What is synthetic identity fraud and how does synthetic identity theft work?

5.18 billion – that’s the internet population of the world as of April 2023. Every day, billions of users access new digital services—from ordering food on their favorite app to digitally opening a bank account to purchasing a new pair of sneakers online.

With over 64 percent of the world interacting online, the digital economy presents one of the most powerful growth opportunities for businesses around the world. But as they say: With great power comes great responsibility— the responsibility to offer consumers a safe, yet seamless experience. This is often not as easy as it sounds, especially as fraudsters become more sophisticated, especially with synthetic identity fraud—which is projected to cost businesses nearly $5 billion in 2024.

Picture this: You spent months developing a website (or app) for digitally onboarding new customers, your performance marketing team spent hundreds of thousands of dollars to attract the users, and you had hundreds of sign-ups in the first month. What happens when you discover that many of the users you onboarded aren’t real?

Synthetic identity fraud occurs when genuine information is merged with fabricated information to create a new synthetic identity.

This synthetic identity may seem credible, allowing it to be used to open accounts, make fraudulent purchases and more. Synthetic identity fraud is among the fastest-growing forms of identity theft. In fact, according to Security Magazine, 46 percent of organizations faced synthetic identity fraud in 2022.

A closer look at synthetic identity fraud

The abundance of personally identifiable information (PII), such as emails and mobile numbers on the dark web helps fraudsters build synthetic identities that often appear to be genuine.

A reason organizations struggle to detect synthetic identity fraud is that fraudsters may not directly use a synthetic identity immediately after creation. In fact, they sometimes instead cultivate synthetic identities before harvesting them, fostering these identities for a year or more before committing fraud. Fraudsters may open a checking account in the synthetic identity’s name or add the synthetic identity to an existing credit card, for building a credit file and so on, all of which makes the identities look more genuine and mature (and grants them a larger credit line, for example).

In general, the methods used by fraudsters for creating synthetic identities fall into two categories:

  • Manipulated: This is a genuine identity with one or more personal details altered. For example, a consumer with low credit attempts to manipulate their identity to hide their previous history. Manipulated synthetic identities may be easier to detect.
  • Manufactured: A fraudster combines real and false information to create a new identity. For example, a fraudster uses real and false information to open an account that does not belong to any known or real person.

 

Synthetic versus traditional (stolen) identity theft

With traditional identity theft, a person’s information—such as Social Security Number or National Identification Number, address or driver’s license—is taken over. In other words, the fraudster steals the real, full identity of a genuine person. This stolen identity can be used to quickly make a fraudulent purchase, for example.

With synthetic identity fraud, the identity is created from different pieces of information, and a real person does not exist. On the surface, it may seem that because synthetic identity fraud does not target a particular individual, it’s less harmful. Unfortunately, this is not the case.

Imagine a bank customer is defrauded, and then the customer will report that fraud in an attempt to get compensated. This means the bank knows fraud has happened and can investigate it. However, because there may not be a single person associated with the synthetic identity, these fraud attacks often go undetected. Without being able to rely on a consumer to raise the red flag, there’s a chance that organizations may perceive synthetic identities as genuine for several months or years, enabling greater fraud losses. To make matters more difficult, synthetic identity fraud is growing in both sophistication and velocity.

How do fraudsters use synthetic identities?

Financial services: A common way for fraudsters to use synthetic identity in banking and lending is by opening new accounts. Prior to using synthetic identities for fraudulent activities, fraudsters often cultivate them for months or years to build a good credit history and larger credit lines. This makes organizations often believe that the presented synthetic identity is genuine, leading to the creation and onboarding of accounts that may not belong to a real person.

According to Aite Novarica, synthetic identity incubation was one of the top three (tied at number two) most commonly occurring types of fraudulent activity observed from demand deposit /checking account applications in 2022.

Ecommerce and online marketplaces: Because consumers expect a seamless shopping experience online, ecommerce companies often put lower checks in place—especially while creating new accounts and making an initial purchase. Fraudsters take advantage of this and use synthetic identities to set up an account, make several high-value purchases and obtain a chargeback, increasing the burden of losses for merchants.

How to combat synthetic identity fraud

So, what can organizations do to defend against this sophisticated type of fraud? Forward-looking organizations have already embarked on a journey to fight synthetic identity fraud by investing in in-house or partner-driven, anti-fraud solutions. However, fraudsters are getting more sophisticated in their approach, highlighting the need for organizations to continue to refine their anti-fraud investments. Take an example: Fraudsters often rely on unique identifiers, such as a Social Security Number, which is a static attribute (I.e. it does not change with time, unlike, for example, an IP address. If an organization wants to stay ahead of a fraudster, then they will also need to verify digital identity, such as IP address, email and phone, along with static identity attributes. This process may not be easy, because consumers expect a seamless experience, giving organizations just a fraction of a second to decide whether a transaction is fake or genuine.

To recap, synthetic identity fraud occurs when genuine information is merged with fabricated information to create a new synthetic identity. Because fraudsters cultivate these synthetic identities for months or years to secure good credit lines, these identities may often seem genuine. Digital identity holds the key to determining whether an identity belongs to a genuine person or is synthetic. Look at digital identity as footprints that a user leaves behind, each time they shop, transact, or open an account. Smart organizations are the ones who can trace these digital footprints to distinguish between a good customer and a bad actor.

Our solutions use core digital identity elements that we consider the global standard for identity verification in the internet age. These digital identity elements are name, email, address, phone and IP address). Our identity verification solutions can complement your existing anti-fraud platform and better equip you to fight one of the fastest-growing forms of identity theft: synthetic identity fraud.

Click here to learn more about our solutions, which can help you prevent potential losses due to synthetic identity fraud while ensuring that you deliver a seamless customer experience.