Synthetic Identity Fraud: What It Is and How to Prevent It
What is synthetic identity fraud, and how can organizations protect themselves against it? Get the answers to these and other questions in our guide page
Synthetic identity is a type of fraudulent identity created by blending real and fabricated personally identifiable information (PII) to create a new, fictitious identity that isn’t directly traceable to a person.
How are synthetic identities created?
The most common method of generating a synthetic identity is to steal an actual person’s credentials — often those of a child, an unhoused person, a recent immigrant, an incarcerated individual, the elderly, or the recently deceased — and combine it with fabricated details such as a false name, address, and phone number. For this reason, synthetic identity fraud is considered a form of identity theft.
There are a few different ways fraudsters can get a hold of victims’ credentials, including social engineering tactics such as phishing, vishing, farming, and whaling, and data breaches where consumers’ PII is sold over the dark web.
What is synthetic identity fraud?
Synthetic identity fraud is a broad category comprising any fraud that relies on synthetic identities. These synthetic identities are often used to open bank accounts, obtain loans, and acquire credit cards, amongst other deceptive practices; many cases of synthetic identity fraud also qualify as application fraud. This form of fraud can impact any sector in any industry and is challenging to prosecute due to the elusive nature of the identities involved.
What are the most common types of synthetic identity fraud?
Merchant fraud: Fraudsters often create synthetic identities to apply for lines of credit. A fraudster will then use it to make small purchases and pay them off, giving the appearance of legitimate usage and enabling fraudsters to build credit. Once they’ve reached a sufficient credit limit, the fraudster will either convert their credit into cash using bank checks or max out their credit card and then abandon the account, leaving the card issuer with significant losses.
Auto loan fraud: Another example of application fraud is auto loan fraud, which is when a fraudster uses a synthetic identity to apply for a loan. Once approved, the fraudster will use those funds to purchase a vehicle to sell or ship overseas. The fraudster then defaults on the loan, disappearing without a trace.
Mortgage fraud: Like auto loan fraud, fraudsters can use synthetic identities to apply for mortgages and purchase property. These properties are used in further financial schemes or sold off while the loan defaults.
Healthcare fraud: Fraudsters can use synthetic identities to obtain medical services or equipment that is then resold on the black market, resulting in financial losses for healthcare providers and complicating medical records, hurting patient care.
Government benefits fraud: Fraudsters often use synthetic identities to illegitimately claim government benefits, such as unemployment insurance, social security benefits, and tax refunds, draining resources intended for legitimate beneficiaries.
Telecommunications fraud: This is a form of application fraud. A fraudster uses a synthetic identity to sign up for a cellphone plan. They then rack up large bills to their account, particularly for international calls or data usage, and then abandon them.
Utility fraud: Like telecommunications fraud, synthetic identities are used to open accounts with utility companies. The fraudster consumes the utility provider’s services without any intention of payment, leading to financial losses when the account defaults.
Why is synthetic identity theft harder to detect or prevent than other forms of fraud?
Synthetic identity fraud is uniquely challenging to detect and prevent, primarily because it involves a blend of legitimate and fictitious information.
Traditional fraud detection systems match information against known fraud patterns or verify the authenticity of an entire identity. Since part of a synthetic identity is genuine, it can bypass these checks, and the discrepancies within the fabricated component — such as a falsified name or address — are often not linked to a real person and, therefore, not registered as an immediate threat. In most cases of synthetic identity fraud, fraudsters will also mimic legitimate user behavior, which makes it more challenging for traditional systems to validate that behavior against routine fraud patterns.
The decentralized nature of data and varying standards for data sharing and verification amongst institutions add another layer of complexity. Synthetic identity fraud is hard to detect because different entities hold different pieces of an individual’s PII without a unified data sharing and analysis approach. This disjointed landscape creates gaps in coverage that fraudsters can easily exploit.
What technologies can businesses use to overcome the limitation of traditional fraud detection systems for synthetic identity fraud?
There are a wide variety of technologies that organizations can use to mitigate synthetic identity fraud, including:
End-to-end orchestration
End-to-end orchestration integrates various fraud detection systems and workflows into a cohesive platform, coordinating all the stages of the identity verification process, from initial data capture and validation to ongoing monitoring and threat response. By centralizing and automating verification processes, orchestration ensures that anomalous activity and suspicious patterns are swiftly flagged and addressed.
Data Intelligence
Data intelligence requires analyzing data to uncover patterns, trends, and correlations that might indicate fraudulent activity. In the context of synthetic identity fraud, data intelligence tools can analyze vast quantities of data from diverse sources to detect the sometimes subtle inconsistencies that might suggest using a synthetic identity.
Artificial intelligence
Artificial intelligence (AI) can amplify fraud detection efforts — synthetic identity fraud or otherwise — by using machine learning models to study historical data on confirmed fraud cases and legitimate transactions. These models can then analyze patterns in data at scale and with a high degree of accuracy, detecting intricate relationships and anomalies across data points that even human analysts might overlook. These models also enable AI systems to continuously learn and adapt to new fraud patterns and tactics, making them an invaluable tool for identifying and responding to synthetic identity fraud as it evolves.
What are common signs of synthetic identity fraud?
Key indicators of synthetic identity fraud include:
Discrepancies in an individual’s credit profile, such as variations in name, address, and employment details across their various applications and accounts
A social security number (SSN) that does not align with the location where or date range when it was purportedly issued
A lack of information available for an SSN outside of the credit system, such as a missing history of residential or employment records
Multiple accounts under the same SSN showing significantly different PII, such as varying names and dates of birth
Multiple identities with similar PII, such as similar names, birthdates close in range, or the same address but with different SSNs
Registration of credit accounts to commercial addresses or P.O. boxes instead of residential addresses
Relatively new credit files but have unusually high credit limits or have rapidly established good credit
Sudden spikes in credit activity, such as opening multiple lines of credit or making multiple high-volume transactions in a short period
What can organizations do to prevent synthetic identity fraud?
Many synthetic identities are near-indistinguishable from the genuine article, making this fraud more challenging to detect. With that in mind, combatting synthetic identity fraud requires a coordinated effort across entire industries and the use of advanced technology.
Here are some ways organizations can safeguard themselves against synthetic identity fraud.
Enhancing verification processes: Organizations across all industries must fortify their existing processes by implementing advanced authentication methods, such as multi-factor authentication, biometric verification, and real-time identity verification services that cross-reference applicant data with multiple databases to ensure its legitimacy.
Building machine learning models: Machine learning systems are a powerful tool in the fight against synthetic identity fraud, using algorithms and statistical models to analyze large datasets and interpret patterns and structures in that data — particularly anomalous activity. Compared to static, rules-based fraud detection systems, machine learning-based systems constantly ingest and learn from new data without the need for manual interventions, enabling organization to adapt to evolving fraud tactics.
Data sharing between institutions: Collaboration between banks, credit agencies, and other financial institutions is the key to mitigating synthetic identity fraud. By promoting data sharing between institutions, organizations can feed industry-wide fraud signals to their machine-learning models alongside proprietary data, enabling them to stay one step ahead of emerging forms of fraud and update their fraud prevention strategies in real time.
Implementing strong credit validation systems: Banks and other lending institutions can implement more rigorous systems to validate the history of credit applicants, applying greater scrutiny to the length of their credit history and the authenticity of their past transactions and validating their SSNs against historical issuance records
Monitoring consumer accounts: Continuously monitoring consumer accounts for unusual activity patterns, such as sudden spikes in transaction volumes or changes in user behavior, can help organizations proactively flag cases of synthetic identity fraud.
Educating employees: While it isn’t a substitute for fraud detection software, a simple but effective way to mitigate synthetic identity fraud is to ensure employees recognize it when they see it. Organizations should develop comprehensive training materials and conduct regular training sessions on the latest fraud trends to help them spot the subtleties of synthetic identities.
What steps should organizations take if they detect or suspect synthetic identity fraud?
It’s crucial that any organization that uncovers a suspected case of synthetic identity fraud act swiftly to minimize damage and prevent further fraudulent activity.
Here are some basic steps organizations can follow to protect themselves in such an event:
Immediately isolate and restrict the affected account (or accounts) to stop any ongoing transaction and prevent further misuse while the investigation is underway.
Conduct a thorough internal investigation to understand the extent of the fraud by reviewing transaction histories, communication logs, and applicant information used to open the account to identify any discrepancies that could indicate the identity is fabricated.
If the investigation concludes that a case of synthetic identity fraud has taken place, notify the appropriate law enforcement agencies and regulatory bodies, providing detailed information about the incident.
Notify any customers who may have been impacted by the incident. Clearly explain the scope of the incident and what steps you have taken to address it and assure them of the security measures your organization has in place.
To prevent future incidents, review your identity verification and validation processes, monitoring systems, and security policies to identify any potential gaps in coverage that fraudsters might have exploited. Then, take immediate action to address these vulnerabilities.
How is synthetic identity fraud likely to evolve in the future?
As technology grows more advanced, so will fraudsters’ tactics. While AI tools are integral to organizations’ synthetic identity fraud prevention efforts, fraudsters create more convincing fake profiles that better mimic the behavior of legitimate users, making them difficult to detect.
Fraudsters may even use AI to create deepfakes — synthetic media where a person in an existing image or video replaces someone else’s likeness — which could pose a challenge for organizations that rely on photo, vocal, or video verification during their onboarding process.
As organizations turn to biometric verification to counter synthetic identity fraud, we can likely expect fraudsters to begin stealing and manipulating biometric data such as fingerprints, voice patterns, and facial recognition data for use in synthetic identities. Detecting and managing synthetic identity fraud will become more complex as fraudsters expand their activity across borders due to varying legal and regulatory frameworks across countries and regions, leading to a significant surge in international cases, with fraudsters exploiting gaps and inconsistencies in global data protection laws.
Organizations must invest in robust security measures and advanced technology to fight synthetic identity fraud in all its forms to protect businesses and consumers.
How does ACI Worldwide help organizations prevent synthetic identity theft?
From digital identity solutions that utilize behavioral analytics and over 10,000 fraud data signals from multiple sources to network intelligence that leverages flexible consortium data for real-time signal sharing, ACI Worldwide offers a wide range of solutions designed to help merchants, banks, and billers combat synthetic identity fraud. To learn more about these and other offerings, contact the ACI team today.
Customers
