What Is Synthetic Identity Theft?

Synthetic identity theft is a technique fraudsters use to gather a combination of real and fake information to create a new identity, which they then use to commit fraudulent transactions.

Fraudsters use stolen Social Security numbers and credit card numbers to define their identity and then mix in fake phone numbers, addresses, and other details to complete it. This technique makes it more difficult for merchants to detect and prevent these identities from making fraudulent transactions.

Fake Identity, Real Problem

While the term synthetic identity might sound like something from science fiction, it’s a very real problem. According to the FBI, synthetic identity fraud is one of the fastest-growing financial crimes in the United States. It’s estimated that synthetic identity theft costs financial institutions $20 billion in losses annually, according to the American Banking Association (ABA).

Unlike most online fraud, synthetic identity theft can be a slow process that’s tough to uncover. Criminals will slowly build up a reputable credit score over time, only to make a massive purchase or take out a large loan with no intention of paying it back.

For fraudsters, it’s never been easier to build a synthetic identity. The personal information of 281.5 million people has been compromised in data breaches in recent years, with new breaches up 17% in 2021. Databases containing stolen identity information are often dumped online freely, or sold on dark web marketplaces. Both small-time criminals and organized crime groups take advantage of this opportunity to defraud businesses and consumers.

How Are Synthetic Identities Created?

Criminals typically use stolen Social Security numbers or credit privacy numbers as a foundation for their synthetic identities. This information can be stolen via phishing scams or be part of a data dump on a dark web marketplace.

With this information in hand, fraudsters will typically make up the other details such as the address, email, and phone number. There are even online tools that can create and randomize these details.

In some cases, fraudsters will go as far as using the address of an abandoned house or linking the phone number to a prepaid cell phone number in order to complete two-factor authentication.

With the identity created, the fraudster enrolls the persona in several services to build credit. This could include registering for a credit card, putting bills on autopay, or continuously paying back small loans over time.

Sometimes, it’s established through something called “piggybacking.” This entails paying someone with a good credit score to let the fake identity become an authorized user of their credit card account, boosting the identity’s credit score. Other times, it’s just by applying for a loan. Even if declined, it automatically creates a credit profile.

With a larger credit limit, criminals stand to make a lot more when they choose to drain a credit line or get approved for a large purchase. In some cases, synthetic identities are used to launder money. For example, criminals can use synthetic identities to bypass know your customer (KYC) requirements for cryptocurrency exchanges and investment accounts.

How Does Synthetic Identity Theft Work?

Cultivating ersatz identities takes a lot of time, patience, and attention to detail. When a synthetic identity has “matured,” the game plan typically involves acquiring multiple lines of credit and then suddenly maxing them out on major shopping sprees before disappearing into thin air in “cash out” or “bust out” schemes.

The payout can be huge. The ABA estimates the average synthetic identity profile is used to successfully steal between $81,000 and $97,000. In one instance, a fraudster using synthetic identities obtained 558 credit cards in order to purchase a small fleet of luxury sedans. Another allegedly leveraged synthetic identities to take out $3.4 million in credit cards used to purchase prepaid cash cards, which are nearly impossible to trace.

Organized crime groups are also known to use synthetic identities to launder money and avoid taxes on gains. By using a synthetic identity, criminals can purchase cryptocurrency to fund other activities while avoiding taxes. With most cryptocurrencies being decentralized, it’s extremely difficult to ever recover the funds or identify the real fraudster.

Synthetic identity fraud impacts a lot of different people, making it a particularly malicious form of financial crime. Banks, creditors, and cryptocurrency exchanges that aren’t using adequate fraud detection are often blindsided. Since synthetic identities build a legitimate credit score and reputation over time, they can be tough to root out once established.

If authorities open a fraud investigation, many times all evidence points back to the victim of the stolen SSN. All too often, that victim is a child under the age of 18. Their SSNs are prized by cyberthieves precisely because they’re years away from discovering the crimes perpetrated using one of their key pieces of identity information.

With the details covered, let’s explore how both businesses and consumers can protect themselves and prevent synthetic identity fraud.

How to Prevent Synthetic Identity Theft

To prevent synthetic identity theft fraud, businesses should do the following:

To prevent synthetic identity theft consumers should do the following:

  • Monitor credit for any fraudulent purchases, new enrollments, or surprise loans.
  • Avoid using SSNs when possible.
  • Freeze your own and your children’s credit to help avoid identity theft.
  • Consider using an identity theft monitoring service.
    Check mail for any suspicious enrollment letters or government letters.

Telling Friend From Faux With Outseer

Banks, credit card issuers and other organizations looking to protect their brands and revenue can deploy Outseer Fraud Manager, which recognizes when synthetic identities are being used in the account enrollment process. Through machine learning, data science, and validation of a live human face against a government-issued ID, along with document verification against third-party databases.

By seeing what others can’t, we stop fraud long before an account is created or a transaction occurs. To learn how you can protect your customers through the power of frictionless fraud prevention, request a free demo today.

Armen Najarian

CMO + Chief Identity Officer

Armen is a 15-year Silicon Valley veteran with deep experience leading the marketing function for fast-growing fraud prevention, predictive analytics, and cybersecurity companies. His most recent leadership roles include CMO positions at Agari and ThreatMetrix, the latter of which he established as the definitive category leader for digital identity solutions.