Bad actors are increasingly turning to synthetic identity fraud to commit financial crimes.
Synthetic identity fraud involves creating an identity by combining fake information with actual ID data. For example, a fraudster could pair a real Social Security number with a fake address and other synthetic data points.
The fraudster can then use the fake identity to acquire a driver’s license, passport or credit cards.
There are a few different categories of synthetic identity fraud.
- Manipulated Synthetics – A real person’s data is modified to create variations of that identity
- Frankenstein Synthetics – The data represents a combination of multiple real people
- Manufactured Synthetics – The identity is completely synthetic
A multifaceted approach to detecting synthetic identities that integrates advanced technologies can form the foundation of a sound fraud prevention strategy.
The Fastest-Growing Financial Crime
The prevalence of large-scale customer data leaks and cybersecurity breaches makes it easier for fraudsters to access personally identifiable information (PII) and create synthetic identities.
The Identity Theft Resource Center, for instance, reported 353 million U.S. customer records were exposed through data compromise in 2023. Savvy fraudsters use that personal information to take advantage of anyone they can.
There is no limit to the targets. Fraudsters often use children’s Social Security numbers to apply for government benefits, open accounts or apply for loans. Children are popular identity theft targets because the crime can go undetected for years, often until they first check their credit score.
Once people discover the fraud, they often must go through the difficult, time-consuming process of rebuilding their credit.
Credit Bust-Out Fraud
Synthetic identities are often used to open new accounts. The identity data is reusable, so it becomes a tool for application flooding, which is an attempt to open a large number of accounts.
Fraudsters understand it’s a numbers game and many accounts will be rejected. But it takes only one fraudulent account to do damage.
To maximize returns, synthetic fraudsters can play a long con in the form of credit bust-out, or sleeper, fraud. That involves a fraudster establishing a normal pattern and solid repayment history to build up a credit line and acquire more cards and higher credit limits. Then fraudsters bust out charges by maxing all the cards with no intention of repaying.
Identify and Mitigate Synthetic Identity Fraud
Businesses can take steps to limit synthetic identity fraud. Just as data is the key to creating a synthetic identity, it’s also a powerful defense. Initial Know Your Customer (KYC) checks are an obvious starting point because they’re often a compliance requirement.
But if fraudsters can find gaps in KYC protocols, they can use synthetic identities to open accounts that can go undetected for years. Synthetic identities also can have strong credit scores, further complicating fraud prevention efforts because the profile raises fewer red flags.
A risk-based approach to identity verification can help organizations overcome that challenge by creating more security hurdles for fraudsters. That approach, combined with verification checks against multiple data sources, can increase the likelihood of spotting potential fraud.
The U.S. Federal Reserve, in its “Current Trends: Mitigating Synthetic Identity Payments Fraud” report, underscores the importance of that approach.
“Organizations that leverage a multi-layered approach that employs both manual and technological data analysis have the best chance to identify and mitigate fraud caused by synthetics, according to industry experts,” the report noted.
In the U.S., for example, organizations can access the electronic Consent-Based Social Security Number Verification Service to check whether Social Security numbers, names and birth dates match.
Multisource Verification Provides Holistic Fraud Intelligence
Organizations can access a broad range of data points to defend against synthetic fraud. Those include:
- IP address
- Physical location
- Social media information
- Mobile identifiers
Biometrics, such as facial recognition technology, serves as another tool to strengthen identity verification. Liveness detection then ensures the biometric data is from a real person.
Organizations also can add a defense layer through fraud analytics to spot suspicious patterns without affecting the customer onboarding experience. Similarly, velocity checks can monitor the speed and frequency of transactions to identify unusual patterns that may indicate fraud.
Link analysis processes, which analyze the connections among different identities and data, can serve as another shield against synthetic identity fraud. The process can spot fraudulent patterns such as when different identities use the same address or Social Security number.
Synthetic Identity Prevention Workflow Model
The following model, backed by advanced technology, can help organizations create a robust defense against synthetic identity fraud.
- Customer Onboarding
- Collect and verify identity information
- Use document verification and biometrics
- Real-Time Screening
- Cross-reference data with multiple sources
- Implement machine learning models for real-time anomaly detection
- Transaction Monitoring
- Continuously monitor account activities
- Employ behavioral analytics to detect suspicious patterns
- Adaptive Verification
- Adjust verification levels based on risk assessment
- Require additional checks for high-risk transactions
- Ongoing Compliance
- Regularly review and update compliance measures
- Conduct periodic audits and assessments
Adaptable Systems Can Counter an Evolving Threat
Organizations can mount a strong defense against synthetic identity fraud by taking a broad view of the data and adapting quickly as new sources become available.
Interpreting that data often requires cutting-edge AI and machine learning. Machine learning algorithms can identify anomalies that indicate synthetic identity fraud, and AI can analyze behavioral data and flag unusual activity.
Synthetic identity fraud is a growing threat to businesses. But when organizations apply the right blend of internal policies, data and technology, they position themselves to stop fraud before it can cause damage.
Originally published: March 2017, updated to reflect the latest industry news, trends and insights.
Solutions
Resources Library
Fraud and Risk
White Papers
The Digital Identity Crisis
Featured Blog Posts
Individual Verification (KYC)
KYC: 3 Steps to Achieving Know Your Customer ComplianceBusiness Verification (KYB)
Enhanced Due Diligence Procedures for High-Risk CustomersIdentity Verification
Proof of Address — Quickly and Accurately Verify AddressesIndividual Verification (KYC)
Top 10 Questions About Beneficial Ownership for AML/KYC ComplianceBusiness Verification (KYB)
How to Verify Legitimate Businesses and MerchantsIndividual Verification (KYC)
Customer Due Diligence Checklist — Five Steps to Improve Your CDD