Synthetic Identity Theft

May 19, 2022 | 11 min read

Synthetic Identity Theft

Synthetic Identity Theft: What is Syn Fraud & How Can You Protect Yourself?

In the past few years, synthetic identity theft has become the most prominent form of identity fraud in the US. According to a recent report by FiVerity, estimated losses to synthetic fraud hovered around $20 billion in 2020, rising from around $6 billion annually just five years earlier.

You’re probably wondering: how does a $14 billion spike in losses affect your bottom line? We’re about to find out.

In this article, we’ll discuss what synthetic identity theft is and how it works. We’ll also explain why it matters and how both consumers and merchants can avoid it altogether.

What is Synthetic Identity Theft?

Synthetic Identity Theft

[noun]/* sin • THe • dik •ˌī • den •ˌ(t)ə •ˌdē •ˌfrôd/

Synthetic identity theft, also known as synthetic identity fraud, occurs when cybercriminals use compiled stolen data to create new identities (instead of stealing and using existing accounts). They can use these synthetic identities to carry out fraud attacks.

Other third-party fraud attack methods like account takeover fraud or clean fraud are based around established identities. The fraudster gains access to a cardholder’s account or personal information, then purchases as much as possible within the limited window prior to discovery.

Synthetic fraudsters take a bolder approach with an eye to the long term. They’re creating fictional identities by combining a stolen Social Security number with a legitimate address (often a PO box). Posing as these “synthetic” customers, the fraudsters begin applying for credit accounts.

Of course, banks commonly reject credit requests for persons with no credit profile on record. Ironically, however, inquiring about an account leads credit bureaus to believe a faux customer exists. The odds are good that, eventually, some lender will approve credit for an applicant.

Once the fraudster decides the credit limits are high enough—a process that can take years—they will “bust out,” maxing out all the accounts associated with the fake customer before discarding the identity altogether and disappearing.

How Does Synthetic Identity Theft Work?

There’s not a lot of information available to help accurately identify a case of identity theft before an attack. Merchants can easily recognize one after the fact, though. Once the dust settles, and the fraudster has abandoned the account in question, it’s just a matter of determining which method was used.

There are two main categories of synthetic identity fraud:

Manufactured Synthetic Identities

Sometimes called ‘Frankenstein’ identities, they are composed of data cobbled together from multiple sources’ personally identifiable information (PII). For example, fraudsters can craft a false identity that features verifiable data points by using the SSN from one individual, the address from another, and the account information from a third user.

A more recent incarnation of this type of syn fraud. This involves a manufactured identity that doesn’t feature verifiable data points aside from a randomized SSN. Building a PII profile from scratch means that this information is solely in the fraudster's control. Therefore, it’s very difficult to discern from a real customer.

Manipulated Synthetic Identities

Identities based on a real person are less likely to throw up red flags, which is why this type of synthetic fraud is popular. To perpetrate this, fraudsters will make limited changes to an SSN in order to hide a past credit history and gain access to credit.

This type of synthetic fraud is more identifiable than manufactured identity fraud, since it often intersects with the real identity they are attempting to ‘borrow’. It is, therefore, more likely to fail a validity check.

Why We Should Be Paying Attention

Synthetic fraud is so concerning because it doesn’t require a specific consumer target. With other third-party fraud tactics, a person’s whole identity is subsumed by a fraudster to defraud others. With synthetic fraud, however, the fraudster pulls data from multiple sources, making it less likely that any one individual will discover the threat.

Without a specified victim, two major challenges present themselves:

  • Criminals can keep synthetic accounts open for years, increasing credit lines, building scores, and stockpiling these resources only to max out each line and then cash out of them altogether.
  • In these instances, there is no obvious indication of fraud nor any sign of fraudulent activity until it’s too late. This makes it extremely difficult to diagnose when and where breaches occur and also develop strategies to combat them.

Another contributing factor complicating the risks associated with synthetic identity is SSN randomization. Randomizing Social Security numbers has been the policy of the Social Security Administration since 2011. Randomization was intended to increase safeguards for the public. Instead, it’s only made it more difficult for fraud tools and detection systems to pinpoint a false SSN.

These are just a few examples of why synthetic identities are something to be aware of and prepared for. Aside from these, the term itself lacks a clear definition, contributing to a definite lack of inter-agency cohesion for action. If you can’t really agree about what a synthetic identity is and does, how can you cooperate to fight back?

Every day brings new fraud threats. Are you prepared to fight back?

Click below and learn how much you could save with professional chargeback management.


How Synthetic Identity Theft Impacts Consumers

Synthetic identity theft cases can look like many types of fraud that may or may not be synthetic. Confusing…right?

This is why they’re so difficult to pinpoint, aside from the extreme subtlety fraudsters employ in their process. Synthetic fraud can take many forms, such as:

card max payments

Unemployment Scams

card max payments

Tax Return Scams

card max payments

Paycheck Protection Scams

card max payments

Social Security Scams

card max payments

Employment Pension Scams

Once a synthetic identity has been created, the owner of an original Social Security number is usually on the hook for any debts or liabilities associated with the fraud that has been perpetuated. This means a person might start receiving threatening letters from creditors or other financial institutions regarding accounts the individual didn’t even know existed. Sometimes, even when the fraud has been identified and resolved, the social security number can remain compromised.

Inevitably, banks and processors victimized by synthetic fraud are bound to jack up their prices and interest rates to protect their bottom line. Increased inflation is a very real result of incidents like this. In this way, consumers pay double for fraud that is neither their fault nor responsibility.

We have a solid handle on how synthetic fraud affects consumers. So now, let’s look at what it does to merchants.

How Synthetic Identity Theft Impacts Merchants

Unlike other types of fraud, synthetic identity theft seldom presents an obvious consumer victim. Since the fraudsters themselves are receiving card statements, there is no one to notice anything amiss. Real cardholders connected to the stolen SSNs aren’t likely to even know their info has been hacked until it shows up as bad credit, which could take years.

The good news for buyers is that, when fraud occurs, there are some mechanisms to protect them. That’s not true for merchants, though.

The costs associated with synthetic fraud are ultimately more likely to fall on the merchant. Cardholders can file chargebacks to recoup funds lost due to fraud. And, even if banks don’t demand compensation for lost revenue, merchants are still out the merchandise cost and related expenses like shipping and processing.

To make matters worse, some fraudsters are “double-dipping,” buying products through fake cardholders, claiming the purchases were not as expected or never delivered. The fraudster files a chargeback to the banks, the costs of which are all dumped back on the merchant. They commit criminal fraud, then hit the merchant with a friendly fraud attack to victimize them again.

4 Ways Cardholders Can Prevent Synthetic Fraud

Let’s face it; there is no surefire synthetic fraud detection method that can save everyone from cybercriminals.

In reality, however, there are several things consumers can do to help prevent fraud from happening at all. Adopting a few best practices can help lower one’s vulnerability to fraud and even help them recover if they catch it in time. Consumers should:

#1 | Check Their Credit Often

Consumers should pull their credit multiple times per year to ensure all of their information is correct. Consumers in the US are legally entitled to one free report each year from each of the three main credit bureaus (Equifax, Experian, and TransUnion). They can also use third-party sites like CreditKarma to get regular updates.

#2 | Freeze Credit When Necessary

If there’s even a suspicion that a consumer's financial records have been breached, it would be wise for that individual to immediately place a freeze on their credit through all three credit bureaus. Users can also freeze their Social Security number, preventing fraudsters from using it.

#3 | Guard Their SSN

Try not to share Social Security numbers between family members. Keep it secret, and limit how often it’s shared externally. For instance, if a company requests an SSN to identify customers, it’s wise to ask if there is any other way to authenticate without sharing this crucial information.

#4 | Watch the Mail

If unusual mail shows up, addressed to someone else, that's a great time to check in with the credit bureaus. Irregular mail is a big clue that one’s data might have been compromised.

Most of the time, consumers aren’t held responsible for acts of fraud performed against them or in their name and will often be reimbursed if they lose funds or accounts to fraudulent activity. However, synthetic identity theft can come back to bite the consumer anyway.

Banks and financial institutions are the targets of synthetic fraud attacks. However, they will look to offset their losses by raising interest rates and lending costs. This will, in turn, force merchants and service providers to raise prices on goods and services. In this way, synthetic fraud affects everyone involved, from the top down.

4 Ways Merchants Can Defend Against Synthetic Fraud

Mitigating all types of fraud is a wise move for merchants across the board. When used in tandem, fraud tools and prevention methods effectively lower risk for merchants and their customers.

Merchants can help fight synthetic identity theft in several ways:

#1 | Deploy AI & Machine Learning

Machine learning technology can determine whether to accept—or reject—a transaction. The technology examines past data and uses it to predict logical outcomes. The software is self-learning, which means it learns as it is used, and helps increase its accuracy.

#2 | Authenticate Buyers Based on Risk

Merchants should segment lower-risk transactions from riskier ones by using AVS (Address Verification Services), CVVs, geolocation services, and other fraud prevention tools. Using this software, they can more effectively sort transactions based on risk value. This also lets them eliminate friction points for established customers.

#3 | Keep Software Up to Date

Software must be updated for a reason. If merchants neglect updates, they risk data breaches, damaging software glitches, and other easily-addressed complications that could be prevented.

#4 | Conduct Regular Audits

It's best to routinely audit systems for efficiency rather than assume they’re doing everything right and that all systems are running smoothly. Merchants can’t fix problems they don't know about. They also can’t solve a series of problems if the source remains undetected.

Synthetic Fraud: Just One Piece of the Puzzle.

If there is a bright side to any of this, it lies in the realization that criminal fraud—including synthetic fraud—accounts for a statistically small portion of credit card chargebacks. Most disputes are caused by either correctable human missteps or challengeable friendly fraud.

Chargebacks911® can help you eliminate revenue drains so you can concentrate on building stronger relationships with your honest, repeat customers. It’s the best possible solution: reduce fraud and increase profits.

Take a bite out of synthetic identity theft. Then take the next step to eliminate all chargeback sources. Let Chargebacks911 show you how.

Like What You're Reading? Join our newsletter and stay up to date on the latest in payments and eCommerce trends.
Newsletter Signup
We’ll run the numbers; You’ll see the savings.
Please share a few details and we'll connect with you!
Over 18,000 companies recovered revenue with products from Chargebacks911
Close Form