"Way Back Data" and Five Ways to Detect Synthetic Identities
Member News
Blog
Synthetic Identity
Pipl
Jan 04, 2021
Blog
What Is a Synthetic Identity?
Synthetic identity fraud is currently one of the fastest growing types of financial crime in the United States, causing between $1 billion and $8 billion in losses annually in the U.S. Its victims are primarily children and the elderly, whose credit is damaged when their Social Security numbers are stolen to create synthetic identities. Of course, financial institutions and their insurance companies, who must make good on the payments made to merchants by fraudsters, are certainly victims, too. In fact, synthetic identity fraud makes up 12% of banks' losses due to identity fraud and 80% of credit card fraud losses.
Synthetic identities differ from stolen identities because just a small part of a real person's identity -- usually their Social Security number -- is stolen. The SSN is then combined with fake information, like an email address, a mailing address, and a social media account, to create an identity out of thin air.
Once created, the identity is nurtured: First, it is used to apply for secure credit. The application is likely to be denied, but a record of the interaction is created by credit agencies, furthering the illusion that the synthetic identity is real and increasing the odds that the next attempt will be successful.
Gradually, fraudsters will build the synthetic identity's credit by making increasingly larger purchases and paying them off on-time. Then, when the fraudster thinks it is time, they will "bust out" and, in the process, rack up massive credit card charges and skip out on the bill.
Because Social Security numbers are often stolen from children and the elderly, for whom credit reports are rarely pulled, this type of fraud has been incredibly difficult to detect.
Identity Information Has Evolved
In the days before the Internet -- and to a large extent even now -- identity verification was carried out using traditional PII (personally identifying information): If a driver's license matched the name on a Social Security card, and a credit history was present, an applicant would get the go-ahead.
With the advent of the Internet, however, financial institutions have a new, more powerful identity-verification toolset.
In addition to traditional, offline PII, people now leave behind traces of their lives on the Internet: public-facing identity "elements" like email address, social media accounts, etc. These elements are exploited by fraudsters to add lifelike detail to an identity created around a stolen Social Security number. But they also play a key role in the detection of fraud.
By making use of a third-party data aggregator with traditional and online identity information that goes "way back" and includes the sources that the data was obtained from, businesses can get a clear view of the differences between real and synthetic identities.
Five Ways to Sort the Real from the Synthetic Using "Way Back" Data
1. Look for symmetrical accumulation of identity elements
2. Look for a low number of online identity elements
3. Look for a lack of offline identity data
4. Look for a low number of sources
5. Look for a credit history built on secured credit
It Is All about the Way-back
Leading providers of identity information are able to provide decades worth of data, gathered from multiple online and offline sources. By taking a close look at what elements are present, when they appeared, and how many sources they can be corroborated across, businesses can gain the upper hand on fraudsters attempting to commit theft using synthetic identities.
Synthetic identity fraud is currently one of the fastest growing types of financial crime in the United States, causing between $1 billion and $8 billion in losses annually in the U.S. Its victims are primarily children and the elderly, whose credit is damaged when their Social Security numbers are stolen to create synthetic identities. Of course, financial institutions and their insurance companies, who must make good on the payments made to merchants by fraudsters, are certainly victims, too. In fact, synthetic identity fraud makes up 12% of banks' losses due to identity fraud and 80% of credit card fraud losses.
Synthetic identities differ from stolen identities because just a small part of a real person's identity -- usually their Social Security number -- is stolen. The SSN is then combined with fake information, like an email address, a mailing address, and a social media account, to create an identity out of thin air.
Once created, the identity is nurtured: First, it is used to apply for secure credit. The application is likely to be denied, but a record of the interaction is created by credit agencies, furthering the illusion that the synthetic identity is real and increasing the odds that the next attempt will be successful.
Gradually, fraudsters will build the synthetic identity's credit by making increasingly larger purchases and paying them off on-time. Then, when the fraudster thinks it is time, they will "bust out" and, in the process, rack up massive credit card charges and skip out on the bill.
Because Social Security numbers are often stolen from children and the elderly, for whom credit reports are rarely pulled, this type of fraud has been incredibly difficult to detect.
Identity Information Has Evolved
In the days before the Internet -- and to a large extent even now -- identity verification was carried out using traditional PII (personally identifying information): If a driver's license matched the name on a Social Security card, and a credit history was present, an applicant would get the go-ahead.
With the advent of the Internet, however, financial institutions have a new, more powerful identity-verification toolset.
In addition to traditional, offline PII, people now leave behind traces of their lives on the Internet: public-facing identity "elements" like email address, social media accounts, etc. These elements are exploited by fraudsters to add lifelike detail to an identity created around a stolen Social Security number. But they also play a key role in the detection of fraud.
By making use of a third-party data aggregator with traditional and online identity information that goes "way back" and includes the sources that the data was obtained from, businesses can get a clear view of the differences between real and synthetic identities.
Five Ways to Sort the Real from the Synthetic Using "Way Back" Data
1. Look for symmetrical accumulation of identity elements
- A real person: A legitimate online identity will display an asymmetrical accumulation of both online and traditional identity elements. Email addresses, social media accounts, and mailing addresses will have been added over a long period of time as a person lives their life and accesses the services they need.
- A synthetic identity: While it may be nurtured for a period of time, a synthetic identity will typically show a symmetrical accumulation of identity elements: the date that an associated email address was first seen will be close to the the first-seen date and associated social-media account plus any offline information, such as a P.O. box. It is impossible for a fraudster to go back in time to simulate the manner in which a real person adds details associated with their identity.
2. Look for a low number of online identity elements
- A real person: Real people's online identifiers evolve. They have probably given up their Yahoo! email account for Gmail and their MySpace account for one on Facebook. Additional social media accounts -- Twitter, Instagram, and more -- are also likely to be present.
- A synthetic identity: With a data solution that goes back decades and pulls from multiple sources, it becomes easy to spot a synthetic identity's telltale lack of depth. It is typical for a synthetic identity to show just a mailing address, a single social media account, and one email address -- and it is probably not one associated with an employer.
3. Look for a lack of offline identity data
- A real person: Real people exist beyond the online world. Look at their offline identity information, and you will see multiple physical addresses, vehicle registrations, employers, and maybe even a landline number or two.
- A synthetic identity: When an identity is fabricated and exists solely in the online world, it is no surprise that it will show a lack of offline identity information. The most you will probably see is a P.O. box.
4. Look for a low number of sources
- A real person: As they live their life, a real person leaves traces of their existence in multiple sources: the DMV, government records, credit bureaus, etc. An email address or a phone number -- identity elements that are commonly used as unique identifiers for account creation -- can likely be found on a wide variety of sources, corroborating their validity.
- A synthetic identity: When an identity is created out of thin air, the elements of their identity will not be in existence long enough to have been associated with a large number of sources. This means that they cannot be corroborated.
5. Look for a credit history built on secured credit
- A real person: While it is normal for young adults to start building their credit history with secured credit, that phase is long in the past for most people.
- A synthetic identity: If your data sources show that a person over 25 started building their credit history using secured credit and then quickly added credit cards, it is worth taking a closer look.
It Is All about the Way-back
Leading providers of identity information are able to provide decades worth of data, gathered from multiple online and offline sources. By taking a close look at what elements are present, when they appeared, and how many sources they can be corroborated across, businesses can gain the upper hand on fraudsters attempting to commit theft using synthetic identities.
Host a Webinar with the MRC
Help the MRC community stay current on relevant fraud, payments, and law enforcement topics.
Submit a Request
Publish Your Document with the MRC
Feature your case studies, surveys, and whitepapers in the MRC Resource Center.
Submit Your Document
