Synthetic Identity Fraud: Strategies for Spotting Fakes

Trulioo
The RegTech Hub
Published in
5 min readSep 26, 2024

Bad actors are increasingly turning to synthetic identity fraud to commit financial crimes.

Synthetic identity fraud involves creating an identity by combining fake information with actual ID data. For example, a fraudster could pair a real Social Security number with a fake address and other synthetic data points.

The fraudster can then use the fake identity to acquire a driver’s license, passport or credit cards.

There are a few different categories of synthetic identity fraud.

  • Manipulated Synthetics — A real person’s data is modified to create variations of that identity
  • Frankenstein Synthetics — The data represents a combination of multiple real people
  • Manufactured Synthetics — The identity is completely synthetic

A multifaceted approach to detecting synthetic identities that integrates advanced technologies can form the foundation of a sound fraud prevention strategy.

The Fastest-Growing Financial Crime

The prevalence of large-scale customer data leaks and cybersecurity breaches makes it easier for fraudsters to access personally identifiable information (PII) and create synthetic identities.

The Identity Theft Resource Center, for instance, reported 353 million U.S. customer records were exposed through data compromise in 2023. Savvy fraudsters use that personal information to take advantage of anyone they can.

There is no limit to the targets. Fraudsters often use children’s Social Security numbers to apply for government benefits, open accounts or apply for loans. Children are popular identity theft targets because the crime can go undetected for years, often until they first check their credit score.

Once people discover the fraud, they often must go through the difficult, time-consuming process of rebuilding their credit.

Credit Bust-Out Fraud

Synthetic identities are often used to open new accounts. The identity data is reusable, so it becomes a tool for application flooding, which is an attempt to open a large number of accounts.

Fraudsters understand it’s a numbers game and many accounts will be rejected. But it takes only one fraudulent account to do damage.

To maximize returns, synthetic fraudsters can play a long con in the form of credit bust-out, or sleeper, fraud. That involves a fraudster establishing a normal pattern and solid repayment history to build up a credit line and acquire more cards and higher credit limits. Then fraudsters bust out charges by maxing all the cards with no intention of repaying.

Identify and Mitigate Synthetic Identity Fraud

Businesses can take steps to limit synthetic identity fraud. Just as data is the key to creating a synthetic identity, it’s also a powerful defense. Initial Know Your Customer (KYC) checks are an obvious starting point because they’re often a compliance requirement.

But if fraudsters can find gaps in KYC protocols, they can use synthetic identities to open accounts that can go undetected for years. Synthetic identities also can have strong credit scores, further complicating fraud prevention efforts because the profile raises fewer red flags.

A risk-based approach to identity verification can help organizations overcome that challenge by creating more security hurdles for fraudsters. That approach, combined with verification checks against multiple data sources, can increase the likelihood of spotting potential fraud.

The U.S. Federal Reserve, in its “Current Trends: Mitigating Synthetic Identity Payments Fraud” report, underscores the importance of that approach.

“Organizations that leverage a multi-layered approach that employs both manual and technological data analysis have the best chance to identify and mitigate fraud caused by synthetics, according to industry experts,” the report noted.

In the U.S., for example, organizations can access the electronic Consent-Based Social Security Number Verification Service to check whether Social Security numbers, names and birth dates match.

Multisource Verification Provides Holistic Fraud Intelligence

Organizations can access a broad range of data points to defend against synthetic fraud. Those include:

  • IP address
  • Physical location
  • Social media information
  • Mobile identifiers

Biometrics, such as facial recognition technology, serves as another tool to strengthen identity verification. Liveness detection then ensures the biometric data is from a real person.

Organizations also can add a defense layer through fraud analytics to spot suspicious patterns without affecting the customer onboarding experience. Similarly, velocity checks can monitor the speed and frequency of transactions to identify unusual patterns that may indicate fraud.

Link analysis processes, which analyze the connections among different identities and data, can serve as another shield against synthetic identity fraud. The process can spot fraudulent patterns such as when different identities use the same address or Social Security number.

Synthetic Identity Prevention Workflow Model

The following model, backed by advanced technology, can help organizations create a robust defense against synthetic identity fraud.

Customer Onboarding

  • Collect and verify identity information
  • Use document verification and biometrics

Real-Time Screening

  • Cross-reference data with multiple sources
  • Implement machine learning models for real-time anomaly detection

Transaction Monitoring

  • Continuously monitor account activities
  • Employ behavioral analytics to detect suspicious patterns

Adaptive Verification

  • Adjust verification levels based on risk assessment
  • Require additional checks for high-risk transactions

Ongoing Compliance

  • Regularly review and update compliance measures
  • Conduct periodic audits and assessments

Adaptable Systems Can Counter an Evolving Threat

Organizations can mount a strong defense against synthetic identity fraud by taking a broad view of the data and adapting quickly as new sources become available.

Interpreting that data often requires cutting-edge AI and machine learning. Machine learning algorithms can identify anomalies that indicate synthetic identity fraud, and AI can analyze behavioral data and flag unusual activity.

Synthetic identity fraud is a growing threat to businesses. But when organizations apply the right blend of internal policies, data and technology, they position themselves to stop fraud before it can cause damage.

White Paper

The Digital Identity Crisis

Learn how businesses can apply layered, agile identity verification that allows for real-time adjustments to emerging threats.

Originally published: March 2017, updated to reflect the latest industry news, trends and insights.

--

--

Trulioo
The RegTech Hub

We deliver one platform designed to make it easier to onboard customers, drive growth and open the global economy for all.