3 Tips for Banks to Catch Synthetic ID Fraud

Synthetic identity fraud (sometimes called synthetic fraud, synthetic identity theft, or synthetic ID fraud) is a financial crime that goes beyond conventional identity theft. It’s a particularly troublesome type of fraud that is rising in the U.S. and causing heavy losses for banks. Many victims only learn their personal information has been misused when they apply for loans or credit cards. 

This type of fraud is like a virus that attaches itself to a host, sitting dormant until the fraudster makes their next move. Here’s everything you need to know about synthetic identity fraud.

What is Synthetic ID Fraud?

Synthetic identity fraud is different from other types of identity fraud. Other identity frauds involve accessing a legitimate customer’s existing account or opening an account in someone else’s name. Fraudsters commit synthetic identity fraud by building a fictitious identity using either a real person’s or several people’s personally identifiable information (PII). This includes social security numbers (SSN), home addresses, phone numbers, and more. They can also use a combination of real and fake information to build a completely new persona.

Years of data breaches have left millions of PII records exposed and made personal consumer data widely accessible to fraudsters. The availability of compromised PII also makes it easier than ever for fraudsters to create synthetic identities. Fraudsters can access the information they need to build a fake identity through breaches or dark web purchases. 

A new report from Aite Group found synthetic ID fraud cost U.S. banks $1.8 billion in 2020 and is on track to cost banks $2.4 billion by 2023. Meanwhile, a whitepaper from the U.S. Federal Reserve Bank of Boston attributed 20% of financial institutions’ (FIs) credit losses to synthetic identity fraud as recently as 2016. And the U.S. isn’t alone. A recent survey found 78% of banks in the Asia Pacific (APAC) region have experienced a rise in fraud losses following the launch of real-time payment systems in the region, including Hong Kong’s Faster Payments System (FPS) and Australia’s New Payments Platform (NPP). Two out of five APAC banks identified social engineering – a type of fraud in which fraudsters impersonate a CEO or high-level company executive to coerce or trick a lower-level employee into transferring money or paying a fake invoice – as the most common type of fraud attack. 

Synthetic Fraud in Two Steps

Fraudsters tend to use two key methods to commit synthetic ID fraud: manipulation and manufacturing. 

Manipulation

Fraudsters can tweak a real person’s PII to build their fake identity. For example, changing a customer’s name from “Robert” to “Bob,” changing a birthday, or hyphenating a last name. These subtle changes give the appearance that the fake identity is legitimate and is hard to detect.

Manufacturing

Sometimes fraudsters use different identifiers from multiple people by combining one person’s SSN with another person’s address and yet another person’s date of birth, and so on. Sometimes they’ll also throw fake information into the mix or create a fake social media account to give the appearance of legitimacy. This mixing and matching of various identifiers is sometimes known as a “Frankenstein identity.” 

The 3 Ps: Piggybacking, Profits, Pollination

Fraudsters’ first priority after building a synthetic identity is to legitimize the identity. From there, they seek to use the synthetic identity to turn a profit. Here are three ways they do that.

Piggybacking

Piggybacking prepares the fraudster for profit. They “piggyback” onto a legitimate user’s bank account or credit card. If they can add themselves as an authorized user – sometimes money mules – they can simply sit back and patiently watch as their credit history for their fake profile improves. 

Profits

Fraudsters are ready to profit after they create a fake account and piggyback their way to a strong credit score. The easiest way to do this is to use their strong credit scores to open credit cards and apply for loans they have no intention of paying back. This is sometimes referred to as a “bust-out.” Banks often write these off as credit losses.

Pollination

Fraudsters want to maximize the value of their synthetic IDs. A process known as “pollination” is one of the most effective ways to do this. Fraudsters have two key avenues available for pollination. First, they can use the fake identity to maximize profit and cash out as soon as they have the opportunity. Second, they can use one fake identity to build legitimacy for other fake identities that have in rotation. Fraudsters can build an arsenal of fake identities to use for scams to widen their opportunities for profit.

Synthetic IDs, Real Consequences

Sadly, synthetic ID fraud deals significant harm to society’s most vulnerable groups, including the elderly and homeless individuals who are less likely to interact with financial services. Fraudsters also frequently pillage deceased people’s credentials.

Minors also face the long-lasting consequences of synthetic identity fraud. A child’s SSN has a fresh history and is of high value to fraudsters. What’s more disturbing is that it’s only gotten easier for fraudsters to exploit U.S. minors’ social security because of a 2011 switch to a system of randomization that made it easier for fraudsters to exploit SSNs. 

The fallout from a fraudster’s synthetic ID scam has a long-lasting impact on a young person’s future. When minors grow up and apply for student loans, credit cards, or jobs, they’ll find their credit history compromised. Parents concerned about such scenarios can put a freeze on their kids’ credit scores using free services from major bureaus.

3 Tips for Banks to Stop Synthetic ID Fraud

Synthetic fraud poses a significant challenge to both banks and consumers. Banks need to look closely to find the synthetic identities hiding among legitimate customers. Here’s how to do it: 

Tip 1: Re-think your burden of proof

Fraudsters are counting on banks to make onboarding and application processes more seamless. That’s why it’s time to think about making it more challenging for applicants to provide proof of their identities and income by adding an acceptable layer of friction to the process. Banks can implement step-up levels and friction layers that make more lucrative transactions a burden for fraudsters but keep the majority of operations seamless and friction-free for their trustworthy customers.

Tip 2: Look at data horizontally and vertically

A loan application might look legitimate at first glance. But looking only at the information provided to you is a horizontal view of the applicant’s data. It pays to take another, vertical view of the applicant by reviewing additional data sources. Checking a variety of data sources can reveal whether the applicant’s name has been used in a different account or if the provided phone number is linked to someone who lives in another part of the country. 

Tip 3: Watch for anomalies in the data

Keep a close eye on shifts in behaviors for things that just don’t add up. For example, there’s nothing suspicious about an individual with good credit from a specific zip code applying for a loan. But if the volume of applicants from the same location has suddenly shot up in the past year from a few hundred to several thousand, that’s a sign that something is wrong. Checking the data thoroughly can also determine if multiple applications with different names are originating from the same location or using the same electronic device. Control reporting helps banks monitor their application rates to see whether they are being attacked by comparing activity to normal, default rates. 

Synthetic ID fraud is a virus that is rapidly spreading because it’s both easy and profitable for fraudsters. It’s time for banks to look deeper into their data to protect themselves from these financial fakes.

Discover actionable tips for reducing fraud. Download our how-to guide, Becoming Preventative vs. Reactionary: Early Risk Detection for Account Takeover Mitigation.