Synthetic identity theft and how to stay secure
Synthetic identity fraud is on the rise
Add bookmarkEvery 22 seconds, there is a new case of identity theft. Around 33% of Americans have experienced some form of identity theft during their lives. Additionally, 87% of individuals have personal information that is accessible online. For fraudsters, obtaining a Social Security Number (SSN) is like striking gold. They exploit SSNs to open new accounts under the victim’s name and then freely spend without restraint.
Identity theft cases can persist undetected for weeks, months or even years before the targeted individual realizes what is happening. In some cases, victims never uncover these deceptions. Such schemes can also slip past financial institutions like banks and insurance companies, remaining unnoticed.
Identity theft represents a complex challenge. As we delve into this topic, it is crucial to understand its prevalent types, mechanisms, implications and the multi-layered strategies required for effective prevention and response.
Synthetic ID
The most common type of ID theft involves criminals creating a synthetic identity. This involves blending real (often stolen information) such as SSNs with fictitious details, like another person’s name and address. This results in not just a stolen identity but the creation of an entirely fabricated persona, known as a synthetic ID.
Sometimes, there are instances of “quick synthetics,” where bits of personal data from several individuals are combined to form a single, new and entirely fake identity.
A particularly alarming aspect of this crime is its focus on children’s SSNs. Children’s SSNs are more likely to be used for synthetic identity fraud compared to adults. This is because a child’s SSN is a clean slate – rarely checked and devoid of financial history, making it ideal for fraudulent use that can go undetected for years.
How synthetic identities are used
To see how cyber criminals exploit the system, it is important to understand how a credit file is initially created. Credit reporting agencies (CRAs) such as Equifax or TransUnion play an important role in the credit system. They collect and store credit-related data, forming the backbone of consumer credit history. When an individual applies for credit, these agencies either check for an existing credit report or create a new one. This process, while designed for financial assessment, is often exploited by fraudsters in various ways.
Identity fraudsters use three primary methods to create synthetic identities and commit fraud: applying for credit directly, exploiting the authorized user feature or employing a data-furnisher technique.
- Direct credit applications: Fraudsters initially apply for credit with a lender, which results in the creation of a new credit file upon rejection. They then reapply for credit, now with a nascent but existent profile.
- Authorized user feature: Fraudsters exploit the legitimate option of adding authorized users to credit card accounts. They pay holders of good credit to add synthetic identities as authorized users, thus inheriting the account holder’s credit history.
- Data furnishing technique: This involves using a business to falsely report credit activities to CRAs. Fraudsters either create front companies or infiltrate existing ones to fabricate credit histories for synthetic identities.
Protecting against synthetic identity theft
Financial institutions
Financial institutions must enhance their processes for verifying clients’ identities and approving credit by incorporating multiple layers of checks and balances. This may include closely studying phone account data to identify common billing patterns, as fraudsters often use disposable phones and prepaid VoIP numbers. Additionally, the historical data of email accounts is important; an old account linked to a new email address often raises suspicion and can indicate fraud.
It is also essential to note inconsistencies, such as a mismatch between the phone number and email address or multiple individuals sharing the same home address, as these are significant red flags.
Further, they should implement a consistent process for calculating an applicant’s risk score, reassessing this score multiple times during the week following an application. Any significant changes in this score could be a strong indicator of fraud.
Banks and credit card companies should regularly monitor for suspicious activities. The creation and implementation of advanced fraud detection systems can significantly mitigate risks here. Using AI and machine learning can assist in detecting patterns indicative of synthetic identities.
Incorporating biometric data such as fingerprints or facial recognition in the verification process can add an additional layer of security. The use of blockchain can offer a more secure and transparent method for managing personal data.
Individuals
Staying informed about the latest trends in identity theft and understanding the signs of potential fraud can act as your first line of defense. By being vigilant to the warning signs of identity theft, you can significantly reduce the risk of becoming a victim of identity theft.
Regularly inspecting your credit report, ideally once a month, is a crucial step. This helps in the early detection of any unusual activities or discrepancies. Investing in identity theft protection tools and services is also a wise choice. These services monitor dark markets and new credit lines for activities involving your SSN, providing an extra layer of security. Initiating a credit freeze is another effective measure. This action locks down your credit, preventing the opening of new accounts in your name.
Avoid phishing sites and refrain from clicking on suspicious email links that could lead to malware. Always keep your software updated to protect against security vulnerabilities. Developing healthy online habits is the most critical aspect of protecting yourself from identity theft these days.
The problem of synthetic identity fraud is on the rise. Things like deepfakes can increase its impact in the coming years. Criminals recognize the ease and profitability of engaging in identity theft. Several elements fuel this issue, notably the authorized user process and the ease of obtaining credit from major card issuers.
The fight against identity theft is not just a challenge for businesses or individuals. It is a collective battle that demands a united effort from all parties involved. This includes raising user awareness and facilitating information sharing between financial institutions, CRAs and law enforcement. In addition, enacting stringent data protection laws can compel institutions to fortify their data security measures.
With more than 140,000 members, Cyber Security Hub is the vibrant community connecting cyber security professionals around the world.
Join Now