arrow left facebook twitter linkedin medium menu play circle

Digital Fraud Wiki

Your source for the latest fraud intelligence, insights, research, and commentary.

Synthetic Identity Theft

What is Synthetic Identity Theft?

Synthetic identity theft involves a bad actor either creating an identity comprised of personal information from multiple people, or an identity that uses a combination of real and fake personal information. Synthetic identity theft is sometimes referred to as synthetic identity fraud, and it is a technique primarily used to commit application fraud. 

What Should Financial Institutions Know About Synthetic Identity Theft?

Synthetic identity theft is a serious problem for financial institutions because it is costly, difficult to detect, and often misclassified. Financial institutions lose billions of dollars each year due to synthetic identity theft, and the average synthetic identity theft loss per account is $6,000. 

Fraudsters use a variety of sophisticated techniques to make synthetic identities difficult to detect. For example, fraudsters often incorporate real social security numbers into synthetic identities. Fraudsters can buy stolen social security numbers from dark web marketplaces. A fraudster might submit a credit card application that includes a real social security that they bought on the dark web. But the name, date of birth, home address, and email address might be from the identities of multiple people. Together the information gives the appearance of a legitimate identity. 

Another synthetic identity theft technique used by fraudsters is incubating accounts for extensive periods of time. Some fraudsters spend months, even years, cultivating numerous fabricated identities and building good credit. With good credit established, fraudsters can take out numerous loans and lines of credit for maximum profit. Incubating accounts makes synthetic identity theft especially difficult to detect because each account appears to be legitimate and in good standing, and shows authentic-looking activity.

Financial institutions must also be aware that synthetic identity theft is often misclassified. When a fraudster incubates a loan account the ongoing behavior of the synthetic identity is like that of a legitimate borrower. So when the fraudster finally defaults on the loan, the lender may incorrectly classify the default as a credit loss instead of loss due to fraud. This is problematic because once an account that was created with a synthetic identity lands in collections, it is too late for the financial institution to do anything about the fraud.

Without an effective solution for detecting synthetic identity theft, organizations increase their fraud risk and potential for monetary losses:

Aite Group estimates that in 2018, credit card synthetic identity losses in the U.S. totaled $820 million. 

U.S. credit card losses due to accounts created with fabricated identities are estimated to reach $1.257 billion in 2020, according to Aite Group.

DataVisor Detects Synthetic Identity Theft 

Synthetic identity theft is uniquely difficult to detect. Fraudulent accounts incubate for extensive periods of time, and at face value, they behave like legitimate users. Viewed in isolation, there is virtually no way to proactively flag individual accounts as malicious. As fraudsters continue to expand their efforts—launching organized fraud rings at massive scale, and with increasing complexity and coordination—financial institutions stand to suffer significant losses. 

Fortunately, DataVisor has introduced dCube, a comprehensive AI-powered fraud management solution that takes a holistic approach to data analysis. Powerful unsupervised machine learning algorithms can identify coordinated groups of malicious applicants, even if fraudsters use legitimate-seeming identities. By assessing a wide array of signals—behavior patterns, cross-account linkages, and digital fingerprint components such as IP subnets, device IDs, user agents, and more—dCube identifies synthetic identity fraud early at the application stage, defeating fraud actors before they can inflict any damage.

Additional References:

Blog: Synthetic Identity Theft – When Credit Risk is Not Credit Risk

Blog: What Fraudsters Are Doing with Breached Data

Solutions: Application Fraud

Source: Identity Theft Statistics, Experian

Source: Synthetic Identity Fraud: The Elephant in the Room, Aite Group

Source: Fake customers present real risk, Experian

Source: Identity theft isn’t just an adult problem. Kids are victims, too, CNBC