Synthetic Identity Theft: What is Syn Fraud & How Can You Protect Yourself?
In the past few years, synthetic identity theft has become the most prominent form of identity fraud in the US. According to a recent report by FiVerity, estimated losses to synthetic fraud hovered around $20 billion in 2020, rising from around $6 billion annually just five years earlier.
You’re probably wondering: how does a $14 billion spike in losses affect your bottom line? We’re about to find out.
In this article, we’ll discuss what synthetic identity theft is and how it works. We’ll also explain why it matters and how both consumers and merchants can avoid it altogether.
Recommended reading
What is Synthetic Identity Theft?
- Synthetic Identity Fraud
Synthetic identity theft, also known as synthetic identity fraud, occurs when cybercriminals use compiled stolen data to create new identities (instead of stealing and using existing accounts). They can use these synthetic identities to carry out fraud attacks.
[noun]/sin • THe • dik •ˌī • den •ˌtə •ˌdē •ˌfrôd/
Synthetic identity theft is a subset of identity fraud. It happens when a scammer combines stolen personally identifiable information (PII) with fabricated data to create new fake identities. For example, a fraudster may concoct an artificial identity by pairing together real data like a stolen social security number together with a phony name, birthday, and mailing address.
The introduction of synthetic information makes this type of identity theft different from account takeover fraud or new account fraud. In these more traditional forms of third-party fraud, scammers hijack a person’s real identity to commit fraud, but do not inject fake information.
Regardless, synthetic and traditional identity thieves have much the same goals: both seek to co-opt a victim’s PII for their own financial gain. Synthetic fraudsters can use a real victim’s social security number to acquire credit, open up bank accounts, steal tax refunds or government benefits, or even frame their victim for crimes.
How Does Synthetic Identity Theft Work?
Fraudsters blend real and false information to generate new identities that are then used for opening accounts, securing loans, or perpetrating financial crimes. This can be done through identity manipulation, meaning the alteration of existing information to construct a false identity. Or, through identity compilation, which involves combining certain elements of real data with fictitious components to form a completely new persona.
All synthetic identities contain some real PII. Most often, scammers are after social security numbers, since they are unique and are tied to a single individual.
Scammers can get their hands on PII from data breaches, the dark web, social media, or public records, which are then combined with fabricated details to create synthetic identities. Fraudsters take out loans and apply for credit using their fake persona. They can then try to maximize their short-term gains and disappear quickly, or slowly build the fake person’s credit, then engage in bust-out fraud for a larger payout.
Broadly speaking, there are two sub-categories of synthetic identity theft. One involves the manipulation of existing records, while the other involves the fabrication of new records:
A more recent (and difficult to detect) identity compilation tactic exists in the form of syn fraud. Here, the social security number is stolen from a real person, but other elements — like the new identity’s name, gender, date of birth, and so on — are entirely artificial.
According to credit scoring firm FICO, it accounts for between 10% and 15% of banks’ unsecured bad debt.
Scammers commonly use synthetic identities to open bank accounts and apply for loans and credit cards. But financial fraud is just the beginning. Fraudsters can also use synthetic identities to:
- Commit healthcare fraud
- Gain employment or residency
- Engage in money laundering
- Commit tax refund fraud
- Rent apartments or lease property
- Engage in romance scams or investment scams
- Access government benefits, like unemployment, disability insurance, or food stamps
- Frame identity theft victims for crimes
How Much of a Threat is Synthetic Fraud?
Synthetic fraud is a real and growing threat that affects both financial institutions and individuals. Reuters estimates that consumers and companies lose between $20 billion and $40 billion to synthetic identity fraud per year.
Worse, vulnerable populations are the most susceptible to synthetic fraud. KPMG and Carnegie Mellon University estimate that children’s social security numbers are 51 times more likely to be stolen by synthetic identity thieves. The elderly and homeless, populations who are less likely to monitor their credit profiles, are likewise more exposed to identity theft risks.
There are downstream consequences, too. Financial institutions and merchants, for example, must spend more on fraud detection and prevention tools and personnel than they would otherwise have to. Banks, credit unions, and other businesses that are unable to safeguard customer data may also suffer from reputational harm and lose the trust of their customers and the public.
Similarly, merchants who fail to comply with PCI-DSS regulations, a set of rules that govern how credit card information must be stored, processed, and transmitted, may face fines that can be as steep as $500,000 per incident.
How Can Merchants Detect & Prevent Synthetic Fraud?
Since synthetic identities are an amalgam of real and fabricated data, standard verification procedures that neglect to cross-check information using multiple databases often fail to detect this form of fraud. However, there are ways merchants and financial institutions can detect and prevent synthetic fraud.
Examples of commonly used synthetic fraud detection tactics include:
“...the most noticeable difference between a synthetic ID and a real one is that real people tend to leave behind messier and more diverse data trails. For example, real people change addresses, phone numbers, and e-mail accounts every now and then; their social media feeds connect with family and other real people; they engage with public authorities through student loans, property records, traffic tickets, marriage licenses, motor vehicle records, and many other means. And as they age, the data trail of a real person tends to grow more consistent, so the same basic information shows up in different places. When compared with these broader data points, the information connected with synthetic identities tends to be either strangely inconsistent or way too consistent. That is, either the data doesn’t match up or it doesn’t change in the way it should if it were a real person with a real life history.”
On the other hand, merchants and financial institutions can take proactive steps to prevent synthetic identity fraud as well. Some best practices on this front include:
Synthetic Fraud: Just One Piece of the Puzzle.
If there is a bright side to any of this, it lies in the realization that criminal fraud—including synthetic fraud—accounts for a statistically small portion of credit card chargebacks. Most disputes are caused by either correctable human missteps or challengeable friendly fraud.
Chargebacks911® can help you eliminate revenue drains so you can concentrate on building stronger relationships with your honest, repeat customers. It’s the best possible solution: reduce fraud and increase profits.
Take a bite out of synthetic identity theft. Then take the next step to eliminate all chargeback sources. Let Chargebacks911 show you how.
FAQs
What are the warning signs of synthetic identity theft?
One telltale warning sign that you may have been a victim of synthetic identity theft is if you discover a loan or credit line you didn’t apply for listed on one or more of your credit reports. If you receive calls, texts, emails, or letters about bank accounts or credit cards you didn’t open, that’s also an alarming warning sign. For merchants and financial institutions, inconsistencies in data traits or a conspicuous lack of social media activity can be a warning sign of synthetic identity fraud.
What is a fabricated identity?
A fabricated identity combines real personally identifiable information (PII) from one or more identity theft victims with fake information, such as a name, date of birth, address, gender, ethnicity, or occupation. The result is a new, fake identity that scammers can use to commit financial, benefits, or tax refund fraud.
What are the red flags for synthetic identity theft?
A sudden change or drop in your credit score, the presence of loans or credit cards you don’t recognize, or letters or other correspondence regarding bank accounts you didn’t open are all red flags that suggest you may have fallen victim to synthetic identity theft.
How is identity theft detected?
Consumers can regularly monitor their credit reports for signs of identity theft. Meanwhile, merchants and financial institutions can cross check public and private databases, review credit reports, search for social media profiles, and perform liveness checks to detect possible identity theft.
How do you fight identity theft?
You can fight identity theft by filing a police report, submitting a report with the Federal Trade Commission (FTC) at www.identitytheft.gov, or by filing a complaint with the FBI's Internet Crime Complaint Center (IC3).