The lack of a standard synthetic identity fraud definition has been one of the hurdles to improving defenses against this threat. Now we have one. The Federal Reserve Board, in collaboration with cross-industry leaders including TransUnion, has issued this definition:
Synthetic identity fraud is the use of a combination of personally identifiable information (PII) to fabricate a person or entity in order to commit a dishonest act for personal or financial gain.
The Fed issued an overview that also includes the following definitions of the primary and supplementary PII elements that may be used to create a synthetic identity.
Primary elements: Identity elements that are, in combination, typically unique to an individual or profile (e.g., name, date of birth, Social Security number and other government-issued identifiers)
Supplemental elements: Elements that can help substantiate or enhance the validity of an identity but cannot establish an identity by themselves (e.g., mailing or billing address, phone number, email address or digital footprint)
Establishing these basic definitions is an important step in properly measuring the full scope and impact of synthetic identity fraud. The descriptions also serve as a good jumping-off point for educating business leaders about this illusive threat.
Three reasons synthetic identity fraud is so hard to detect
You’re forgiven if you find it hard to wrap your head around what synthetic identity fraud actually is. Here are three characteristics of synthetic identity fraud that can make it difficult to understand and recognize:
1). Lengthy scams
Synthetic identity schemes can play out over months or years. Sophisticated fraudsters build new identities patiently, emulating the behavior of genuine consumers who are new to credit or new to the country.
These long cons often end in a “bust out.” On one day, for example, a fraudster drives away in a newly financed car and maxes out multiple lines of credit. Then, all activity by that synthetic ID stops. Eventually, many lenders or other affected businesses will categorize the losses as charge-offs due to non-payment, rather than as synthetic identity fraud.
2). Diverse purposes
TransUnion sponsored a 2021 report by the Aite Group1 about the impact of synthetic identity fraud and best practices for combatting it. (Download a complimentary copy of the report.) The report detailed four common uses for synthetic identities:
- Credit repair: Used to hide from previous negative credit history or bad debt in order to appear creditworthy.
- Fraud for living: Used to apply for employment or services (e.g., utilities, housing, bank accounts) because an individual is unwilling or unable to do so with existing primary PII elements, with no intent to default on payment.
- Payment default scheme: Used to obtain goods, cash or services with no intent to repay over a period of time.
- Other criminal activity: Used to facilitate a means to an end as part of illegal acts. Note: These illegal acts can be conducted by individuals or groups and can include activities such as avoiding legal responsibilities, money laundering, human and/or narcotics trafficking or terrorist financing.
3). Diverse methods
The steps fraudsters take to create a credit-worthy entity are always changing. Organized crime rings are especially innovative. They sometimes use multiple techniques simultaneously, trying to get one credit application or other transaction accepted — and even rejections can help build a credit history.
The following table of typical synthetic identity creation techniques is adapted from the Aite report.
Add a new identity as an authorized user to an existing credit line
FIs often don’t do the same level of due diligence when adding a new authorized user, because the primary user is responsible for the debt. However, the new user is reported to credit bureaus, which establishes or adds to a synthetic ID’s credit record.
Apply for a rental property
A legitimate address helps establish one or more synthetic identities. Also, fraudsters can use the property as a base and abandon it — usually with months of rent unpaid — after the identity has been used to cash in on loans, cards, checking accounts, etc.
Apply for a secured credit card
Consumers with poor/brief credit histories can often get approved for a line of credit by securing it with a cash deposit. Because the credit is secured, some FI’s don’t rigorously underwrite applicants. The credit history is submitted to the bureaus, giving synthetic identities a potential foothold.
Get a mobile phone
New identities are relatively easy to get accepted by many mobile plan carriers. Mobile devices help establish an identity’s activity history, while fraudsters also use the phone to sidestep security measures such as SMS one-time passwords.
Create a social media presence
FIs sometimes check social media activity as part of fraud assessments, so sophisticated criminals set up social media profiles and nurture them for months or years before deploying the synthetic ID.
Create a complicit data furnisher
Fraudsters set up businesses solely to furnish data to credit bureaus about synthetic identities. Or, a legitimate business can be used for this purpose by an internal fraudster.
More on synthetic identity fraud
Find out about detecting and eliminating synthetic identities with TransUnion’s Synthetic Fraud Model.
For more on synthetic identity fraud, explore our blog posts on the pandemic’s impact on synthetic identity fraud, and recommendations for mitigating losses from this crime.
How our TruValidate suite helps businesses detect and prevent fraud
TransUnion Global Fraud Solutions unite consumer and device identities to detect threats across markets while ensuring friction-right user experiences. The solutions, all part of the TransUnion TruValidate™ suite, fuse traditional data science with machine learning to provide businesses unique insights about consumer transactions, safeguarding tens of millions of transactions each day.
1 The percent or rate of suspected or risky fraudulent digital transaction attempts are those that TransUnion’s customers either denied or reviewed due to fraudulent indicators compared to all transactions it assessed for fraud.