousands of accounts at the same time, at scale, without victims noticing. Indeed, as only one element from a person’s identity is usually stolen to compose a synthetic identity, victims are less likely to identify that some of their personal information was compromised. When it comes to SSNs, fraudsters often target elders, children, and homeless people, because this population is less likely to use their credit as frequently as any other persons. A dedicated study reported that in 2017 alone, one million children were victims of identity fraud. In the U.S., the SSN randomization led by the Social Security Administration in 2011 impacted on how identifiable this nine-digit code is, and helped fraudsters to leverage this element even more.

When tracking synthetic identities, different characteristics can help determine whether it is a legitimate or synthetic one:

Information that is not correlated or is inconsistent (e.g.: email addresses with name, name pattern, etc.);
Different identities with the same SSN;
Multiple accounts having the same phone number, mailing address, or IP address;
Multiple authorized users on the same account;
Credit history inconsistent with the profile (e.g.: multiple loan applications although customer is below 18 years old).

It is important to understand that those characteristics must be combined in order to apprehend a potential synthetic identity, otherwise it might lead to false positives.

For mitigating those risks, financial institutions must steer away from traditional fraud prevention models and adopt a more comprehensive framework to clearly pinpoint synthetic identities and stop them.

As synthetic identity fraud is relatively new, the financial industry must raise awareness about this type of fraud, and train relevant agents who tackle fraud on a day-to-day basis. Moreover, a layered approach involving KYC checks, collecting additional identity elements, conducting link analysis through third-party data and proceeding to credit review is a strategy that would pay off and provide better results rather than traditional fraud prevention means. Such models can be built by associating a team of experts, from data scientists, compliance experts, and fraud specialists.

Finally, several fraud experts called for a greater collaboration and information sharing between actors. Banks may leverage technology solution providers which offers a first line of defense against a wide range of identity frauds.