arrow left facebook twitter linkedin medium menu play circle

Senate Bill 2155 Aims to Stop Synthetic Identity Fraud

DataVisor Threat Blog

By Priya Rajan December 6, 2018

Photo of Priya Rajan

about Priya Rajan
Priya brings over 18 years of experience from high growth technology organizations including industry leaders (VISA, Cisco) and Silicon valley unicorns (Nutanix, Adaptive Insights). In her most recent roles in the anti-fraud industry, Priya led the product marketing, content and field marketing efforts and helped to power growth in US and EMEA markets.

Senate Bill 2155 Aims to Stop Synthetic Identity Fraud

Senate Bill 2155, the “Economic Growth, Regulatory Relief, and Consumer Protection Act” became public law earlier this year. The law includes provisions intended to stop synthetic identity fraud. This post provides a few details about synthetic identity fraud and S.B. 2155. The post also highlights what businesses should expect when it comes to the rollout of the law.

What is Synthetic Identity Fraud?

Synthetic identity fraud is a technique where a bad actor creates an identity using a blend of personal information from different people or a combination of real and fake personal information. For example, a fraudster could buy a real social security number from a dark web marketplace but use a name, home address, and date of birth from a different person or multiple people.

Fraudsters use synthetic identities primarily for application fraud swindling lenders and financial institutions out of billions of dollars every year. Application fraud is where a fraudster uses a stolen or synthetic ID to apply for a line of credit or a loan with no intention of paying back the lender. The fraudster cultivates the synthetic identity building authentic looking credit and account activity over time. The goal is to gain access to more credit and max out the credit lines when the time is right.

Synthetic identity fraud is difficult to detect for many reasons. First, fraudsters are adept at creating (and stealing) identities and accounts then emulating user behavior to appear legitimate. Fraudsters will also create sleeper accounts that are used in legitimate ways for a period of time then suddenly break out with fraudulent activity.

Another reason synthetic identity fraud is difficult to detect is that fraudsters often target and steal the social security numbers of children. Fraudsters can buy the stolen social security numbers of children and adults from dark web marketplaces. And criminals can use a child’s social security many years before the fraud is discovered.

A Law that Targets Synthetic Identity Fraud

Senate Bill 2155 includes provisions specifically designed to prevent synthetic identity fraud. One of the provisions is that the Commissioner of the Social Security Administration (SSA) must modify existing SSA databases or develop a new database that verifies the fraud protection data contained in an electronic inquiry from a permitted entity. A permitted entity is a financial institution, service provider, or other organization working with a financial institution. Fraud protection data includes personal data for an individual such as social security number, date of birth, and full name.

The SSA system must also accept the electronic consent of an individual who has given a permitted entity permission to use personal details to verify their identity through the agency’s Consent Based Social Security Number Verification Service (CBSV). Individual consent and fraud data verification must be done electronically only, and not through a signature on paper or a “wet signature.”

The text of the bill explains in detail how the requirements related to preventing synthetic identity fraud are to be executed by the SSA and permitted entities.

Expect Synthetic Identity Fraud to Spike

There doesn’t appear to be a set deadline for the SSA to implement the technical components of the law. Like the EMV chip law, it may take several years for the law to be fully implemented. Also, like the EMV chip rollout, fraudsters will scramble to make the most from synthetic identity fraud while they still can. EMV chips are an obstacle to physical credit card fraud, so fraudsters set their sights on online fraud such as card not present fraud and account takeover fraud. Fraudsters will start cashing out synthetic identities in droves once S.B. 2155 is close to full implementation.

Senate Bill 2155, if implemented correctly, will put an end to synthetic identity fraud. But it will not put an end to application fraud. Massive data breaches occur every year, so fraudsters will still have plenty of stolen identities to use for application fraud.


Popular Posts

Intelligent solutions. Informed decisions. Unrivaled results.

DataVisor Fraud Index Report: Q1 2019

Learn More

Access proprietary data and research results to discover the latest attack techniques and prevention strategies.

Download the Q1 2019 Fraud Index Report from DataVisor to receive unparalleled data-driven insights into the latest attack trends, and the most effective prevention strategies, based on analysis of over 44 billion events, 800 million users, 396 million IP addresses, and more.

Dumb & Dumber vs Ocean’s 11

Learn More

Understand the range of modern fraud attacks to ensure complete coverage for your organization.

Complex and coordinated fraud attacks that are extensively planned, hard to detect, and highly scalable are the new normal for online platforms. Explore and understand the full spectrum of fraud attacks—from simple to sophisticated—and learn how you can defend against each type in this…

Guard Your Online Marketplace Against Fraud

Learn More

Discover AI-powered fraud strategies for preventing financial and reputational damage in this powerful eBook.

Online marketplaces withstand a complicated array of fraud attacks—spam, scam, and all points in between. Only the most comprehensive, proactive AI-powered solutions can fully protect against reputational and financial damage. This eBook details the entire lifecycle of a fraud attack, and lays out…


Protect your business, your customers, and your data.

Request Demo