What is synthetic identity fraud?

Over the past two decades, economic downturns – most notably the Great Recession from 2007-9 – have foreshadowed a rise in financial crime. Against this backdrop, the threat of synthetic identity fraud has become a growing issue, with Forbes projecting losses of up to $5bn by 2024.

As synthetic identity fraud becomes more widespread, financial institutions are struggling to identify, classify, and overcome this complex financial crime. This was noted in our global compliance survey, where of the 800 C-suite and senior compliance decision-makers we surveyed 31 percent said the type of fraud they are most concerned about in 2023 is synthetic identity fraud, ahead of elder fraud (25 percent) and romance scams (22 percent). It’s also becoming an increasing concern for regulators. 

What is synthetic identity fraud?

Synthetic identity fraud is when someone uses a mix of real and fake personally identifiable information to create a false identity and commit fraud. For example, a synthetic identity can be created using one person’s name, another person’s date of birth, and another person’s National Insurance (NI) or Social Security Number (SNN). 

There are two main types of synthetic identity fraud: manipulated and manufactured.

• Manipulated synthetic identity fraud: Where the identity is real, but one or more personal details have been altered. This is typically fairly easy to detect.
• Manufactured synthetic identity fraud, also known as Frankenstein fraud: Where real and fake information is merged to create a new identity. This is the fastest-growing type of financial crime globally. Fraudsters often combine primary elements, such as date of birth or SSN, with supplemental elements, such as phone number or email address.

In the US, there is an additional issue fuelling the rise of the problem. SSNs are now randomized rather than based on geographical location, which has made it harder for firms to spot anomalies indicative of synthetic identity fraud. 

Methods used in synthetic identity theft

The primary method criminals use to create synthetic identities is by finding and buying personal information via the dark web, which has become even easier following high-profile data breaches. In many cases, fraudsters buy and use information related to the identities of a child, elderly person, or person in prison to increase the amount of time it may take to detect. There have even been cases of criminals using the SSNs of deceased individuals.

Examples of synthetic identity theft

• Building fake credit: Synthetic identity theft can affect the credit industry when a manufactured identity is used to open a credit account. Criminals play the long game, nurturing their credit accounts for months or even years until they can apply for maximum credit. Some even go to the effort of applying for loyalty cards and library cards to further legitimize their “identity.” Once they’ve reached a position to be offered a significant amount of credit, the criminals “bust out”; spend the money, and disappear.
• Health care fraud: Fraudsters use health insurance information belonging to someone else to get prescription drugs, see a doctor, or file claims to their insurance provider.
• Exploiting the welfare system: Synthetic ID fraud is also prevalent in the exploitation of government benefit support, including COVID-19 pandemic support. These identity scams cost governments hundreds of thousands of dollars. However, criminals tend to prefer corporate synthetic identity fraud as it’s more lucrative over a shorter time span. Experts predict that the mortgage industry will become increasingly vulnerable to synthetic identity theft.
• False tax returns: Fraudsters use stolen personal information to file someone else’s tax returns and keep the funds for themselves.
• Obtaining employment: Synthetic identities can be used to obtain employment if the fraudster personally lacks the documentation or credit history required by employers. These factors can also lead to fraudsters applying for loans or opening bank accounts.

Consequences of synthetic identity fraud

Losses connected to synthetic identity fraud can be difficult to quantify as the illicit activity is often linked to other criminal activities such as money laundering, trafficking, and funding terrorism.

Synthetic ID fraud is not a victimless crime, as later down the line, someone may realize their address or SSN has been used to commit fraud. This may prevent the victim from being able to apply for credit in the future. It can also be very upsetting to be asked to prove you’re the true holder of your own identity and not a financial criminal.

As with all types of fraud, financial organizations must raise their fees to recoup their losses. Where government departments are the target, it means councils have a deficit of public funds and services suffer.

How to detect and prevent synthetic identity fraud

While synthetic identity fraud is notoriously difficult to track, the following solutions can help financial institutions stay one step ahead and mitigate risk effectively:

• Identity verification: Verifying government-issued ID documentation must be an essential step when onboarding new users. The documentation should also be periodically reviewed to ensure updated versions are requested and obtained throughout the customer account’s lifecycle.

• Machine learning: Fraud detection solutions that utilize identity clustering and other machine learning algorithms can identify networks of accounts that are acting in tandem. This gives firms dual protection, catching accounts that look similar regarding data but act differently and accounts that act similarly but have varying sets of personal information. 

• Biometric authorization: This type of authorization utilizes technology to validate a customer’s biological characteristics. Usually, it involves verifying a customer’s facial image or fingerprint, thus creating an added layer of protection and security.

• Transaction monitoring: Reviewing and analyzing transactions for behavior that is inconsistent with the customer’s risk profile can alert compliance teams to potential instances of synthetic identity fraud. A good transaction monitoring solution should be configurable, allowing compliance staff to deploy rule sets that screen for specific patterns indicative of different fraud types. 

• Digital footprint analysis: Digital footprints can be used to assess a customer’s intentions by enriching data they have provided, such as an email address or phone number. The absence of an online footprint could point to fraud, as it is estimated that 98 percent of fraudsters create new email accounts to match the stolen card details they are trying to use.

Combat synthetic identity theft with AML solutions

Legacy fraud and compliance solutions typically work on a reactive basis, responding once a crime has been committed. By contrast, to tackle synthetic ID, teams need tools that are proactive – while not negatively impacting the customer experience.

Because the created accounts tend to behave like normal accounts, fraud detection software with weak know-your-customer (KYC) components may not flag anything as suspicious. Rather, firms should prioritize implementing a sophisticated customer screening and transaction monitoring solution that utilizes artificial intelligence to detect and track changes in customer behavior in real-time.

Awareness of the threat of synthetic identity fraud is growing but a clear, cohesive direction is needed from the industry. To improve rates of prevention and detection, the fraud landscape needs to work together, tracking trends and sharing data.