Synthetic identity fraud is a new form of identity theft where fraudsters use fabricated, synthetic IDs to steal credit from the victim. This synthetic identity happens to be a completely new identity created by combining components of real and conceptualized information like the social security number (SSN) of a real citizen, address of an unrelated residence, and an imaginary name.
Compromised SSNs usually belong to demographics that are unlikely to access their credit information regularly or anytime soon. Criminals use these IDs to create accounts in financial institutions, build a positive credit score over time and eventually disappear after finally extracting a substantial credit amount from the banks.
Lately, synthetic identity fraud has been estimated to be the fastest-growing financial crime in the United States. This is because of this fraud’s untraceable nature.
How does synthetic identity fraud differ from mainstream identity fraud
Usually, the menace involves the fraudster exploiting a legitimate person’s personally identifiable information. The fraudster tries to impersonate a person who actually exists with information extracted through social engineering attacks, previous data breaches, or the dark web.
See related article: What the Twitter hack reveals about the need for digital identity security
There are several kinds of synthetic identities. Some of the broad categories include:
- Identity fabrication: Fabricated identities are purely conceptualized and don’t incorporate any real personally identifiable information.
- Identity compilation: Synthetic identities are created through a mix of real and imaginary components.
- Identity manipulation: Manipulated identities are real identities that are only slightly modified to create synthetic identities.
How perpetrators create and use this fake identity
For compiled or manipulated identity, hackers gather essential components such as real social security numbers and addresses from the Dark Web or by extracting data from previous breaches. Some may also use clever social engineering tactics to get the job done.
A fraudulent identity is then formed by combining imaginary components with the real ones. Many a time, hackers use newly formed identities to apply for credit at financial institutions.
The application would initially be rejected due to lack of a credit history record in the assumed identity name. Nevertheless, this application alone helps the fraudster establish a credit file in the credit bureau.
Henceforth, they use the synthetic identity to create new accounts, avail credit services, or government provisions, among other things.
The perpetrator uses this account for several months, if not years, and pay back credit regularly to build a good credit score. Gradually, the credit limit increases. After a reasonable point where there’s assured economical gain, the synthetic identity user applies for the maximum credit limit and disappears.
What Are the Dangers of Synthetic ID Fraud
Synthetic ID Fraud is likely to cause up to $48 billion in annual losses by 2023. Financial institutes are most likely to remain prime targets of synthetic identity assumers. However, that does not mean innocent individuals do not stand to lose.
For hackers, children are often the primary sources of valid social security numbers due to a non-existent prior credit record. According to a study, over a million children were victims of identity fraud in 2017 alone. Other groups include the elderly and the homeless.
See related article: Lessons from Covid: How the blockchain community can rise to its ideals
The implied assumption that the first user of a social security number is its true holder also presents a grave challenge to children subjected to synthetic identity fraud. They’re expected to undergo a challenging process to prove their claim over a social security number that’s been used to compromise institutions before.
The estimated loss for financial institutes in the United States for synthetic ID fraud in 2018 alone amounted to about US$820 million! This does not account for the costs of chasing down fictitious account holders.
Ways to combat synthetic ID fraud
Spoof-proof onboarding with social security number and biometric verification
Change ought to be made in how the data is stored and shared. Businesses need to employ robust consumer onboarding and sophisticated identity verification methods, such as biometric proofing.
Develop a synthetic ID risk model
Third-party data can also be used to develop a synthetic ID risk model. Such data presents an opportunity to trace the digital identities of people. Unlike synthetic identities, real people leave traces on related and unrelated platforms. With a team of data scientists and identity fraud experts, businesses can create robust automated systems to trace the trails left behind by real people.
Leverage the advantages of blockchain
A single point of failure in identity verification often results in credential theft, providing fraudsters with unauthorized access to credit card pins, social security numbers and other personally identifiable information. Blockchain offers a trusted repository of data that multiple ecosystem players can contribute to. In parallel, businesses can verify the authorization of digital identities and corresponding attributes.
Public key cryptography in blockchain is used to build a digital infrastructure spread over many data blocks. They provide security for the identity of individual users and also limit the risk of mass data breaches.
Synthetic identity fraud is a testament to the growing sophistication that malicious actors employ to attack their victims. While its untraceable nature is a formidable enemy to organizations, data scientists and synthetic fraud experts are tirelessly working with artificial intelligence and machine learning to build an effective synthetic ID risk model.
Until such a universal model is created, it might be best to rely on old-school verification measures like virtual face-to-face authentication and biometrics registration.