What Is Synthetic Identity Fraud?

Key Takeaways:

In 2022, 46% of organizations encountered synthetic identity fraud, and by 2023, auto loan fraud linked to synthetic identities reached $1.8 billion. When factoring in other financial products, total U.S. lender losses soared to $3 billion. Projections indicate that this figure could rise to $5 billion by the end of 2024, highlighting an alarming trend in financial crime.

The challenge isn’t just the rising numbers—it’s the difficulty of stopping it. Unlike traditional identity theft, synthetic identity fraud doesn’t have a direct victim who reports unauthorized activity, making it extremely difficult to detect. Many financial institutions still rely on outdated fraud detection methods, leaving them vulnerable to evolving tactics. As fraudsters refine their strategies, businesses must adopt stronger identity verification and fraud prevention measures to keep up.

What Is a Synthetic Identity?

A synthetic identity is a fictitious persona created by combining real and fake information. Criminals often steal legitimate details, such as a Social Security number (SSN) or date of birth, and merge them with fabricated elements like a false name, address, or phone number. The result is an identity that appears authentic enough to pass verification checks.

Fraudsters use synthetic identities to open bank accounts, secure loans, obtain credit cards, and conduct other financial transactions without raising immediate suspicion. Because these identities seem legitimate on the surface, detecting them has become increasingly difficult.

With advancements in artificial intelligence (AI), deepfake technology, and automated fraud techniques, synthetic identity fraud is evolving rapidly. Financial institutions must strengthen their fraud detection systems to stay ahead of these sophisticated attacks.

What Is Synthetic Identity Fraud?

What Are the Two Types of Synthetic Identity Fraud?

1. Manipulated Synthetics

Manipulated synthetics involve making small changes to real personal information to trick identity verification processes. Fraudsters might alter details such as:

• Addresses
• Birthdates
• Contact information

Meanwhile, key identifiers like a Social Security Number (SSN) remain unchanged. In some cases, individuals manipulate their information to sidestep poor credit histories, but regardless of intent, this practice is considered fraud and poses serious risks to financial institutions.

2. Manufactured Synthetics

Manufactured synthetics, often referred to as “Frankenstein fraud,” involve creating an entirely new identity by combining real and fictitious data. Fraudsters typically:

• Use a legitimate SSN or birthdate
• Invent fake names, addresses, and phone numbers

In more advanced cases, criminals generate random SSNs that fall within valid ranges assigned by the Social Security Administration (SSA), even if they don’t belong to any actual person. These fabricated identities can establish credit profiles, apply for loans, and conduct financial transactions without a real individual attached—making detection extremely difficult.

How Synthetic Identity Fraud Works

Fraudsters use a calculated, multi-step process to build and exploit synthetic identities:

1. Acquiring Foundational Data: They obtain a real SSN, personal identification number (PIN), or other valid government-issued ID, often from children, the deceased, or individuals with limited credit history.
2. Fabricating Additional Information: Fraudsters create fake names, birthdates, addresses, and contact details to construct a full identity.
3. Establishing a Credit Profile: They apply for financial products like credit cards, loans, and utilities to start building a credit history.
4. Building Creditworthiness: By making small payments on time, fraudsters improve their synthetic identity’s credit score, making it appear legitimate to lenders.
5. Cashing Out: Once a strong credit profile is built, they maximize available credit by taking out large loans or making major purchases—then disappear without repaying debts.
6. Evading Detection: Fraudsters use multiple addresses, phone numbers, and false details to bypass verification systems and avoid detection.

Synthetic Identity Fraud vs. Identity Theft

While both synthetic identity fraud and traditional identity theft involve fraudulent activities, there are significant differences between the two. Traditional identity theft typically involves stealing and using an individual’s full personal information to commit fraud, whereas synthetic identity fraud involves creating a fictitious identity by combining real and fabricated details.

Below is a detailed comparison of synthetic identity fraud vs. identity theft to help better understand how each works:

Key Challenges in Combatting Synthetic Identity Fraud

Financial institutions face growing challenges in detecting and preventing synthetic identity fraud. This type of fraud thrives due to several key factors:

1. Complex Financial Systems

The interconnected nature of modern financial systems creates vulnerabilities that fraudsters exploit. Variations in identity verification standards across banks, lenders, and credit bureaus make it easier for synthetic identities to slip through detection. For example, two men in Miami used synthetic identities and shell companies to steal over $3 million from multiple banks before being caught.

2. SSN Randomization

In 2011, the Social Security Administration (SSA) randomized SSNs to improve security. However, this change unintentionally benefited fraudsters by making it harder for traditional fraud detection systems to flag suspicious numbers.

3. Exploiting Unassigned SSNs

Fraudsters frequently use SSNs belonging to children, deceased individuals, or those with little or no credit history. These unmonitored SSNs make it easier to build synthetic identities that can go undetected for years.

4. Fragmented and Inconsistent Data

Synthetic identities blend real and fabricated information, complicating detection. Traditional systems often look for inconsistencies, but fraudsters strategically mix real addresses with fake names or birthdates, making synthetic profiles harder to flag.

5. Lack of a Single Victim

Unlike traditional identity theft, synthetic identity fraud does not target a specific person. Without a single victim to report the crime, detection becomes much more difficult. For instance, in 2019, a fraud ring used hundreds of fake identities to obtain credit cards and loans, causing millions in losses for financial institutions.

6. Regulatory Gaps

Many financial regulations do not fully account for the evolving tactics of synthetic identity fraud. Fraudsters exploit loopholes in identity verification and financial reporting that were originally designed to prevent traditional fraud. Without standardized identity verification across financial institutions, criminals continue to circumvent detection and exploit regulatory blind spots.

7. Data Breaches and Stolen Information

Major data breaches fuel synthetic identity fraud by exposing personal data such as SSNs, birthdates, and financial records. The 2017 Equifax breach leaked the personal information of 147 million people, giving fraudsters a rich source of data to create synthetic identities.

8. Delayed Detection

Synthetic identity fraud can remain undetected for long periods, often until the fraudster defaults on significant loans. For instance, a group of 11 individuals in New York defrauded multiple financial institutions of $1 million before being caught.

9. Weak Identity Verification Processes

Many institutions still rely on outdated identity verification methods, such as basic SSN matching and credit history checks. Synthetic identities with valid SSNs but fabricated names often pass through automated fraud detection systems, making them difficult to flag. Without advanced fraud prevention tools like biometric verification, behavioral analytics, or AI-powered risk assessment, financial institutions remain vulnerable to these attacks.

How Financial Institutions Can Protect Themselves from Synthetic Identity Fraud

In an industry where scammers steal an average of $81,000 to $97,000 per incident before detection, proactive measures are essential. Here are strategies financial institutions can implement to combat synthetic identity fraud:

1. Enhance Identity Verification Processes

Financial institutions already utilize multi-factor authentication (MFA) to add security layers, but biometric verification offers an even stronger defense. This technology requires a customer’s physical attribute, such as a fingerprint or facial ID, making it difficult for fraudsters to bypass security measures. JPMorgan Chase is a prime example of a financial institution using MFA to prevent unauthorized access and ensure multiple security layers.

2. Implement Decentralized Identity Verification with Verifiable Credentials (VCs)

Verifiable Credentials (VCs) offer a secure and tamper-proof way to verify an individual’s identity. These digital credentials go beyond traditional methods by not only holding government-issued ID information, but also incorporating biometric data like fingerprints or facial scans. This combined approach provides a strong layer of security. Biometric data is unique to each person, making it highly effective in verifying an individual’s uniqueness. Additionally, VCs can confirm genuine presence through real-time interactions such as live video verification or real-time biometric scans. This ensures the person using the credential is truly present at the time of verification.

3. Artificial Intelligence (AI) and Machine Learning (ML) Detection

Implementing AI/ML allows institutions to detect unusual patterns and behaviors that might indicate synthetic identities. For example, HSBC has successfully used AI to improve the detection of financial fraud, resulting in increased positive alerts and a reduction in false positives. Google’s Anti-Money Laundering AI (AML AI), tested with HSBC, demonstrated these capabilities by providing risk scores based on transaction data and other relevant information, significantly enhancing fraud detection efficiency.

4. Real-Time Monitoring and Data Analysis

Real-time monitoring systems can quickly detect and respond to fraudulent activities. By utilizing data analytics tools, institutions can assess risk and continuously flag suspicious activities.

5. Education and Compliance

Regularly train employees to recognize and respond to potential fraud attempts. Educate customers about the importance of safeguarding their personal information and how to recognize phishing attempts. Regularly train employees to recognize and respond to potential fraud attempts. 

6. Strict Compliance with Regulations

Follow regulatory guidelines and industry standards for identity verification and fraud prevention. Implement Know Your Customer (KYC) and Anti-Money Laundering (AML) protocols rigorously.

How to Protect Yourself from Synthetic Identity Theft

While financial institutions are often the primary victims of synthetic identity fraud, the personal information of real individuals, such as Social Security Numbers (SSNs), is frequently exploited in these schemes. To protect yourself from identity theft that could lead to synthetic identity fraud, consider the following steps:

1. Monitor Your Credit Regularly: Utilize credit monitoring services that alert you to changes or suspicious activities on your credit report. By regularly reviewing your credit reports, you can quickly spot unfamiliar accounts or inquiries that may indicate synthetic identity fraud.
2. Freeze Your Credit: Freezing your credit with the major credit bureaus prevents fraudsters from opening new accounts in your name. A credit freeze restricts access to your credit report, making it much harder for synthetic identities to be approved for credit.
3. Watch for Unusual Activities: Stay vigilant and do not ignore mail or bills from unfamiliar sources. Receiving unexpected correspondence may signal that someone is using your personal information to create synthetic identities.
4. Protect Personal Information: Exercise caution with your personal information, both online and offline. Avoid sharing sensitive details such as SSNs, birthdates, and addresses unless it is absolutely necessary. 
5. Protect Your Login Details: Do not share your login credentials with third parties. Use strong and unique passwords for all your accounts, and consider adding an extra layer of security through multi-factor authentication (MFA) for all your online accounts.
6. Be Cautious with Social Media: Be mindful of the information you share on social media platforms. Fraudsters can gather details from your profiles to create synthetic identities. Adjust your privacy settings to limit the number of people who can view your personal information.

Why Is Synthetic Identity Fraud Rising?

Synthetic identity fraud is increasing due to several key factors, including:

1. Data Breaches and Security Vulnerabilities

Many organizations, particularly those using centralized systems, lack proactive measures to effectively protect customer data. This vulnerability often leads to data breaches where vast amounts of personal information are exposed. High-profile breaches, such as the 1.5 billion records leaked in Real Estate Wealth Network data breach, demonstrate the ease with which fraudsters can acquire the foundational data needed for synthetic identity fraud when organizations fail to implement robust security protocols, encrypt sensitive data, or regularly update their defenses against cyberattacks.

2. Weaknesses in Lenders’ Verification Processes

Lenders often have verification processes that can be exploited by fraudsters. These processes might rely heavily on basic data points, such as Social Security Numbers and dates of birth, which can be fabricated or manipulated. Additionally, the pressure to approve loans quickly can lead to less rigorous checks, allowing synthetic identities to slip through the cracks. The loosening of credit requirements, aimed at making credit more accessible, can also unintentionally facilitate fraud.

3. Challenges in the Credit Reporting System

The credit reporting system struggles to keep up with the evolving nature of synthetic identity fraud. Since synthetic identities are created using a mix of real and fake information, they can establish a credible credit history over time, making detection difficult. Credit bureaus may not have the means to cross-verify the authenticity of all the information they receive, leading to synthetic identities maintaining good credit scores for extended periods. This lag in detection allows fraudsters to exploit the system for significant financial gains before being caught.

4. Impact of Generative Artificial Intelligence (AI)

AI is a powerful tool used by fraudsters for analyzing large amounts of data. AI algorithms can piece together bits of real and fabricated data to create identities that appear legitimate. Furthermore, the rise of deepfake technology, a by-product of AI advancements, poses additional concerns. In the hands of bad actors, deepfake tools can create realistic fake images and videos, making synthetic identities more believable, even to sophisticated verification systems. This capability significantly complicates the detection and prevention of synthetic identity fraud. AI can automate tasks like data analysis and identity generation, streamlining the creation of synthetic identities for fraudsters.

Conclusion

Identity.com

Identity.com, as a future-oriented organization, is helping many businesses by giving their customers a hassle-free identity verification process. Our organization envisions a user-centric internet where individuals maintain control over their data. This commitment drives Identity.com to actively contribute to this future through innovative identity management systems and protocols.

As members of the World Wide Web Consortium (W3C), we uphold the standards for the World Wide Web and work towards a more secure and user-friendly online experience. Identity.com is an open-source ecosystem providing access to on-chain and secure identity verification. Our solutions improve the user experience and reduce onboarding friction through reusable and interoperable Gateway Passes. Please get in touch for more information about how we can help you with identity verification and general KYC processes.