Identifying Synthetic Identity Fraud
Anytime you see a number of followers/fans on a social media account, do you wonder how many are real? How can you tell if someone online is real, or a bot or some other synthetic identity? While often these deceptive accounts pose no real issues, fraudsters are increasingly turning to synthetic identities to commit Application Fraud. Synthetic identities wreak havoc on traditional validation and authentication methods, costing businesses time and money . Is your businesses ready to take on Synthetic Identity Fraud (SIF)?
The concept is to create fake identities usually based on combining fake information with actual ID data. One example of what comprises a fake identity is one that contains a real social security number along with a fake address and other synthetic data points. The fraudster can then use the fake identity to acquire driver’s licenses, passports and other real ID as well as credit cards and other accounts.
The losses are substantial, with estimates of billions per year in North America. In a report from Equifax, “synthetic ID fraud accounts for 80% of all credit card fraud losses, and nearly one-fifth of credit card charge-offs .” Javelin Strategy & Research estimates new-account fraud, with many accounts being synthetic, will soar 44% between 2014 and 2018, rising from $5 billion in annual losses to a projected $8 billion. In another study by Auriemma Consulting Group, SIF is responsible for 20% of credit losses, with an average charge off of $15,000.
Synthetic identity fraud is one the fastest-growing forms of identity theft. Department of Justice. R. Sean McCleskey states “when criminals use a blend of different people’s data, as well as some entirely made up information, it becomes harder for law-enforcement officials to both realize the crime and then locate the culprit.”
The losses aren’t just financial. Oftentimes, criminals will use the social security numbers of children to apply for government benefits, open bank and credit card accounts, apply for loans or utility services, or rent a place to live. Children are targets of identity theft because the crime can go undetected for years, often until the child applies for his or her first credit card or mobile phone account.
More than one million children were victims of identity theft or fraud in 2017. While that number covers the various different types of identity fraud, SIF is increasingly used by fraudsters as those accounts offer a blank slate and thus better suited to open accounts that go unnoticed. According to Carnegie Mellon CyLab, children’s SSNs are 51 times more likely to be used in synthetic fraud schemes than adults.
Credit Bust-Out Fraud
To maximize returns, synthetic fraudsters play a long con with a credit bust-out fraud, also known as sleeper fraud. This form of fraud is where a fraudster establishes a normal usage pattern and solid repayment history to build up a credit history so they can acquire more cards and higher credit limit, before a final “bust out” of charges where they max out all the cards with no intention of paying the bills. While it takes patience, the take is often substantial. One fraud ring in New Jersey built up 7,000 credit profiles in a scheme that created over $200 million in losses.
Unfortunately, it’s a growing problem. Data breaches are allowing more PII (Personally Identifiable Information) to leak out, which makes it easier to start the scam. The speed of online and mobile commerce is generating demands for quicker onboarding and credit processes, taking human interaction out of the process. And, the anonymous nature of synthetic identities also decreases the risk to fraudsters, increasing their interest.
Stopping Fake Identities
There are steps that your business can take to limit Synthetic Identity Fraud. Just as using data is the key to creating a synthetic identity, data is the solution to combatting the fraud. Equifax mentions these three points to watch out for:
- SSN can’t be matched to the specific consumer based on comparison algorithms
- SSN matches to a different consumer, while no credit file is available for the requested applicant
- SSN matches to different consumer, and a credit file is available for the name and address provided; however, the SSN on that file is different from the SSN provided on the inquiry.
Those three points, while good, only consider one data source. By using different data sources, you increase the opportunity to find non-matches and red-flag possible fraud cases.
There are other data sources that are coming into the picture that will further limit the effectiveness of this type of fraud. These include data such as:
- IP Address
- Physical location
- Social media information
- Mobile identifiers
Ensure you have a system that can appropriately consider the totality of the data and not rely on limited views. Adaptability to new data parameters and sources is key going forward, the more independent and reliable data sources you can leverage, the more you can do to mitigate Synthetic Identity Fraud.
It’s an emerging threat to businesses and implementing an effective identity validation and authentication system to spot fake identities is your strongest defense to help protect your business from the fastest growing type of ID fraud, which currently accounts for 80-85 percent of all identity fraud.
Originally published: March 22, 2017, updated to reflect the latest industry news, trends and insights.