The need to authenticate who we are in the online world is a top priority. And why is that? Advances in technology not only benefit those seeking to protect their information, but they also offer new opportunities for those with malicious intentions. In this context, an unsettling phenomenon arises synthetic identity theft.

The complexity and risk associated with synthetic identity theft are on the rise, posing a challenge for companies seeking to keep their customers and their own systems secure. Let’s take a look at what it’s all about!

What are synthetic identities?

Synthetic identities are hybrid compositions of personal data that blend true information with fictitious details. At times, these amalgamated data can originate from multiple individuals, such as mixing a genuine Social Security number with the details of someone else’s credit card.

There are several ways to create a synthetic identity:

  • Manipulated: these identities are a compound of authentic documents and fabricated data.
  • Blended: they are crafted using genuine information but sourced from different origins or individuals.
  • Fabricated: even elements like Social Security numbers can be randomly generated but designed to fit within a valid range.

To understand it well, a defining trait of synthetic identities is their construction from multiple data sources.

They are created specifically to bypass security measures and deceive commercial or financial entities.

When true elements are incorporated into these identities, the real individuals associated with those elements may face serious consequences, sometimes discovering the damage years after the crime.

This fraud originated in the United States: according to the National Credit Union Association, the problem of synthetic identity theft has worsened there in part due to the reliance on the Social Security number as the primary identifier, which no longer offers sufficient security on its own.

This is also confirmed by the Federal Reserve of the United States: synthetic identity theft stood out as the fastest-growing form of financial fraud in the U.S. during the year 2019, between 85% and 95% of these incidents of synthetic identity theft evaded detection by existing security mechanisms.

What is synthetic identity theft?

But how does it work exactly? Let’s explain it briefly:

  1. Information gathering: Criminals collect data from various sources, including public databases, social networks, and credit records.
  2. Creation of the fake identity: Once they have enough information, they combine it to create a new identity that doesn’t correspond to any real person. In some cases, they add completely fictitious data to complete the profile.
  3. Identity verification: The synthetic identity is then used to access financial services, such as bank accounts, credit cards, or loans. In extreme cases, they may even apply for jobs or government benefits with these identities.
  4. Identity building: Fraudsters invest time in establishing the credibility of this fake identity, paying bills, and building a credit history.
  5. Fraudulent use: Once trust in the synthetic identity is established, it is used to commit various types of financial fraud, including identity theft, credit card fraud, or money laundering.

One of the biggest complications in identifying synthetic identity theft is that it uses legitimate information to establish a fake identity. This not only makes detection difficult, but by using multiple fake identities, criminals can engage in illicit activities that are incredibly hard to trace.

It’s not just financial institutions at risk: any company handling user accounts is exposed. Criminals often acquire identities from the black market to open accounts at banks, where they maintain seemingly normal financial behavior over an extended period.

Over time, they request increases in their credit limits, and when granted a sufficiently high limit, they max out their credit cards and disappear. The bank then finds itself in a difficult situation, realizing it has been doing business with a nonexistent entity.

How can synthetic identity theft be detected?

Here are several strategies and emerging technologies aimed at mitigating this type of fraud.

Depth and Consistency

Depth and consistency are two crucial dimensions for assessing the attributes of an identity. For example, if a phone number has been around for a long time, it’s likely legitimate; similarly, if different sources of information corroborate the same address, that adds more consistency to the attribute.

Identity Ecosystem

The concept of an “identity ecosystem” is introduced, which evaluates the risk level of attributes based on the likelihood of compromise. That is, if certain data is widely accessible or prone to being stolen, its ability to verify identity is reduced.

Data Analysis and Advanced Techniques

Technology can also help. Here are some strategies to quickly detect synthetic identity theft.

Facial Verification on Devices

Facial verification is an effective tool in combating synthetic identity theft, especially when used in combination with other security measures. By requiring a facial match, companies can add an additional layer of authentication beyond simple document or personal data verification.

Reverse Social Media Search

Performing a reverse search of an individual’s email or phone number can reveal if the data is linked to accounts on social media, adding a layer of verification to their identity.

Behavioral Analysis and Velocity Rules

This refers to how a user interacts with a platform through, for example, a proof of life. Did they complete the KYC process faster than humanly possible? Did they input a Social Security number without hesitation? These behaviors can be indicative of fraudulent activities.

Artificial Intelligence and Machine Learning

A machine learning system can be especially effective at identifying suspicious behavior patterns, even if the fraudster has passed the KYC phase. AI and machine learning can learn from data to detect suspicious activities in real-time or near real-time.

What is the difference between synthetic identity theft and identity theft?

Both identity theft and synthetic identity theft are forms of personal information abuse, but there are important subtleties that distinguish one from the other.

Identity Theft

Identity theft occurs when a criminal obtains and uses an individual’s legitimate personal information without their consent. This can include the full name, Social Security number, date of birth, and other personal data. The thief’s goal is to use this information to access financial accounts, open new lines of credit, apply for loans or make purchases, all in the victim’s name. Criminals act swiftly, exploiting the stolen information in real time or within a short period to maximize their gain before being detected.

Synthetic identity theft

On the other hand, synthetic identity theft is a more elaborate and premeditated crime. Here, the criminal creates a completely fictitious or semi-fictitious identity using a combination of real and invented information. The goal is not to impersonate a real person but rather to establish a completely “new” persona that can be used to open credit accounts, apply for loans, or access other financial services.

These are the key differences:

  • Identity Origin: In identity theft, the information belongs to a real and legitimate person. In synthetic identity theft, the identity is entirely or partially fabricated.
  • Speed and Duration: Traditional identity theft occurs over a short period and is usually performed in real time. Synthetic fraud, on the other hand, is a long-term operation that is often meticulously cultivated over an extended period.
  • Nature of the Criminal: Actors behind synthetic identity theft tend to be more patient, calculated, and sophisticated. They often are part of larger and more complex organizations, posing additional challenges for detection and prosecution.
  • Impact on the Victim: In identity theft, a real person suffers the direct impact of the crime, both financially and emotionally. In the case of synthetic fraud, the direct victim is generally a financial or credit entity, although the effects can extend more widely in the economy.

How can a company prevent synthetic identity theft?

According to Experian‘s 2023 “Future of Fraud Forecast” study, synthetic identity theft is the fastest-growing financial crime. According to Experian, this type of fraud causes 80% of all credit card-related losses and nearly 20% of unauthorized refunds.

As mentioned, solutions like Silt can help confirm that the person attempting to open an account or make a transaction is truly who they claim to be.

By requiring a facial match, companies can add an additional layer of authentication beyond simple document or personal data verification.
What are you waiting for? Contact us to bounce back from fraud.