Synthetic Identity Theft: The New ID Fraud

December 19, 2016

Synthetic identity theft hacker

Synthetic identity theft is a sneaky spin off the more straightforward identity theft (where a criminal steals all aspects of a real person’s identity and impersonates them to open fraudulent new accounts).  In synthetic identity theft, the criminal steals a person’s Social Security Number (“SSN”), and fabricates a new name, date of birth, and address in order to apply for credit cards, checking accounts, and loans. It is the fastest growing type of identity theft because it is so hard to detect—as the name, birth date, and address does not match the SSN, the victim  is unlikely to receive any alerts informing them of the creation of new accounts. Criminals take advantage of this lack of transparency to create numerous fake accounts for each victim.

Credit cannot be issued to an individual unless a credit file exists with the credit bureaus. Since these newly created fraudulent identities are a figment of the criminal’s imagination, he must manipulate the system to create a credit file. This can be done in two ways. First, they can use the synthetic identity to apply for a credit card. The application will get rejected, as anticipated, but the initial goal of creating a credit file is achieved. The criminal will then apply for another credit card, and this time it will be approved because a credit file has been created with the first application. The second method is to persuade a legitimate credit card holder to add the synthetic identity as an authorized user to their credit card, which will in turn create a credit file. From there, the criminal starts out small, using the fake identity to apply with credit card companies who issue credit lines for $200-500. The criminal will use the card and pay it off as required to build good credit and then “pump up” the credit worthiness of the synthetic identity  with false information in order to get approved for larger credit lines and loans.  Once the criminal reaches his credit line goals, he will max out the cards with purchases (or get approved for loans) and then walk away without paying. By the time the bank realizes it has been conned, the criminal is long gone and virtually untraceable.

The process may seem slow and meticulous but the payoff is huge.  In 2006, one criminal gang was charged with obtaining 250 credit cards from 15 banks and charging approximately  $760,000 under one synthetic identity.[1]  In 2013, the US Attorney’s Office for the District of New Jersey charged 18 defendants with masterminding a $200 million credit card fraud conspiracy that created more than 7,000 identities to obtain thousands of credit cards.[2] A 2015 study predicted this type of fraud will increase by 44% between 2014-2018, resulting in as much as $8 billion in annual loss.[3]

Setting up  false credit accounts is increasingly attractive to criminal networks because  creating and maintaining them is easy and their fraud is hard to detect until it is too late.  Criminals target the SSNs of children and the elderly because their credit file is not in use and typically no one is monitoring their credit reports. For instance, a study found that of 4,311 children participants, 10% had their SSN in use by someone else.[4] Synthetic identity theft can be especially damaging to children because years of fraudulent activity can go undetected during their childhood. It is not until they are ready to apply for a driver’s license, a student loan or a job  that they discover their credit is in shambles.

What are the authorities doing to protect consumers? Unfortunately, not a lot. Law enforcement,  government officials and the credit card and lending industry do not have an organized and coordinated plan to combat this fraud. In fact, the Social Security Administration (SSA) will not let credit bureaus cross check applicant information with the SSA’s records due to privacy concerns. Also, many banks write off cases of fake accounts as “charge-offs” (instead of fraud) without ever contacting the authorities.  And while the credit bureaus say they hope to improve the accuracy of applicant authentication by involving the SSA in their validation process, that appears unlikely to occur anytime in the near future.

Consumers need to be proactive in protecting their own credit files—and those of their children and elderly loved ones—including regularly checking credit reports for unknown accounts. Additionally, addresses and dates of birth should not be given out casually, especially over social media. And where possible, the credit reports of those who are particularly vulnerable (children and the elderly)  should be frozen. Criminals are relying on consumers’ passiveness to steal. Being diligent is the best protection.

1. ID Analytics, The Long Con: An Analysis of Synthetic Identities, October 2014

2. Federal Bureau of Investigation, Eighteen People Charged in International $200 Million Credit Card Fraud Scam (Press Release) Feb. 5, 2013

3. Javelin Strategy & Research, 2015 Data Breach Fraud Impact Report, June 2015

4. Carnegie Mellon Cylab, Child Identity Theft, 2011

Your Comment