What is “Synthetic” Identity?

by | Jul 17, 2022 | New Identity

Using a synthetic identity makes anyone practically invisible, unable to identify who is behind the synthetic ID.

That’s not a trick question; it’s the problem investigators of synthetic identity fraud (SIF) must deal with.

SIF is a relatively new type of identity theft in which criminals combine pieces of accurate personal data with fake information to create a whole new identity that’s almost impossible to track down.

SIF is different from traditional identity fraud, which is when someone steals and uses someone else’s real identity. Instead, SIF criminals start with one piece of accurate personal information, usually a Social Security number.

“Everything’s fake.”

Then, they build a fake identity around it by making up a fake address, phone number, and other essential information. Fraudsters then use fake identities to open credit lines, get auto loans, or trick government agencies into getting their hands on tax returns and benefits.

No one knows how much money is being lost to SIF, but a 2018 study by the advisory firm Sanford Research found that U.S. credit card accounts lost $820 million to SIF in 2018, and losses are expected to rise to $1.25 billion by 2020.

Other estimates say that credit losses could be as high as $6 billion to $8 billion, and that’s not even counting the untold millions of dollars that victims of this new breed of cybercriminals lose in time and stress. At the federal level, the Department of Justice got $3.7 billion in settlements and judgments under the False Claims Act in 2017. However, the AARP says that Medicare alone lost $60 billion to different types of fraud in 2017.

What’s going on?

A number of factors have combined to make modern government and financial systems more likely to be affected by SIF.

First of all, SIF is being driven partly by improvements in the security of physical credit cards. Ironically, people who work to stop fraud are used to it. Since debit and credit cards now have EMV chips, it is harder for thieves to commit fraud in person. Instead, they are coming up with more and more clever ways to steal money online.

Next, the move to digitize almost all financial transactions, including government benefits, has given cyber thieves both a chance and a temptation.

It is much easier to pretend to be someone else online than in person, especially if the “person” is just a set of data points. Banking, credit, and government agencies only look at a few critical pieces of information to figure out who someone is, and thieves make them look natural.

Lastly, a record number of data leaks in all parts of the economy have given criminals access to more personal information than ever before. According to the Identity Theft Resource Center, there were 1,579 data breaches in 2017.

These breaches exposed almost 179 million personal records, including 14.2 million credit card numbers and 158 million Social Security numbers. Many of these records are now on the Dark Web, where they are sold to anyone willing to pay, just like any other good.

How does SIF work?

Fraudsters start SIF by stealing real Social Security numbers from people who aren’t using their credit, like children, homeless people, or people who have recently died. They then use fake addresses, phone numbers, and even social media accounts to create a synthetic identity or thousands of them. Then comes the real trick.

Thieves start applying for credit online with these fake names, even though they know they will be turned down because no credit history is attached to the terms.

The trick is that you can start a credit history just by applying for credit. At some point, a lender will give the con artist a small line of credit, like $500 to $1,000.

“This is how we do it.”

Fraudsters then make small purchases over a few months and pay off the balance to improve their credit score and get more generous lines of credit. When their credit limit gets big enough, between $10,000 and $15,000, the scammers “bust out” by suddenly using up all their credit and leaving.

“These criminals are smart and willing to play the long game and set up a Synthetic identity,” says Robert Davis, a digital identity expert who works in Strategic Intelligence for Salusgard, an industry leader in mobile security solutions for financial institutions. “They are patient and know how to use holes in the system to their advantage.”

In an SIF scam, criminal gangs might take up to a year or two to compile a list of fake identities before they pull the trigger. While pretending to be real credit customers, fraudsters have plenty of chances to take advantage of how real they seem in other areas, like auto loans, health care, and government benefit programs.

Synthetic fraudsters use the Social Security numbers of children because it could be 10 or 15 years before the child finds out that their credit was hacked.

“Try to get us if you can.”

Why is it so hard to catch people who use SIF?

There are many reasons for this, but one of the biggest is that fraud detection is hard. Dennis Lormel, who used to be the head of the FBI’s Financial Crimes Program and is now a financial crimes consultant, says that compliance and fraud investigators tend to be reactive. “We don’t look into fraud until it happens. We’re really behind the curve when it comes to SIF because we need to be proactive to stop it.”

Lormel thinks this will change as the banking and credit industries change their practices to make SIF harder.

Right now, government programs are only responsible for a small amount of fraud related to fake identities. Lormel says, “Criminals are always changing, and the government is a fraudster’s dream.” “

All entitlement programs are in danger, but healthcare is especially so. So are tax returns and programs to help people. If you can make a fake ID and set it up to get refunds or benefits early, which is precisely what the system is designed to do, you have the makings of a fraud that can last. Lormel says that SIF hasn’t been used more often to cheat the government because credit fraud is much more profitable, at least for now.

How to deal with Synthetic identity

To prevent SIF from becoming an even bigger problem, changes must be made to how financial and government institutions verify people’s identities and how technology is used to store and share personal information.

In January 2018, Lormel spoke before the U.S. Senate Banking Subcommittee on National Security, International Trade, and Finance. He urged government officials to make it easier for government agencies and departments, financial institutions, and the private sector to share information with each other.

Lormel says, “We need to get better at using artificial intelligence and data mining everywhere to find patterns of behaviour that don’t make sense or are suspicious.” “Government agencies need shared databases to check information like Social Security numbers against other data sets. Everything is closed off right now, and criminals take advantage of that.

2011, for example, the Social Security Administration started randomizing Social Security numbers.

This meant that the first three digits of a Social Security number no longer had any meaning regarding location. This was done so that the nine-digit SS system could be used longer.

However, without the geographic identifier, it is much easier for a criminal to make a fake ID with contact information that looks like it came from a real ID. To find possible SIF, you need to be able to look past these essential pieces of information and find patterns of behaviour that “real” people have but that are usually missing from a synthetic ID profile.

Put to use

For example, “real” people have rental histories, legal issues, family ties, passports, DMV records, extended social media profiles, etc., but a synthetic ID profile doesn’t have these things.

Salusgards Davis says that “behavioural biometrics” would help agencies get a more complete and accurate picture of a person’s identity. “The big problem is that all the pieces that makeup “you” as an individual are held in different places,” he says, adding that a better system would be able to “analyze and compare contexts and behaviours” to determine whether a person is who they say they are.

Davis says, “You need as much information as possible to look for gaps in the data and get a complete picture of a person’s identity.” He says combining this ability with other unique identifiers, like biometrics (eye scans, fingerprints), dedicated personal devices (like a cell phone), or unique biographical details, would add an extra layer of identity assurance because these identifiers are hard to copy.

Technology and being on guard

New technologies like blockchain promise to build a foolproof, unhackable system of personal identification in the future.

However, it will be a long time before all levels of government use these technologies.

Lormel says, “We are way behind on Synthetic identity.” “All government agencies need to update and improve their technology,” he says, adding that people must be taught to be more careful at the state and local levels.

Other holes in the system need to be fixed, and agencies need to work together to create a much more robust environment for running the government’s business.

Davis believes governments and institutions need to consider the problem throughout the user journey. “Even if you solve the SIF problem, you might be pushing other types of fraud into other channels,” in the same way that chip-enabled credit cards led to SIF.

Between now and then, neither Lormel nor Davis thinks a “top-down” approach is enough to fight Synthetic identity. People need to be more aware of how dangerous SIF is and learn how to protect themselves by freezing their child’s credit and checking their credit reports regularly for any strange activity.

SIF may be the type of fraud growing the fastest in the country, but it is far from the only one.

“People need to assume that all of their information has already been stolen,” says Davis, because data breaches happen every day, and it likely has.

Contact Amicus International for information on how to obtain a legal new identity.