Synthetic Identity Fraud: The Growing Threat and How to Stop It
Posted April 10, 2018
Synthetic identity is one of the fastest-growing forms of identity fraud. According to reports in the Wall Street Journal, a record $355 million in outstanding credit card debt is now owed by people who didn’t even exist as recently as 2017.
Guilty as Syn
Standard-issue identity fraud is so 15-minutes ago.
Yes, cybercriminals continue to steal personal identity information to directly rob individuals and businesses, to the tune of more than $16 billion in the U.S. last year. But today, a growing number are taking pieces of that same information—typically social security numbers—and combining it with phony information to create entirely new, wholly fictitious identities.
In other words, they’re not stealing identities. They’re creating them.
By all appearances, these fictitious people can seem like ideal customers, with multiple “proof of life” indicators, including their own social media profiles. And when they take out credit, they tend to pay bills promptly and nurture accounts for months or even years—only to max them out and never repay them.
For thieves, it can be an ideal scam. Fraudsters often steal identity information belonging to children, who are 51 times more likely to have their social security numbers misappropriated for this kind of scheme. The recently deceased are also a prime target, as their credit reports are often left unmonitored. Even when personal information is stolen from a live adult, it can be a long time before anyone realizes there’s an issue.
That means the chances of being caught are very small. And this type of scam is proving to be quite lucrative. Javelin estimates fraudsters get away with an average of $15,000 per attack. With a haul like that, it’s no wonder the growth rate for synthetic identity fraud is up 800 percent in just the past five years, according to the Wall Street Journal.
Spotting Frankensteined Monsters
Today, the impact of synthetic identities may seem most acute for payments and financial services companies, as well as online retailers.
But it’s a growing danger for any organization that conducts business through digital channels and extends credit. That’s especially true for those that verify only an applicant’s social security number. Today, organizations in any industry can be devastated by “blow-out heists” in which credit lines are suddenly maxed out—and the perpetrator vanishes into thin air.
With tactics such as sham businesses set up to establish credit for synthetic identities and “piggybacking” where a fraudster inherits a legitimate customer’s credit history, it can be challenging to distinguish between a fictitious identity and a 20-something with a thin file applying for first-time credit. How can synthetic identities be detected at scale without alienating an important, revenue-generating customer segment?
When validating a social security number for instance, how many businesses can determine when an identity is too “perfect”—with say, only one lifelong email address, or a lack of human randomness in its associated devices, locations, accounts and online behaviors?
Are there any mismatches between identity elements, such as a social security number that’s associated with multiple birthdates or attached to a 30-year-old despite a transaction history that spans 40 years? Have any of the identity details been connected with fraud here or anywhere in the world?
With these questions in mind, technical and practical issues come to the fore. How can synthetic identity be detected without alienating legitimate customers?
Fortunately, digital identity solutions can successfully detect and block synthetic identities at the point of the transaction without creating friction for the rest of your customers. With a dataset including billions of online transactions from thousands of companies worldwide and the enormous analytical firepower of machine learning trained to detect anomalies, digital identity provides a cognitive, always-on defense against synthetic identity.
Credit Without Chaos
Because fraud affects everyone, we should all hope businesses in every industry find ways to defeat the threats of organized cybercrime.
By year’s end, losses from synthetic identity fraud alone could top $8 billion, and the real damage caused by fictitious people is casting doubt on the entire consumer-credit ecosystem.
“When you see this type of scheme,” says assistant U.S. attorney Samir Kaushal, “one realizes how precarious our system actually is.”
To learn more about synthetic identity and how a digital-identity based approach to identity verification and assessment can help stop it, be sure to check out The Definitive Guide to Digital Identity.