The term identity fraud (also known as identity theft) was first used in the mid-1960s. It involves the unauthorized use of another person's personal information, which is then shared with others and/or used for financial gain.
Identity fraud was easier to get away with in the pre-internet era. Criminals primarily targeted personally identifiable information (PII) of individuals who were or felt limited in their ability to file a formal complaint with the authorities. For instance, criminals often stole the PII of people who were recently deceased. Over the next few decades, criminals improved their methods of collecting PIIs by evolving from being dumpster-divers to being spammers.
Synthetic identity fraud uses fake PII to create new credit profiles, pump-up credit scores, and buy (aka steal) goods and services. There are two main variations, but it always starts with the social security number (SSN). A new credit file must be "planted" into the credit bureau system to commit synthetic fraud, and that requires an SSN not previously in the system.
The most common method involves using a child's or infant's inactive SSN and substituting a real adult's name to apply for credit. Another method involves creating a completely fake SSN and a fake name to go with it. One contributing factor to synthetic fraud was introduced in 2011 when the Social Security Administration began randomizing SSNs. It sought to provide higher safeguards for the public, but ultimately backfired because:
Unlike traditional identity fraud in which an entire identity is stolen and used to defraud enterprises and consumers, synthetic fraud has no specific consumer victim. That can sound like a good thing, but not for financial institutions that chase fictitious identities until they must write off the uncollectible credits as losses. Sometimes, the presence of consumer victims, albeit unfortunate, can help catch the true perpetrator. The lack of a clear victim presents two challenges for financial institutions:
In May 2018, the Economic Growth, Regulatory Relief, and Consumer Protection Act was passed. It includes a provision directing the SSA to facilitate the verification of SSNs, upon request by a certified financial institution. The implementation, however, has been slow.
Recently, the Federal Reserve developed a synthetic identity fraud mitigation toolkit,2 which offers information about fraud detection technology and data sharing. It also discusses the value of fraud information sharing within the industry to help fight synthetic identity fraud.
RMSG agrees with the Fed that combating synthetic fraud should not be done in a silo. It calls for an effective way to pull information from a variety of databases, both public and proprietary. We also encourage our clients to compare a broader range of data points to identify anomalies and inconsistencies. Our research in this subject revealed that the most telltale sign of a synthetic profile when compared to a real profile is that real people tend to leave behind more diverse data trails - a random collection of activities that seem to occur naturally.
Real people change addresses, phone numbers, and e-mail accounts. Their Facebook or Instagram feeds connect with family and other real people. They engage with both public and private entities, whether applying for a loan, buying real estate that leaves a public record, buying a car, etc. Plus, as they age in real time, the data trail of a real person tends to grow more consistent, so the same basic information shows up in multiple places.
The results of our analysis have consistently revealed that when compared with multiple broader data points, the information connected with synthetic identities tends to be either strangely inconsistent or overtly consistent. The data does not match up or change as it should if it were a real person. Also, detecting synthetic identities entails looking at more than a single factor, like the length of credit history. Aggregating multiple data sets and connecting multiple customer characteristics can help defend against synthetic identity fraud.
If you have questions on this subject or are interested in learning more about how we can assist, please reach out to our consultants at RMSG.