Over twenty-five years ago, I was the victim of identity fraud. Someone with the same full name who lived in my town had billed tens of thousands of dollars in medical expenses to me. The fraudster pulled this off partly because of what is now considered an ancient trove of publicly available data. My full name, postal address and home telephone number were listed in the phone book – those printed, yellow-covered books that were delivered to your doorstep.
My identity thief was able to commit in-person fraud using his real photo ID (most likely his driver's license). Fortunately, when a collection agency eventually contacted me about the medical bills, the matter was easily resolved. That's because my identity thief had not stolen my social security number (SSN). But these days, a relatively new type of fraud has come to everyone’s town.
What is synthetic identity fraud?
Synthetic identity fraud occurs when a criminal combines real and fabricated credentials to create a new, implied identity that’s not associated with a real person. These fake identities are either invented, assembled from various sources, or made by changing breached data. Data breaches expose large volumes of personally identifiable information (PII) – like date of birth, SSN or driver’s license number. Fraudsters regularly collect, test, exploit and sell this type of PII on the dark web.
Synthetic identities are most often used to open fraudulent accounts (often to apply for credit) and to make fraudulent purchases via a credit line. People also create them for slightly less nefarious, but still criminal, purposes. For example, people may create a synthetic identity so they can:
- Live or work in a country.
- Access government financial and/or healthcare services.
- File fake tax returns.
- Create an alternate credit history. This is often a service sold by disreputable credit repair businesses that create synthetic identities for their clients.
Less contact, more fraud
In today’s digital world, customers demand fast, easy methods to create accounts – so, most new accounts are created using digital devices and the internet. The resulting easy access and anonymity fuels synthetic identity fraud.
Contact-less customer interactions have become the calling card of the COVID-19 pandemic response. Reducing in-person interactions with customers is good for public health, for sure. But it’s just as good for people committing fraud. More of this type of fraud is happening now than ever. Because more business is conducted online, and businesses often don’t have a verifiable digital identity for their customers.
Synthetic identities, real threats
Fraud is far more prevalent with digital than with in-person customer interactions. The reason? In the digital world, you lose the ability to verify identities with photo IDs like driver's licenses and passports. For example, in the digital world, one criminal can generate a considerable number of counterfeit credit applications. This results in far more fake applications than they could possibly complete with in-person, paper applications.
Synthetic identities generate real threats that negatively impact many businesses:
- According to Risk Based Security, criminals breached 15 billion records in 2019 alone.
- A report from Aite Group estimates that the cost of synthetic credit card fraud more than doubled between 2015 and 2020 from $580 million to $1.25 billion.
- Juniper Research predicts that $48 billion will be lost annually to synthetic identity fraud by 2023, with a $15 thousand average loss per incident.
- A Forbes report shows that 61% of fraud losses for big banks comes from identity fraud, and 20% of this is synthetic identity fraud.
- One of the largest credit card fraud schemes charged by the US Department of Justice involved more than 7,000 synthetic identities and 25,000 fraudulent credit cards, resulting in more than $200 million in losses.
- According to the US Federal Reserve, 85% to 95% of credit applicants identified as potential synthetic identities are not flagged by traditional fraud models.
- According to a McKinsey report, synthetic identity fraud is the fastest-growing type of financial crime in the United States, accounting for 10% to 15% of charge-offs in a typical unsecured lending portfolio.
- Research by the American Bankers Association shows that new bank account fraud loss rates in the digital channel are eight times that of accounts opened in the branch.
The digital binary: Enemy and ally
The digital channel creates a lot of opportunities for synthetic identity theft. But digital is a binary – meaning it’s both enemy and ally.
Digital channels create new tracking information, such as device fingerprint, IP address and geolocation. Device registration can determine if the same customer is using the same device to access an account. Additional digital authentication measures can request information from the account owner that is not easy to forge or fake. For example, a secret or passcode that only the real person represented by the account would know.
Businesses can integrate these digital details into their data analysis along with historical, personal and external information (like credit reports, voter registrations and property taxes). In turn, they obtain a richer view of – and more verifiable digital identity for – their customers.
Artificial can defeat synthetic
Synthetic identities can be used to establish accounts that behave like the legitimate accounts of real customers with good credit scores and histories. Identity thieves use synthetic identities that combine real and fabricated information – so it’s much harder to track. And with no clearly identifiable victim, this type of fraud often goes unnoticed. For these reasons, synthetic identities may not be flagged as suspicious using conventional fraud detection methods.
Analytics, big data, and, perhaps most importantly, artificial intelligence (AI) are the keys to stopping this type of fraud. AI may be the best weapon enterprises can deploy against synthetic identity fraud. Artificial can defeat synthetic – meaning AI can evaluate the connections (or lack thereof) among customers, devices, open accounts and account data.
AI can more easily and quickly detect patterns and anomalies that may indicate synthetic identity fraud, such as otherwise unrelated accounts:
- Associated with most of the same PII.
- Associated with the same credit file.
- Receiving payments from the same source.
- Being accessed by the same device.
- Being accessed by the same IP address.
To detect patterns and anomalies and defeat synthetic identity fraud, financial institutions and other businesses will benefit from a highly automated fraud prevention solution that includes AI and advanced analytics. This solution must incorporate data integrated from internal and external sources, as noted above. Such an approach helps businesses combat synthetic identity fraud both during account creation and via ongoing account monitoring. (This also requires paying special attention to when accounts approach financial limits.) By detecting suspicious activity early – before it’s too late – businesses can prevent larger, future losses.Learn how SAS fights identity and digital fraud