A new frontier of fraud: synthetic identity theft

Something scary is happening. It is already all around us, in fact. It’s part machine, part man, and here to inspire organizations to open its doors and welcome it. It’s… synthetic impersonation!

Granted, it’s not as dramatic as cyborgs, but these fraudulent identities – combining details of real people with made-up information – are still a source of concern for financial and payment service providers.

Synthetic spoofing is already a problem…

In 2020, financial institutions lost $20 billion to synthetic identity theft. This type of fraud can take all kinds of forms: bogus car loan applications, Buy-Now-Pay-Later (BNPL) fraud, and refund fraud are all problems today – in 2020, these loan applications deceptive cars have increased by an alarming 260%. . And applications for using synthetic fake identities made in part of stolen information to defraud businesses and harm victims whose information has been stolen go far beyond these examples.

To help raise awareness of this rapidly growing type of fraud, the Federal Reserve released an explanatory video about it in February of this year. They cover what constitutes synthetic identity fraud, the areas in which we have seen it appear, and the fact that these synthetic identities are also used to launder money, finance terrorism, or facilitate criminal activity. The impact of synthetic identity fraud is significant, and it’s already here.

…and it will only get worse

The Aite-Novarica Group estimates that synthetic identity fraud for U.S. unsecured credit products is expected to grow from $1.8 billion in 2021 to $2.42 billion in 2023. It also found that, in a survey of top fraud perpetrators, “synthetic identities resulting from on-demand fraud” as the number one threat they are most concerned about in the near future.

Not only will the prevalence of this type of fraud increase, but the sophistication with which fraudsters will attack financial and payment institutions will also increase. Just as phishing attacks have evolved from the “pay in advance” scams we often use as a punchline today for their obviousness to a pervasive threat affecting 81% of organizations, those that aim to trick systems with identities synthetics are only going to get more creative with how they enact these attacks.

Here’s what we can do

What makes combating synthetic spoofing so difficult is the elusiveness of the perpetrator. The mix of real and fake data is very difficult to track, and it’s easy for businesses and law enforcement to get frustrated with the process of tracking down the fraudster. Worse still, many of these criminals play the long game and keep a low profile by taking loans smaller than the eyebrows, paying their bills on time and avoiding easy detection. It can feel like blowing the wind trying to investigate these people.

This therefore leaves preventative measures as the most effective way to combat synthetic identity fraud. Stop bad actors before they can even get in the door. Preventive blocking of this type of fraud is difficult, but becomes easier when identity data can be used.

Given the steps that synthetic identity fraudsters have taken in advance (paying utility bills, opening bank accounts) to legitimize these false identities, the static data normally used to prevent breaches is not effective. Real-time data that creates user profiles to determine in-the-moment identity verification behaviors, when implemented at the time of account creation or login to a financial portal or payment methods, make it much more difficult for synthetic identity theft to succeed. Historical information about the user’s online behavior activity is continually collected in these types of systems, making it increasingly difficult for someone to pretend they are someone they are not. is not unreported. The very absence of any historical activity on an email address used on a wide range of websites and apps – normal behavior for legitimate online users – clearly indicates that this identity is more likely to be fraudulent.

It is simply too expensive and cumbersome for potential fraudsters to pass these checks; the number of different websites, the variety of activities and the time it takes to convince these systems that they are a real person is way too expensive.

Stay one step ahead

Large-scale identity intelligence is the key to implementing effective preventive measures against synthetic identity fraud. Real-time data (rather than stagnant data) based on a billion or more daily activities, feeding into an identity check when needed, can be extremely effective in keeping these cyborg identities out of places where they might cause damage. This protects businesses from financial harm as well as ordinary people whose identity or personal information has been compromised.

Comments are closed.