Synthetic ID Fraud: Fighting an Invisible Enemy
By: PJ Rohall, About-Fraud.com and Featurespace
About-Fraud.com is a SCARS Educational Partner educating businesses and consumers of the dangers of the internet & related fraud.
Originally published in Banking Strategies
What Is Synthetic Identity Theft Synthetic identity theft, or synthetic identity fraud, occurs when a criminal creates an identity instead of stealing an existing one. The scam involves mixing real Social Security numbers, or fake numbers, with other pieces of information—names, addresses, and birthdates—to put together an entirely new identity, often using partially fake identity information. In contrast, the more familiar form of identity theft involves using the actual name, Social Security number, and other personal data of a single victim.?
Synthetic identity theft is a type of fraud in which a criminal A criminal is any person who through a decision or act engages in a crime. This can be complicated, as many people break laws unknowingly, however, in our context, it is a person who makes a decision to engage in unlawful acts or to place themselves with others who do this. A criminal always has the ability to decide not to break the law, or if they initially engage in crime to stop doing it, but instead continues. combines real and fake information to create a new identity. The real information used in this fraud is usually stolen. This information is used to open fraudulent accounts and make fraudulent purchases.
Synthetic identity fraud Synthetic identity theft, or synthetic identity fraud, occurs when a criminal creates an identity instead of stealing an existing one. The scam involves mixing real Social Security numbers, or fake numbers, with other pieces of information—names, addresses, and birthdates—to put together an entirely new identity, often using partially fake identity information. In contrast, the more familiar form of identity theft involves using the actual name, Social Security number, and other personal data of a single victim. has been around for decades in the United States but has only recently garnered scrutiny from financial institutions and service providers, as well as attention from the media. Rough estimates suggest that financial institutions are losing billions of dollars each year due to synthetic ID fraud, and the numbers appear to be growing. As this threat intensifies, how can financial institutions fight back?
DIFFERENTIATING TRADITIONAL IDENTITY FRAUD FROM SYNTHETIC IDENTITY FRAUD
Synthetic ID fraud began escalating when the Social Security Administration started randomizing the issuance of Social Security numbers in 2011. Randomized issuance enabled criminals to commit a new type of fraud by using any nine-digit number combination that did not have credit on file.
Another issue is that the financial industry doesn’t have an agreed-upon definition of synthetic ID fraud, and there is further ambiguity in the various subsets of synthetic ID fraud, which include first- and third-party. Without a common taxonomy, the industry struggles to put together a fully effective response.
Unlike many other types of attacks, synthetic ID fraud doesn’t necessarily victimize anyone immediately. Identities are cobbled together gradually at minimal cost and fraudulent applications Applications or Apps
An application (software), commonly referred to as an ‘app’ is a program on a computer, tablet, mobile phone or device. Apps are designed for specific tasks, including checking the weather, accessing the internet, looking at photos, playing media, mobile banking, etc.
Many apps can access the internet if needed and can be downloaded (used) either for a price or for free.
Apps are a major point of vulnerability on all devices. Some are designed to be malicious, such as logging keystrokes or activity, and others can even transport malware.
Always be careful about any app you are thinking about installing. have traditionally been difficult to detect. With a little patience, fraudsters can build up multiple accounts across a range of credit products. When they’re ready to “bust out”, they use their accumulated credit all at once and then disappear, leaving the lender with defaulted loans and nobody to hold accountable.
The problem for financial institutions isn’t just in stopping the fraud, it’s also determining where it will end up. Most synthetic ID fraud is lumped in with a financial institution’s legitimate customer credit defaults, artificially inflating credit risk and leaving little insight into the scope of the real problem. If you can’t quantify the losses, it’s hard to determine how to invest in preventative measures.
This year, the SSA launched the pilot program for electronic, consent-based verification of Social Security numbers – better known by its acronym, eCBSV. This program, targeted for industry wide roll-out in 2021, enables financial institutions to cross-reference specific application information with what the SSA has on file. Although only in its infancy, this program could play a significant role in mitigation strategies. Technology providers and fraud fighters across industries have also developed targeted data sets, advanced analytics and prescribed methodologies to help financial institutions tackle synthetic ID fraud.
The fundamental challenge in stopping synthetic ID fraud is understanding the depth and consistency of the data provided in the application. Does the data verify over a long period of time, and is that data consistent throughout the multiple data points in the application? Data consortiums can help determine this.
Financial institutions must also be more attuned to the types of inconsistencies in an application that would raise suspicions of synthetic ID fraud. For example, the applicant may use an invalid email address, or their phone number links to multiple name/address combinations. This doesn’t guarantee that the applicant is a criminal, but it does send up red flags. The process of combining those aggregate signals must be streamlined through a single platform where machine learning Machine learning is a subset of artificial intelligence. Machine learning has the capacity to learn over time without being explicitly programmed. It can ingest a large amount of data and detect patterns and anomalies at scale. Supervised machine learning models are trained on a set of labels, while unsupervised machine learning does not require labeled data., link analysis and investigator review can work in conjunction.
Stopping all synthetic ID fraud at the application stage would be ideal, but this is not realistic, so it’s important to continue monitoring the behavior
Behavior / Behavioral Actions
Otherwise known as habits, behavior or behavioral actions are strategies to help prevent online exploitation that target behavior, such as social engineering of victims. Changing your behavior is the ONLY effective means to reduce or prevent scams. of applicants beyond the approval process. These criminals will try to behave like “normal” customers before they bust out, but they still do things that stand out. These include frequently requesting credit line increases over a short period of time, a lack of common customer transactions (installment payments, automated bill pay enrollment, etc.) and constantly building up authorized user tradelines.
Considered separately, these actions may not say much, but taken together, they tell a different story. Financial institutions must be capable of making sense of signals within their data, which requires reliable third-party data sources, a strong understanding of the specific synthetic ID fraud behaviors and advanced analytical techniques.
Finally, it’s important to build up accurate labels of synthetic ID fraud, which is initially a challenging task because most financial institutions lump synthetic ID fraud with all other credit write-offs. Fraud teams should have a clear taxonomy for accurately labeling synthetic ID crimes. Over time, these labels can be used in supervised modeling, leading to a richer and more useful knowledge base.
PJ Rohall is a fraud market expert at Featurespace.
This article is published with the permission of the Author. Copyright © 2020 PJ Rohall
How Synthetic Identity Theft Works:
Fraudsters who commit synthetic identity theft steal information from unsuspecting individuals to create a synthetic identity Synthetic identity theft, or synthetic identity fraud, occurs when a criminal creates an identity instead of stealing an existing one. The scam involves mixing real Social Security numbers, or fake numbers, with other pieces of information—names, addresses, and birthdates—to put together an entirely new identity, often using partially fake identity information. In contrast, the more familiar form of identity theft involves using the actual name, Social Security number, and other personal data of a single victim.. They steal Social Security numbers (SSNs), and couple that with false information like names, addresses, and even dates of birth. Because there is no clearly identifiable victim in this kind of fraud, it often goes unnoticed.
People who commit synthetic identity fraud can use multiple identities simultaneously, and may even keep accounts open and active for months—even years—before the fraud is even detected. They may open accounts, use them responsibly for a certain period of time in order to build up the credit score and history. The higher credit score allows the fraudster A Scammer or Fraudster is someone that engages in deception to obtain money or achieve another objective. They are criminals that attempt to deceive a victim into sending more or performing some other activity that benefits the scammer. for a bigger windfall down the road. In some cases, criminals rack up fraudulent charges, then use real information used to create their fake identity to pose as a fraud victim and get their credit line restored. Then, they use additional credit to commit further theft.
Some forms of synthetic identity fraud are not motivated by a need to steal money. There are some cases involving undocumented immigrants who use invented or stolen SSNs to obtain financial services. While still a form of fraud, these synthetic identity thieves aren’t looking to steal money from financial institutions, they just want access to bank accounts and credit cards that facilitate getting paid and making payments and purchases.
- Synthetic identity theft is a type of fraud in which a criminal combines real and fake information to create a new identity.
- Fraudsters may open accounts and use them responsibly for a certain period of time in order to build up the credit score and history.
- In some cases, criminals rack up fraudulent charges, then use real information used to create their fake identity to pose as a fraud victim and get their credit line restored.
- Synthetic identity fraud is the fastest-growing financial crime in the United States.
To learn more about numerous types of FRAUD we recommend that you visit www.About-Fraud.com (an educational partner of SCARS)
From the United States Federal Reserve System On Synthetic ID Fraud