The Invisible Threat of Synthetic Identity Fraud
Using a synthetic identity makes anyone practically invisible, making identifying who is behind the synthetic ID difficult. This isn’t a trick question; it’s a problem investigators of synthetic identity fraud (SIF) must deal with. With synthetic identities, fraudsters can create personas that seem legitimate but are entirely fabricated. These identities blend real and fake information, making detection and prevention a significant challenge for authorities and financial institutions.
Complexity of Synthetic Identities
The sophistication of synthetic identities lies in their partial authenticity. Fraudsters typically use a genuine Social Security number, often belonging to children, deceased individuals, or people who don’t actively use their credit. They combine this accurate information with fabricated details, such as fake names, addresses, and phone numbers. This mix of authentic and counterfeit data creates a synthetic identity that can pass many traditional verification checks.
Difficulty in Tracking
Traditional fraud detection methods focus on identifying inconsistencies or red flags in personal data. However, synthetic identities often avoid these triggers because they include accurate, verifiable information elements. This makes it nearly impossible for standard systems to distinguish between legitimate and synthetic identities. For instance, a Social Security number might be accurate, but it’s paired with a made-up name and address. These synthetic identities can exist in the system for years, building credit and seeming completely legitimate until the fraudsters decide to “bust out.”
Impact on Victims
Victims of synthetic identity fraud face unique challenges. Children whose Social Security numbers are used might not discover the fraud until they are older and begin applying for credit. This delayed discovery can complicate their financial futures, as they must prove that their credit history is fraudulent. Deceased individuals’ identities are also targeted, creating additional grief and legal complications for surviving family members.
Financial Institutions and Government Agencies
Financial institutions and government agencies struggle to keep up with synthetic identity fraudsters’ evolving tactics. Their reliance on data points such as Social Security numbers, credit histories, and personal information for verification means that as long as these elements appear legitimate, synthetic identities can slip through the cracks. Moreover, data breaches and the widespread availability of personal information on the Dark Web exacerbate the problem, providing fraudsters with ample resources to craft convincing synthetic identities.
Legislative and Technological Responses
Combating synthetic identity fraud requires a multi-faceted approach. Legislative measures must be updated to address the nuances of synthetic identities. Financial institutions need to adopt more advanced technologies for identity verification. This includes utilizing artificial intelligence and machine learning to detect unusual patterns and behaviours that might indicate synthetic fraud. Additionally, there’s a need for greater collaboration and information sharing between private and public sectors to identify and prevent synthetic identity fraud effectively.
Public Awareness and Education
Public awareness and education are crucial in the fight against synthetic identity fraud. Individuals should monitor their credit reports and protect their personal information. Parents, in particular, must be aware of the risks to their children’s Social Security numbers and take proactive steps to safeguard their identities. Simple measures, such as regularly checking credit reports and using credit monitoring services, can help detect and mitigate the impact of synthetic identity fraud.
What is Synthetic Identity Fraud?
SIF is a new type of identity theft in which criminals combine real personal data with fake information to create an almost impossible-to-track-down identity. It differs from traditional identity fraud, where someone steals and uses another person’s real identity. Instead, SIF criminals start with one piece of accurate personal information, usually a Social Security number.
“Everything’s fake.”
How Fraudsters Create Synthetic Identities
Gathering Real Information
Fraudsters start SIF by stealing real Social Security numbers from people who aren’t using their credit, like children, homeless individuals, or recently deceased persons. They then use fake addresses, phone numbers, and social media accounts to create synthetic identities.
Building a Fake Identity
They build a fake identity by making up a fake address, phone number, and other essential information. Fraudsters use these fake identities to open credit lines, get auto loans, or trick government agencies into granting tax returns and benefits.
The Cost of Synthetic Identity Fraud
Financial Losses
The exact amount of money lost to SIF is unknown. However, a 2018 study by Sanford Research found U.S. credit card accounts lost $820 million to SIF in 2018. Losses are expected to rise to $1.25 billion by 2020. Other estimates suggest credit losses could be as high as $6 billion to $8 billion. This doesn’t include the untold millions of dollars victims lose in time and stress.
Government Impact
At the federal level, the Department of Justice obtained $3.7 billion in settlements and judgments under the False Claims Act in 2017. However, the AARP reports that Medicare alone lost $60 billion to different types of fraud in 2017.
Factors Contributing to the Rise of SIF
Improved Security of Physical Credit Cards
Firstly, SIF is partly driven by improvements in the security of physical credit cards. Ironically, people who work to stop fraud are accustomed to it. Since debit and credit cards now have EMV chips, it’s harder for thieves to commit fraud in person. They are coming up with more clever ways to steal money online.
Digitization of Financial Transactions
Secondly, the move to digitize almost all financial transactions, including government benefits, has given cyber thieves both an opportunity and a temptation. It is much easier to pretend to be someone else online than in person, especially if the “person” is just a set of data points. Banking, credit, and government agencies only look at a few critical pieces of information to identify someone, and thieves make them look natural.
Data Breaches
Lastly, many data breaches in all parts of the economy have given criminals access to more personal information than ever before. The Identity Theft Resource Center reports there were 1,579 data breaches in 2017. These breaches exposed almost 179 million individual records, including 14.2 million credit card numbers and 158 million Social Security numbers. Many of these records are now on the Dark Web, sold to anyone willing to pay.
How Synthetic Identity Fraud Works
Fraudsters start SIF by stealing real Social Security numbers from people who aren’t using their credit, like children, homeless individuals, or recently deceased persons. They then use fake addresses, phone numbers, and social media accounts to create synthetic identities. The real trick is applying for credit online with these fake names, knowing they will be turned down due to no credit history attached.
Building a Credit History
The trick is that applying for credit starts with a credit history. Eventually, a lender will grant a small line of credit, like $500 to $1,000. Fraudsters make small purchases over a few months and pay off the balance to improve their credit score and obtain more generous lines of credit. When their credit limit reaches between $10,000 and $15,000, the scammers “bust out” by suddenly using up all their credit and disappearing.
“These criminals are smart and willing to play the long game and set up a Synthetic identity,” says Robert Davis, a digital identity expert with Salusgard, an industry leader in mobile security solutions for financial institutions. “They are patient and know how to exploit system loopholes.”
The Long Game
In an SIF scam, criminal gangs might take up to a year or two to compile a list of fake identities before they pull the trigger. While pretending to be real credit customers, fraudsters can exploit their seeming authenticity in other areas, like auto loans, health care, and government benefit programs. Synthetic fraudsters use the Social Security numbers of children because it might take 10 to 15 years before the child discovers their credit was compromised.
Challenges in Catching SIF Perpetrators
Difficulty in Detection
One primary reason is the challenge of fraud detection. Dennis Lormel, former head of the FBI’s Financial Crimes Program and now a financial crimes consultant, says compliance and fraud investigators tend to be reactive. “We don’t investigate fraud until it happens. We’re behind the curve with SIF because we need to be proactive to stop it.”
Evolving Tactics
Lormel believes this will change as the banking and credit industries adapt their practices to make SIF harder. Currently, government programs are responsible for a small amount of fraud related to fake identities. Lormel says, “Criminals are always evolving, and the government is a fraudster’s dream.” All entitlement programs are vulnerable, but healthcare is mainly so. So are tax returns and assistance programs. If you can make a fake ID and set it up to get refunds or benefits early, you have the makings of a long-lasting fraud. Lormel says SIF hasn’t been used more frequently to defraud the government because credit fraud is much more profitable, at least for now.
Combating Synthetic Identity Fraud
To prevent SIF from becoming an even bigger problem, financial and government institutions must change how they verify identities and how technology stores and shares personal information.
Government and Industry Cooperation
In January 2018, Lormel spoke before the U.S. Senate Banking Subcommittee on National Security, International Trade, and Finance. He urged government officials to make sharing information more accessible for government agencies and departments, financial institutions, and the private sector.
Lormel says, “We need to improve using artificial intelligence and data mining to find suspicious behaviour patterns.” “Government agencies need shared databases to cross-check information like Social Security numbers with other data sets. Currently, everything is siloed, and criminals exploit that.”
Technological Advancements
For example 2011, the Social Security Administration started randomizing Social Security numbers. This meant that the first three digits of a Social Security number no longer had any geographic meaning. This change was intended to extend the lifespan of the nine-digit SS system. However, without the geographic identifier, it’s much easier for a criminal to create a fake ID with contact information that appears legitimate. To identify potential SIF, one must look beyond these essential pieces of information and identify behaviour patterns that “real” people have but are usually missing from a synthetic ID profile.
The Role of Behavioral Biometrics
For example, “real” people have rental histories, legal issues, family ties, passports, DMV records, and extensive social media profiles, which a synthetic ID profile lacks.
Salusgard’s Davis suggests that “behavioural biometrics” would help agencies get a more accurate picture of a person’s identity. “The big problem is that all the pieces that make up ‘you’ as an individual are held in different places,” he says, adding that a better system would be able to “analyze and compare contexts and behaviours” to determine if a person is who they claim to be.
Combining Identifiers
Davis says, “You need as much information as possible to look for gaps in the data and get a complete picture of a person’s identity.” Combining this ability with other unique identifiers, like biometrics (eye scans, fingerprints), dedicated personal devices (like a cell phone), or unique biographical details, would add an extra layer of identity assurance because these identifiers are hard to replicate.
The Future of Personal Identification
New technologies like blockchain promise to build a foolproof, unhackable system of personal identification in the future. However, it will be long before these technologies are widely adopted at all government levels.
Lormel says, “We are way behind on Synthetic identity.” “All government agencies need to update and improve their technology,” he says, adding that people must be educated to be more vigilant at the state and local levels.
Addressing System Gaps
Other system gaps must be addressed, and agencies must collaborate to create a more robust environment for conducting government business.
Considering the User Journey
Davis believes governments and institutions must consider the problem throughout the user journey. “Even if you solve the SIF problem, you might be pushing other types of fraud into other channels,” similar to how chip-enabled credit cards led to SIF.
A Comprehensive Approach to Fighting SIF
In the meantime, neither Lormel nor Davis thinks a “top-down” approach is sufficient to combat Synthetic identity. People must be more aware of SIF’s dangers and learn to protect themselves by freezing their child’s credit and regularly checking their credit reports for suspicious activity.
Personal Vigilance and Proactivity
SIF may be the fastest-growing type of fraud in the country, but it is far from the only one. “People need to assume that all of their information has already been stolen,” says Davis, because data breaches happen daily, and it likely has.
Contact Amicus International for information on how to obtain a legal new identity.
If you would like to work with a professional team that can help make your transition to a life of freedom, contact Amicus Int. for New Identity services today.