Synthetic Identity Theft: Definition, How It Occurs and How to Prevent it

What is Synthetic Identity Theft?

Synthetic identity fraud occurs when fraudsters use false information (such as fake names) in combination with real information (such as a child’s Social Security number) to invent a fraudulent identity. Fraudsters can use these new identities to open up credit accounts, live or work in the United States, or qualify for benefits. 

Related: How Do I Find Out if Someone is Using My Social Security Number?

Synthetic Identity Theft in Facts and Figures

Fact 1: Synthetic identity theft is hard to detect hence attractive to cyber criminals
Due to the nature of this form of fraud, it’s difficult to know how common synthetic identity theft cases are in the United States. After all, synthetic fraudsters can go years without being caught. Despite being underreported, the Federal Reserve still believes synthetic identity theft can be classified as the fastest-growing financial crime in the US, costing targeted individuals $15,000 on average.

Fact 2: Children are most affected
The Social Security numbers of children are fifty times more likely to be targeted than the Social Security numbers of adults, according to a report by researchers from Carnegie Mellon University. A report by Javelin also found that around one million children were reported as victims of identity fraud in 2017.

Fact 3: Other at-risk populations include the elderly, the homeless, and the recently deceased
Perhaps you’ve noticed a pattern here – they are all people with limited to non-existent abilities to monitor their credit reports and account statements. This lets fraudsters commit their crimes for years, ensuring that they can get as much money out of the synthetic identity as possible.

How Synthetic Identity Fraud Differs from True-Name Identity Theft

It’s helpful to differentiate synthetic identity theft from true-name identity theft based on the information used and the pattern of criminal behavior involved:

Of note: these crimes are not mutually exclusive; synthetic identity fraud could turn into true-name identity theft if, for instance, a fraudster is arrested and gives out your information, thus comming a crime known as criminal identity theft.

As we mentioned above, synthetic identity theft is much harder to track due to the nature of this form of fraud. Normally, financial institutions can’t even spot it until the fraudster commits his or her final crime, maxing out all open lines of credit before abandoning the identity.

Does that mean that the consequences of synthetic identity fraud aren’t tied to the victims? Far from it. While fraudsters do tend to build up a victim’s credit score, that’s just so they can steal as much money as possible from fraudulent lines of credit. This leaves the victim, who may not be old enough (or, on the contrary, too old) to understand what has happened, left to clean up the pieces.

Types of Synthetic Identities and How They’re Used

Generally speaking, there are three different types of synthetic identity theft methods that fraudsters can use:

1. Identity Fabrication: The first method is to completely fabricate an identity with no ties to a real person. This type of synthetic identity, often referred to as identity fabrication, isn’t associated with any real personally identifiable information (PII).
2. Identity Manipulation: The second method of synthetic identity theft is to use identity manipulation. This involves slightly modifying the PII from a real person to create a new identity and then falsifying the rest.
3. Identity Compilation: Finally, the third method is to use identity compilation. This involves combining significant real and false PII to form a new identity. This lets the fraudster commit financial crimes under the guise of being a “real” person.

Synthetic identities are very often used for nefarious activities: 

• Stealing money or benefits: this impacts banks and businesses most in the form of credit card fraud.

• Identity fraud for work or residency: a seemingly harmless activity where a fake identity is formed in order to live or work in the U.S.

• Identity fraud for credit repair: the perpetrator uses their real name and someone else’s taintless Social Security number to create an alternate credit history. Very often this process involves “piggybacking” where a fraudster is added on someone else’s real account for a fee in order to boost their credit score. 

How Does Synthetic Identity Theft Work?

For a cyber criminal to pull off synthetic identity fraud, they normally need one of two pieces of information: a Social Security number or Credit Privacy Numbers (CPNs). These are the “home run” numbers that fraudsters can use to quickly open up lines of credit and begin their attack. 

Now, let’s delve into the typical synthetic identity theft scenario. Here are the main steps it can involve:

• Synthesizing an identity: At this stage, the criminal steals the SSN from someone, creates a bogus name and combines real and false information to form a new identity. This might start by shopping for information on the dark web or buying it from people- search sites. As we saw earlier, the Social Security numbers of children are fifty times more likely to be used for synthetic identity fraud than the Social Security number of adults. This is because these numbers tend not to be included in credit report databases. By connecting these numbers to false information (such as name, birth date, and address), the thief can commit more serious crimes involving stealing funds from banks, facilitating drug and human trafficking and even funding terrorism. 

• Starting a credit file for the new identity: Once the identity is ready, the fraudster can apply for a credit card – most probably unsuccessfully the first time. This failed attempt is not all in vain as it creates a record for the fraudulent person and enables them to build a fake, but realistic, credit history. 

• Establishing and improving credit — then cashing out: Now that they have an open credit line, the fraudster can slowly build up a positive credit score, raising the maximum credit limit until they feel ready to put their exit strategy in action. At that time, they will max out all of the credit cards available, and then vanish without paying off the bills.

• Facing the consequences: Imagine you are a victim, that very child whose SSN has been stolen. Years have passed and you apply for a credit card or your first student loan and as your application gets rejected you find out that your SSN has been criminally misused for years as part of a fake identity. The time and effort it will take to clean up the mess? A very frightening perspective. 

Factors Contributing to the Rise of Synthetic Identity Fraud

Why are fraudsters increasingly turning to synthetic identity theft? it’s never been easier to commit — and get away with. Here’s why:

• Universal use of SSNs: Just about every major financial decision you make requires a Social Security number. It’s a widely-used source of identity verification, so if it’s compromised, you’re in trouble.  Back in 2011, the Social Security Administration began randomly assigning SSNs. On one hand, this removed the geographical significance of each number, increasing privacy. But on the other, it makes it more difficult for financial institutions to catch fraudsters because their SSNs can’t be used to determine a state of origin.
• Massive PII exposure: The exposure of personally identifiable information is at an all time high. From data breaches to people-search sites, hundreds of millions of sensitive records are just waiting to be exploited by fraudsters. Combined with social engineering, fraudsters can use PII to access more sensitive information, like SSNs. Identity theft often begins by looking for the right target, so minimizing your personal information exposure online is an important step to preventing synthetic ID theft.
• Credit system faults: Gaps in the credit process can let fraudsters apply for credit at financial institutions with their synthetic identities. Even if institutions reject these identities, their rejections can be leveraged as “proof” of existence in future attempts with other financial institutions.