What is Synthetic identity theft and how is it different from traditional identity fraud?

• Unlike the traditional, synthetic identity fraud involves fraudsters creating a whole new identity by combining real (usually stolen) and fake information.
• The fraudsters can use the identity to open fraudulent accounts and make fraudulent purchases.

Synthetic identity theft is one of the fastest-growing fraud attacks in the United States of America. According to the recent white paper by The Federal Reserve, it has been found this type of fraud has cost the country’s lenders $6 billion in 2016. Apparently, 85%-95% of applicants identified as potential synthetic identities are not flagged by traditional fraud models.

What is synthetic identity theft?

Synthetic identity theft is a type of fraud where a fraudster creates a new identity to commit fraud in one or the other form. There are several ways to execute this attack:

• Identity fabrication - creating a completely fictitious identity which does not have any real PII;
• Identity manipulation - Manipulating the real PII to create a new identity;
• Identity compilation - Using a combination of real and fake PII such as false driver’s license to form a new identity.

Difference between traditional and synthetic identity frauds

Traditional identity fraud can be carried out in two ways:

• The fraudsters pretend to another real person in order to use his or credit card; or
• A real person can use valid information to set up fraud accounts and obtain credit.

Unlike the traditional, synthetic identity fraud involves fraudsters creating a whole new identity by combining real (usually stolen) and fake information. The fraudsters can use the identity to open fraudulent accounts and make fraudulent purchases.

What is its impact?

Synthetic identities can be used to deceive the government or corporate systems into thinking they are real people. This fraud attack can impact business entities across different sectors such as financial systems, healthcare industry, government entities, and individual consumers.

The fraudsters usually commit system identity fraud using PII stolen from previous data breaches. Between 2017 and 2018, the volume of PII exposed in data breaches was reported to be more than 446 million - which is an increase of 126% when compared to the previous year figures.

For many fraudsters, the process of launching a synthetic identity begins on the dark web, where they can purchase PII and other personal details.

How to prevent it?

Synthetic identity theft can be addressed by:

• Keeping your Social Security card and other sensitive documents that contain the number safe and secure; If you are discarding any documents which contain your personal information, be sure to shred them. The same goes for bank accounts, credit cards, and tax statements.
• Being aware of phishing attempts that trick you into sharing your Social Security and other personal information.