Synthetic identity theft explained

When a fraudster commits identity theft, they need an identity to use. They could use someone’s real identity that they’ve stolen, or they can create one. When creating fake identities, fraudsters often combine real (stolen) information with fake information, because it’s harder to detect than using all fake information alone. This is called synthetic identity theft. The latest data from the US Federal Reserve says that US banks lost $20 billion to synthetic identity fraud in 2020. Synthetic identity theft is considered the fastest-growing type of financial crime in the United States. 

 

What is synthetic identity theft?

Synthetic identity theft is when someone combines real and fake identity information to fraudulently create accounts or make purchases. The real information is often stolen, such as photos or Social Security Numbers, and combined with fake information, like a fake name, date of birth or address. Fraudsters use this new, synthetic identity to open credit cards or make fraudulent purchases. It’s even sometimes referred to as a “Frankenstein identity” because of the way different identity information is cobbled together. 

A fraudster likely uses this synthetic identity to first open accounts, or other actions that help them build up credit and seem real. Then, when they’re considered highly qualified borrowers and appear lower risk, they may make a large purchase or take a large loan, and disappear. 

These synthetic identities may be hard for basic fraud detection to catch because they use an element of real identity (like a SSN). Businesses need to use identity proofing services with more robust, multi-signal fraud detection to catch synthetic identity theft. As more people quickly move online and into digital transactions, online fraud is also on the rise, in traditional banking, crypto, and others.  

Synthetic identity theft cases

Synthetic identity theft can cause millions in criminal damage. In 2020, four Florida men were charged with bank fraud conspiracy for allegedly defrauding banks and stealing what turned out to be $24 million from government COVID economic relief payments. Prosecutors said in 2021 that the men used fake identities and fake companies they had set up in the past, to receive millions of dollars from the Payroll Protection Program. 

In many other cases in the media, fraudsters or a fraud ring create multiple – or hundreds – of new synthetic identities. In most cases, it is the lenders who are the victims since they extend credit and funds to criminals using synthetic identities. Individuals can also be victims of these cases if their real information is part of the synthetic identity caught up in fraud crimes. 

Quite often in these cases, it is a “long con” since it takes time and work to build up a fictional credit profile that allows the theft of large amounts of money. 

How does synthetic identity theft work?

A fraudster creates an identity 

Synthetic identity theft requires some real identity information that is combined with made-up information to create a fake, new identity (sometimes called a “Frankenstein identity.”) They often use real Social Security Numbers which are stolen, or purchased from the dark web. Often, fraudsters use SSNs assigned to people who don’t have a credit history, like children, homeless people or the elderly. They start building a profile with that SSN and fake names, dates of birth, etc. 

They apply for credit 

Using the newly created synthetic identity, a fraudster applies for credit online. The financial institution they’ve applied to then submits the query to credit bureaus for checking. This first application is normally rejected, as the synthetic identity will not have a credit history. However, the application alone is enough to start a credit file. 

They continue to apply for credit until they are successful

The fraudster applies for credit repeatedly at various financial institutions until finally approved. Often it will be a high-risk lender which grants this first approval. They continue to use this line of credit, making timely repayments and building up a solid credit record. In time, they can gain access to other lower-risk lenders and higher credit limits. They nurture this new credit profile over months or years. In these records, the fraudster looks just like any other credit user.

They boost a positive credit score

Some fraudsters will accelerate the process by piggybacking. This means they are added as an authorized user to an account with good credit, in return for compensation to that existing account holder. The fraudster will use a variety of tactics to make the synthetic identity appear real, so as to ensure higher credit lines and payouts. For example, they may create additional false identity documents, create a social media presence, or list fake businesses. Sophisticated crime rings use these tactics at scale.

The fraudster ‘busts out’

As they nurture the synthetic identity’s credit score, they can secure larger credit lines. Eventually, they will ‘bust out’. They max out the credit line and then stop payments, before disappearing. It’s also possible for the fraudster to double the payout by claiming identity theft in order to remove charges. Or, they might use fake checks to pay off the balance before maxing out the credit for a second time. 

Synthetic vs traditional identity theft

What’s the difference between synthetic and traditional identity theft? With traditional identity theft, most often a fraudster steals the full real identity of someone and quickly maxes out their credit cards or some other fast-moving theft, hoping to maximize what they can take before the victim notices. In other words, they are posing as someone else, which will draw the attention of victims and authorities quite quickly. 

With synthetic identity theft, the identity is created from different pieces of information, and a real person does not exist. This becomes much more difficult to detect.

How to prevent synthetic identity theft

Synthetic identity fraud is a growing threat and increasing each year, so businesses need a more efficient process for identity verification of their users. Given the scale of data breaches, compromised personal identifying information (PII) and ease of access to the dark web, it’s no longer enough to rely on Social Security Numbers and credit bureaus alone. Traditional tools which are meant to help reduce identity fraud, aren’t necessarily able to catch synthetic identity fraud.

Businesses need to invest in more sophisticated methods of identity verification, such as document verification and biometric verification powered by AI algorithms. While a synthetic identity which combines a real SSN with fake data can bypass a credit bureau check, it’s less likely to get past a document check. And a fraudster is unlikely to want to put their face to a fake identity with a biometric check. 

Onfido document verification lets a user scan an identity document from any device, and the document is then checked to see if it’s authentic or fake. Combined with Onfido’s biometric verification, a business can seamlessly anchor a customer’s real identity to an account. A use simply takes a photo of their ID, and then a selfie, and Onfido’s hybrid system checks if they match with a fast response time. 

To find out more about growing fraud trends, check out our Identity Fraud Report 2022.

Previous Article
5 fraud predictions for 2022
5 fraud predictions for 2022

How do you stay one step ahead of the fraudsters in 2022? In this blog we examine the top five trends that ...

Next Article
Glossary of terms
Glossary of terms

Want to know your verification from your authentication? Your CDD from your EDD? Look no further.