arrow left facebook twitter linkedin medium menu play circle

Digital Fraud Wiki

Your source for the latest fraud intelligence, insights, research, and commentary.

Synthetic Identity Theft

What is Synthetic Identity Theft?

Also known as Synthetic Identity Fraud, Synthetic Identity Theft is a rapidly growing type of ID fraud, and accounts for the majority of all identity fraud. It’s also the primary technique used to commit application fraud. Synthetic Identity Theft differs from traditional Identity Theft because instead of using an existing identity to commit the theft, fraudsters create a synthetic one. 

How do fraudsters create Synthetic Identities?

Fraudsters can  create a synthetic identity by combining personally identifiable information (PII) such as the social security numbers, addresses and birthdates of multiple people, or by combining real information about a single person with fabricated information. Synthetic identities can also be created when fraudsters use social security numbers that belong to children, criminials, homeless people or elderly people. Since 2011, social security numbers have been assigned randomly, so there’s no clear connection between the SSN and a person’s birthplace or birthdate. That makes Synthetic Identity Theft a lot easier to commit.

Once fraudsters create a synthetic identity, fraudsters can apply for credit or a credit line, apply for a loan, and commit all kinds of fraud.

How do fraudsters get their hands on PII?

There are numerous ways to steal information and build a synthetic identity. Stolen social security numbers can be purchased on dark web marketplaces. Bad actors can also steal wallets, smartphones or credit cards, hack into your computer or an unsecured Internet connection, hijack online transactions, or obtain information directly via telephone or social media scams. Many people unwittingly share personal information with fraudsters on Facebook and other social channels while participating in games or challenges. It’s critical to protect PII such as social security numbers, birth dates, addresses, passwords, credit card numbers, credit reports, and bank account numbers at all costs.

How common is Synthetic Identity Theft?

Between 2019 and 2020, these types of ​​identity theft almost doubled. According to Payments Journal, in 2020 alone, financial institutions lost $20 billion thanks to Synthetic Identity Fraud as a result of fake load applications, refund fraud, buy-now-pay-later fraud and other types of fraud. What’s more, Aite Group reports that in 2018, credit card synthetic identity losses in the U.S. totaled $820 million and U.S. credit card losses due to accounts created with fabricated identities are estimated to have reached $1.257 billion in 2020. And the problem is only getting worse: the FTC reports that losses related to Synthetic Identity Fraud grew from $1.8 in 2019 to $5.8 billion in 2021. 

What is the difference between identity theft and identity fraud?

Identity theft is the act of stealing someone’s identity, whereas identity fraud is the act of committing fraud using a stolen identity. In Synthetic Identity Fraud, the information used to commit a criminal act doesn’t even have to be real. The damage occurs when the criminal uses stolen or fake identities to apply for loans and run with the money or open fictitious accounts and incur charges. They may also steal medical or employment benefits using stolen or fake identities.

What Should Financial Institutions Know About Synthetic Identity Fraud?

Synthetic identity theft is a serious problem for financial institutions because it is costly and difficult to detect. Fraudsters use sophisticated methods to circumvent traditional fraud detection techniques and slip by unnoticed. Financial institutions must also be aware that synthetic identity theft is often misclassified. When a fraudster incubates a loan account the ongoing behavior of the synthetic identity is like that of a legitimate borrower. So, when the fraudster finally defaults on the loan, the lender may incorrectly classify the default as a credit loss instead of loss due to fraud. This is problematic, because once an account that was created with a synthetic identity lands in collections, it is too late for the financial institution to do anything about the fraud.

One Synthetic Identity Theft technique fraudsters use is account incubation. Some fraudsters spend months or even years cultivating numerous fabricated identities and building good credit. Once good credit is established, they may take out numerous loans and lines of credit for maximum profit. Incubating accounts makes synthetic identity theft especially difficult to detect because each account appears to be legitimate and in good standing, and demonstrates authentic-looking activity.

Without an effective solution for detecting Synthetic Identity Theft, financial institutions increase their fraud risk and potential for monetary losses. 

Why is it difficult to detect Synthetic Identities?

Fraudsters use a variety of sophisticated techniques to make synthetic identities difficult to detect. For example, fraudsters often incorporate real social security numbers into synthetic identities. A fraudster might submit a credit card application that includes a real social security that they bought on the dark web, but the name, date of birth, home address, and email address might be from the identities of multiple people. Together the information gives the appearance of a legitimate identity. 

Fraudulent accounts incubate for extensive periods of time, and at face value, they behave like legitimate users. Viewed in isolation, there is virtually no way to proactively flag individual accounts as malicious. As fraudsters continue to expand their efforts — launching organized fraud rings at massive scale, and with increasing complexity and coordination — financial institutions stand to suffer significant losses. 

How do you detect and prevent Synthetic Identity Theft?

There are some hallmark signals that could indicate Synthetic Identity Theft:

  • Repeated use of a single social security number
  • Multiple accounts being created using the same IP address
  • The same personal information being used to create multiple accounts

Comprehensive Fraud and Risk Management solutions that can spot these patterns early should be implemented to prevent Synthetic Identity Theft. But not all solutions are equal, and there are some key components that help to reduce the risk of a fraudster committing fraud using a Synthetic Identity. Here are some important capabilities to look for:

  • The ability to analyze a variety of data points simultaneously, including account-level data, behavioral data and device data
  • Tools to visualize networks of fraud attempts and uncover connections across accounts and events
  • Early detection, powered by unsupervised and supervised machine learning
  • One-click Investigation and black list management
  • Real-time and batch processing and effective case management
  • Out-of-the-box integrations with identity partners and data enrichers

Is there a Fraud and Risk Management Platform that can prevent Synthetic Identity Fraud?

DataVisor’s comprehensive fraud and risk management platform provides all of the necessary capabilities to maximize detection and prevention of modern Synthetic Identity Fraud, helping financial institutions minimize fraud losses without impacting the customer experience. The easy-to-integrate, scalable platform enables organizations to realize rapid ROI with extensible out-of-the-box, productized solutions that can be deployed instantly and customized to meet the needs of any organization.

DataVisor takes an integrated AI-powered approach that combines machine learning and rules for maximum detection, full transparency and explainability. The platform’s powerful unsupervised machine-learning algorithms identify coordinated groups of malicious applicants, even if fraudsters use legitimate-seeming identities. By assessing a wide array of signals — behavior patterns, cross-account linkages, and digital fingerprint components such as IP subnets, device IDs, user agents and more — DataVisor can identify synthetic identity fraud early and accurately — at the application stage — defeating fraud actors before they can cause any damage.

Financial institutions that deploy DataVisor have captured over 30% more fraud with 94% detection accuracy, and realized up to 15 million in annual savings while reducing false positive rates to 0.17%.


Additional References:

Blog: Synthetic Identity Theft – When Credit Risk is Not Credit Risk

Blog: What Fraudsters Are Doing with Breached Data

Solutions: Application Fraud

Source: Identity Theft Statistics, Experian

Source: Synthetic Identity Fraud: The Elephant in the Room, Aite Group

Source: Synthetic identity – a new path for government fraud?, Thomson Reuters Legal

Source: Synthetic Identity Fraud Cost Lenders $6 Billion in 2016, Auriemma Consulting Group

Source: Fake customers present real risk, Experian

Source: Identity theft isn’t just an adult problem. Kids are victims, too, CNBC