What is synthetic identity fraud?
Synthetic identity fraud is a type of identity crime in which a fraudster crafts a new (i.e., "synthetic") identity from a combination of real and fake components. They may use a legitimate social security number with a low activity history — such as one belonging to a child or deceased person — in tandem with a fake name and date of birth to open a bank account, apply for a loan, or commit some other type of fraud.
Synthetic identity fraud can be difficult to detect and may not always trigger fraud alerts during onboarding and account creation. And it's a problem not only for financial institutions, but for the individuals whose information is fraudulently used. In some cases, they may not realize their information has been stolen and manipulated until they experience serious financial harm, which is why prevention and monitoring are essential.
Types of synthetic identities
Fraudsters use a few different techniques to piece together synthetic IDs, the most common of which include:
Manipulated synthetic identities
Manipulated synthetic identities begin with a real person's legitimate personal information, such as their social security number (SSN). Fraudsters then subtly alter the surrounding details to create a new identity. Core identifiers are usually kept, while names, addresses, or dates of birth may be changed. By keeping key elements such as the SSN, a fraudster may be able to piggyback on a person's established credit history.
Manufactured synthetic identities
Manufactured synthetic identities are totally fabricated personas, often built from data that’s either stolen or artificially generated. A fraudster may use an SSN obtained from a breach — such as one assigned to a child or elderly person — or generate a number that mimics valid SSN formatting to bypass basic validation checks.
Manufactured IDs can be difficult for fraudsters to create and maintain over time. But since they can't be traced back to any one real person, they can also be harder to detect.
Blended synthetic identities
Blended synthetic identities combine elements from multiple real identities to create a "hybrid" identity. These are tough to trace, because all the info on them is technically legitimate — it's just taken from different sources. By blending, say, one person's SSN with another person's address and another person's name, these IDs may be able to squeeze their way through multiple verification checks.
Digital-first synthetic identities
Digital-first synthetic identities exist primarily online and may be supported by social media profiles, email accounts, and other activities that make up a typical real person's digital footprint. This is a time-consuming way to go about it, but it can work.
These types of synthetic identities may exploit the digital onboarding processes used by modern fintechs and neobanks, especially where physical identity verification is limited.
How synthetic identity fraud works
The process of creating a synthetic identity often begins with acquiring fragments of a real, legitimate one. These data fragments may be collected en masse from data breaches, public records, or even social media. Once the fraudster has the info they need, they combine it with fictitious details to form a new, falsified identity.
The general steps of synthetic identify fraud include:
Collecting personal data: This includes real Social Security numbers, especially those of children or deceased individuals, which are less likely to be monitored. Fraudsters may supplement stolen SSNs with fake names, addresses, and dates of birth.
Opening the account: Assuming it goes undetected and doesn't raise any red flags with the financial institution in question, a synthetic ID can be used to open bank accounts, apply for credit cards, or take out loans.
Spending money/racking up debt: Once the accounts are active, fraudsters may accumulate debt, make unauthorized purchases, or funnel funds through synthetic identities to obscure the source or destination of money — tactics that may be associated with broader money laundering schemes.
How to prevent synthetic identity fraud
If you're an individual customer or client, there are some common-sense ways to protect yourself from synthetic ID fraud:
Regularly monitor your credit reports: Though credit reporting may vary by country, in the US and in many European countries, you can request a free credit report from the relevant credit reporting agencies. For example, in the UK, you can use a service like Credit Karma to get free access to your credit report along with free credit monitoring tools.
Set up transaction alerts: Some credit monitoring tools feature alert services that ping you when there's a significant change to your credit report, such as a new account opened in your name. If you're notified of something you don't recognize, contact your local consumer protection agency as well as the institution in question to report the suspected fraud.
Be cautious about sharing personal information online: Limit the amount of sensitive personal data you share on social media and double-check to ensure your privacy settings are secure. And if you've been notified that your data was compromised in a data breach, consider placing a fraud alert or credit freeze on your file.
Financial institutions can also take proactive steps toward preventing synthetic identity fraud:
Implement advanced verification processes: Use multi-factor authentication and biometric verification to strengthen your ID verification processes. Though not foolproof, these tools can help detect synthetic identities when combined with robust back-end verification. And this doesn't have to create a huge amount of friction for your customers. Fourthline's AI-powered ID verification solution features onboarding and biometric verification processes are designed to be GDPR-compliant, helping institutions meet regulatory requirements without risking conversion.
Use machine learning for detection: Or, better yet, find a security partner that does. Fourthline's smart fraud detection, for example, uses machine learning to help detect unusual patterns in account activity that may be a sign of synthetic identity fraud.
Educate your employees on fraud detection: Regular training can help employees recognize the signs of synthetic identity fraud and respond before it's too late — saving you time, money, and reputational damage.
Tools that help detect synthetic identity fraud
As fraudsters continue to hone their techniques, synthetic identity fraud is emerging as one of the most pressing threats in the financial industry. The good news? We're fighting back with a range of automated, AI-powered tools. These include:
Advanced pattern recognition
Having conducted millions of KYC verifications, Fourthline's anti-financial crime specialists have developed expertise in identifying the subtle indicators of synthetic identities. Our systems have been trained to recognize the unique patterns that distinguish synthetic identities from legitimate customers. These patterns — such as mismatched identity elements or inconsistent data behavior — often go unnoticed by traditional verification systems that rely solely on document or database checks.
Proprietary machine learning algorithms
Our proprietary algorithms are specifically trained to detect probable synthetic identities by analyzing thousands of data points simultaneously. The augmented analytics engine can detect the tiny discrepancies and unusual patterns that typically signal synthetic identity creation. This allows us to:
Identify and flag discrepancies between credit reporting agency data and information provided at onboarding
Detect abnormal velocity patterns (i.e., suspicious patterns in the frequency, speed, or sequence of activities associated with account behavior, such as rapid sequential logins or transactions)
Flag suspicious combinations of fake and legitimate ID elements
Multi-factor address verification
Fourthline's address verification system collects and analyzes address information alongside device metadata and geolocation data. We cross-reference this information against trusted databases to identify inconsistencies that may reveal synthetic identity attempts.
Synthetic identities often attempt to use non-residential addresses or locations in high-risk jurisdictions, which our tools are designed to detect. This multi-layered approach operates within a framework designed to meet GDPR requirements.
Continuous monitoring beyond onboarding
Our approach to detecting synthetic identities is continuous, predictive, and powered by advanced machine learning. Unlike traditional systems that only screen at onboarding, our technology looks for synthetic identity markers throughout the entire customer relationship. This is crucial because synthetic identities often establish seemingly legitimate behavior before executing fraudulent activities months later.
Synthetic identity fraud FAQ
How can I tell if I am a victim of synthetic identity fraud?
You may be a victim if you’re denied credit because your social security number is already associated with another identity, or if you’re notified about credit activity linked to your SSN but not your name. Regularly monitoring your credit reports and setting up fraud alerts can help you catch these signs early.
What are the consequences of synthetic identity fraud?
If you're a victim of synthetic ID fraud and don't take the appropriate actions quickly, you may suffer significant long-term consequences. These include damage to your credit scores, problems with bureaucracy, and difficulty qualifying for future loans, credit cards, and other financial accounts.
Are certain demographics more vulnerable to synthetic identity fraud?
Yes. Children and the elderly are often more vulnerable. Children usually don't have a credit history, which makes it easier for fraudsters to create synthetic identities using their names. The elderly may be less aware of the risks and less tech-savvy, which could make them more likely to share sensitive personal information on social media sites like Facebook.
