Topics Device Intelligence What Is Device Intelligence? Feature Platform What Is Feature Engineering? Fraud Defenses Crowdsourced Abuse Reporting Device Fingerprinting Email Reputation Service IP Reputation Service SR 11-7 Compliance Supervised Machine Learning Two-Factor Authentication (2FA) Unsupervised Machine Learning Fraud Tactics Bot Attacks Call Center Scams Credential Stuffing Data Breaches Device Emulators GPS Spoofing P2P VPN Networks Phishing Attacks SIM Swap Fraud URL Shortener Spam Web Scraping Fraud Types App Install Fraud Application Fraud Bust-Out Fraud Buyer-Seller Collusion Content Abuse Loan Stacking Synthetic Identity Theft Knowledge Graph What Is Knowledge Graph? Unsupervised ML What Is Unsupervised Machine Learning? Synthetic Identity Theft What is Synthetic Identity Theft? Synthetic identity theft involves a bad actor either creating an identity comprised of personal information from multiple people, or an identity that uses a combination of real and fake personal information. Synthetic identity theft is sometimes referred to as synthetic identity fraud, and it is a technique primarily used to commit application fraud. What Should Financial Institutions Know About Synthetic Identity Theft? Synthetic identity theft is a serious problem for financial institutions because it is costly, difficult to detect, and often misclassified. Financial institutions lose billions of dollars each year due to synthetic identity theft, and the average synthetic identity theft loss per account is $6,000. Fraudsters use a variety of sophisticated techniques to make synthetic identities difficult to detect. For example, fraudsters often incorporate real social security numbers into synthetic identities. Fraudsters can buy stolen social security numbers from dark web marketplaces. A fraudster might submit a credit card application that includes a real social security that they bought on the dark web. But the name, date of birth, home address, and email address might be from the identities of multiple people. Together the information gives the appearance of a legitimate identity. Another synthetic identity theft technique used by fraudsters is incubating accounts for extensive periods of time. Some fraudsters spend months, even years, cultivating numerous fabricated identities and building good credit. With good credit established, fraudsters can take out numerous loans and lines of credit for maximum profit. Incubating accounts makes synthetic identity theft especially difficult to detect because each account appears to be legitimate and in good standing, and shows authentic-looking activity. Financial institutions must also be aware that synthetic identity theft is often misclassified. When a fraudster incubates a loan account the ongoing behavior of the synthetic identity is like that of a legitimate borrower. So when the fraudster finally defaults on the loan, the lender may incorrectly classify the default as a credit loss instead of loss due to fraud. This is problematic because once an account that was created with a synthetic identity lands in collections, it is too late for the financial institution to do anything about the fraud. Without an effective solution for detecting synthetic identity theft, organizations increase their fraud risk and potential for monetary losses: Aite Group estimates that in 2018, credit card synthetic identity losses in the U.S. totaled $820 million. U.S. credit card losses due to accounts created with fabricated identities are estimated to reach $1.257 billion in 2020, according to Aite Group. DataVisor Detects Synthetic Identity Theft Synthetic identity theft is uniquely difficult to detect. Fraudulent accounts incubate for extensive periods of time, and at face value, they behave like legitimate users. Viewed in isolation, there is virtually no way to proactively flag individual accounts as malicious. As fraudsters continue to expand their efforts—launching organized fraud rings at massive scale, and with increasing complexity and coordination—financial institutions stand to suffer significant losses. Fortunately, DataVisor has introduced dCube, a comprehensive AI-powered fraud management solution that takes a holistic approach to data analysis. Powerful unsupervised machine learning algorithms can identify coordinated groups of malicious applicants, even if fraudsters use legitimate-seeming identities. By assessing a wide array of signals—behavior patterns, cross-account linkages, and digital fingerprint components such as IP subnets, device IDs, user agents, and more—dCube identifies synthetic identity fraud early at the application stage, defeating fraud actors before they can inflict any damage. Additional References: Blog: Synthetic Identity Theft – When Credit Risk is Not Credit Risk Blog: What Fraudsters Are Doing with Breached Data Solutions: Application Fraud Source: Identity Theft Statistics, Experian Source: Synthetic Identity Fraud: The Elephant in the Room, Aite Group Source: Fake customers present real risk, Experian Source: Identity theft isn’t just an adult problem. Kids are victims, too, CNBC