Synthetic identity fraud is harder to spot than standard identity fraud. Let’s see why, and how to prevent it before it hurts your business.
Your business probably already has a KYC Procedure designed to confirm user identities. The problem? How does it work if the IDs are from real people, but with bad intentions?
This is precisely what makes fighting synthetic identity fraud so hard.
You can’t just look at the documents. You also have to guess the intent.
Luckily, this isn’t as hard as it sounds with the right risk management tools – even when there were 14 Million reported stolen IDs in 2019 alone.
But before we get ahead of ourselves, let’s start with the basics:
What is a Synthetic ID?
A synthetic ID is stitched together based on real and fake information. It can also be made of multiple people’s personally identifiable information (PII). For instance, using a real social security number from one person, and combining it with another’s credit card details.
Note that synthetic identities can also include “manufactured” data. For instance, a social security number that is randomised to fall within the right range.
What is Synthetic Identity Theft?
Synthetic identity theft happens when fraudsters combine real and fake data to create an online profile. The real information is stolen or borrowed from complicit users. Synthetic IDs are used to borrow loans, open accounts, and fool KYC checks, amongst others.
The Fastest Growing Fraud Vector
Based on the 2021 Future of Fraud Forecast, Experian reports that synthetic ID fraud or synthetic identity theft is the fastest-growing type of financial crime. Based on Experian’s own definition, it accounts for 80% of credit card fraud losses, and nearly 20% of chargebacks.
How Synthetic Identity Fraud Works
Let’s look at a typical example, where a fraudster applies online for a credit card.
First, the fraudsters will obtain IDs from stolen marketplaces. They create a fake profile with said documentation, and diligently pay their bills for years. After a while, they can ask for the limits to be raised.
When the limits are sufficiently raised, they will max out their credit card limit, do a “bust out” and simply disappear. By the time the banks attempt to get their money back, they realise the person doesn’t exist.
What Are the Most Common Types of Identity Theft?
Identity theft and fraud go hand-in-hand. Criminals will stop at nothing to acquire records that help them create fake profiles. This includes stealing:
- Tax-related information: in the US especially, tax information from the IRS can be used to recover extra personal data.
- Medical identity theft: medical information is also often used to apply for prescription drugs or to file insurance claims under someone else’s name.
- Child identity theft: proof that fraudsters will stoop as low as they can, children records are often used to apply for credit cards or online loans. This works because their credit scores are either neutral or nonexistent, and it will take many years before anyone realises the information was compromised.
Synthetic Identity Fraud vs. Traditional Identity Fraud
Traditional identity fraud is perpetrated in real-time. Sending phishing emails from an account takeover, for instance, constitutes an example of direct identity fraud.
Synthetic identity fraud, however, tends to be cultivated over time by more sophisticated criminals. Their goal is to fly under the radar for as long as possible, as they want to create a new account and use it in the long term.
This is important because it highlights a key challenge of fighting this kind of fraud. The criminals who rely on these techniques are patient, calculated and sophisticated. They also tend to be organised, which we can use against them to our advantage.
Data Breaches Fueling ID Options
Sourcing ID documents is child’s play for fraudsters. They can hop on the dark web and purchase huge lists from leaked databases, at surprisingly competitive rates.
While a data breach can be useful for ID verification, the information is more likely to cause a vicious cycle of account takeovers, fake account openings, and a rise in the number of synthetic IDs.
Money Mules, Rent-and-ID, and Bank Drops
Adding to the challenge of widely available stolen documents, many people willingly sell their IDs in exchange for a fee.
This is especially true in the aftermath of the global COVID-19 pandemic. The general population worldwide has taken a financial hit, and fraudsters were quick to exploit the situation.
They offer to buy personal details or to borrow people’s bank accounts to hide their synthetic identity fraud activities. Here are a few options:
- Money mules: a money mule is a person who transfers stolen money on behalf of others. It’s also referred to as a “smurfer”, or “squaring”. Under 25s are particularly at risk, and money mules may find themselves complicit in money laundering schemes.
- Bank drop: the account that money mules will use to receive and transfer illicit funds.
- Rent-an-ID: in the underground economy, we’ve seen a proliferation of services that blatantly ask people to rent out their documents, in exchange for payment.
- Clearnet fake document services: can’t provide the right documentation? No problem – a growing number of clear net services offer photoshopping IDs for fraudsters, helping them bypass KYC checks using selfie IDs.
The takeaway: there’s no shortage of resources available to stitch together the perfect ID, tailored to defraud your online services.
Fake ID Services
What if fraudsters run into heavier KYC checks in the form of document uploads? Barely an inconvenience: they can simply purchase a document-forging service, which are plentiful, affordable, and surprisingly effective.
Solution: Effective, But Labour-Intensive Manual Reviews
Traditionally, an effective way to identify a fake or stolen ID in the context of synthetic identity fraud was to rely on OSINT techniques. OSINT, or open-source intelligence, is a collection of processes that looks at publicly available data and cross-references against the suspicious profile.
The problem? It’s time-consuming and resource-heavy. If you use pro databases from Experian, Pipl or white pages, it can also be a costly method.
Last but not least, this type of risk management requires eagle-eyed specialists, with proper training and education.
So how do you identify those adept at evading synthetic fraud detection, and at scale? With the right technology.
Detecting Synthetic IDs With Better Risk Tech
Let’s be clear: there’s no magic bullet when it comes to synthetic identity fraud detection. You’ll need a multi-layered approach, ideally combining all the technologies mentioned below. But let’s break them down one by one:
#1 Device Fingerprinting
If fraudsters are successful, they tend to target the same companies multiple times. The challenge for them isn’t to create hundreds or thousands of synthetic IDs. It’s to make it look like they are all connecting to your site as unique users.
This is why a device fingerprinting module is so effective. You can instantly flag user connections that point to:
- Proxy usage
- Tor connections
- VPN use
- Strange browser setups
- Suspicious hardware configuration
The key here is not just to focus your attention on strange configurations of software and hardware, but also to highlight connections between users.
By logging each device setup as a unique ID, you can notice patterns that could point to bot use, or repeat attacks from the same fraudulent organisations.
#2 Reverse Social Media Lookup
An interesting technique to spot synthetic identity fraud? Look at their online digital footprint. This includes email and phone number analysis, to see if their details appear legitimate, but one of the most effective techniques is undoubtedly social medial lookup.
You can perform a reverse email address or phone number search, and see if they have been used to register to social media platforms.
This has three key benefits:
- You can use their social media profiles to confirm their identity.
- An absence of social media information may point to fraud.
- The kind of social media networks users are subscribed to can also help with credit scoring.
Because SEON can check 20+ social media networks and a growing number of platforms in emerging markets.
#3 Behaviour Analysis via Velocity Rules
Last but not least: it’s not just about looking at data points, but about understanding user behaviour. This is particularly important for the more sophisticated attacks, and those perpetrated by money mules who use their real IDs the whole time.
In fraud management terms, this is examined via custom rules and velocity rules. These are rules that aren’t necessarily complex, but that can analyse a wide variety of data points, including timeframes.
Here are some examples:
- How quickly did the user go through the entire KYC process?
- What about the user authentication stage?
- Did they enter a social security number in one keystroke?
- How many times has a similar browser/hardware setup appeared in the last 10 days?
- How frequently do they request to raise their credit limit?
Of course, the sky’s the limit with the kind of data you want to examine. But the key here is that you can identify suspicious behaviours, even from fraudsters who have already managed to infiltrate your platform.
A whitebox machine learning system, for instance, is particularly adept at catching matching behaviour from fraudsters who passed the KYC stage. If you are consistent in your reporting and use enough feedback mechanisms, you can begin understanding behavioural patterns that may point to the most undercover and sophisticated fraud.
Better Detection With a Multi-Layered Approach
When it comes to synthetic identity fraud, synthetic identity theft the sophistication and resources of criminal organisations increases daily. For targeted companies, it’s not enough to simply implement static ID checks fraud rules and to leave them run on autopilot.
The good news, however, is that you don’t have to waste all your resources on intensive manual reviews for identity proofing. Using sophisticated risk tech, you can combine tools to create a net that will filter out bad users, and only allow in those who will help your company reach its goals.
Learn more about our products
Bence is the co-founder and COO of SEON whose vision is to create a safer online environment for merchants in high risk verticals.