Synthetic Identity Theft: Definition, How It Occurs and How to Prevent it

Did you know one of the most common forms of identity theft is also one of the hardest to detect? Here’s everything you need to know about synthetic identity fraud.
Synthetic Identity Theft


According to
McKinsey,  synthetic identity theft is one of the fastest-growing forms of identity fraud that disproportionately targets children, the elderly, and the deceased. You might not hear about it very often, but it’s a form of fraud that can have lifelong consequences. In this guide, we’re going to discuss what synthetic identity theft is, how it works, and how you can prevent it from entering both your life and the lives of your family.

Quick Overview

What is Synthetic Identity Theft?

Synthetic identity fraud occurs when fraudsters use false information (such as fake names) in combination with real information (such as a child’s Social Security number) to invent a fraudulent identity. Fraudsters can use these new identities to open up credit accounts, live or work in the United States, or qualify for benefits. 

Related: How Do I Find Out if Someone is Using My Social Security Number?

Synthetic Identity Theft in Facts and Figures

Fact 1: Synthetic identity theft is hard to detect hence attractive to cyber criminals
Due to the nature of this form of fraud, it’s difficult to know how common synthetic identity theft cases are in the United States. After all, synthetic fraudsters can go years without being caught. Despite being underreported, the Federal Reserve still believes synthetic identity theft can be classified as the fastest-growing financial crime in the US, costing targeted individuals $15,000 on average.

Fact 2: Children are most affected
The Social Security numbers of children are fifty times more likely to be targeted than the Social Security numbers of adults, according to a report by researchers from Carnegie Mellon University. A report by Javelin also found that around one million children were reported as victims of identity fraud in 2017.

Fact 3: Other at-risk populations include the elderly, the homeless, and the recently deceased
Perhaps you’ve noticed a pattern here – they are all people with limited to non-existent abilities to monitor their credit reports and account statements. This lets fraudsters commit their crimes for years, ensuring that they can get as much money out of the synthetic identity as possible.

How Synthetic Identity Fraud Differs from True-Name Identity Theft

It’s helpful to differentiate synthetic identity theft from true-name identity theft based on the information used and the pattern of criminal behavior involved:

Synthetic Identity TheftTraditional Identity Theft
Information involvedFalse details combined with bits
of true information
Credible information stolen from real people
Typical crime patternA bad actor combines fake and often real details to build a credit history under new synthetic identityA bad actor pretends to be another real person to get access to their credit


Of note:
these crimes are not mutually exclusive; synthetic identity fraud could turn into true-name identity theft if, for instance, a fraudster is arrested and gives out your information, thus comming a crime known as criminal identity theft.

As we mentioned above, synthetic identity theft is much harder to track due to the nature of this form of fraud. Normally, financial institutions can’t even spot it until the fraudster commits his or her final crime, maxing out all open lines of credit before abandoning the identity.

Does that mean that the consequences of synthetic identity fraud aren’t tied to the victims? Far from it. While fraudsters do tend to build up a victim’s credit score, that’s just so they can steal as much money as possible from fraudulent lines of credit. This leaves the victim, who may not be old enough (or, on the contrary, too old) to understand what has happened, left to clean up the pieces.

Types of Synthetic Identities and How They’re Used

Generally speaking, there are three different types of synthetic identity theft methods that fraudsters can use:

  1. Identity Fabrication: The first method is to completely fabricate an identity with no ties to a real person. This type of synthetic identity, often referred to as identity fabrication, isn’t associated with any real personally identifiable information (PII).
  2. Identity Manipulation: The second method of synthetic identity theft is to use identity manipulation. This involves slightly modifying the PII from a real person to create a new identity and then falsifying the rest.
  3. Identity Compilation: Finally, the third method is to use identity compilation. This involves combining significant real and false PII to form a new identity. This lets the fraudster commit financial crimes under the guise of being a “real” person.

Synthetic identities are very often used for nefarious activities: 

  • Stealing money or benefits: this impacts banks and businesses most in the form of credit card fraud.
  • Identity fraud for work or residency: a seemingly harmless activity where a fake identity is formed in order to live or work in the U.S.
  • Identity fraud for credit repair: the perpetrator uses their real name and someone else’s taintless Social Security number to create an alternate credit history. Very often this process involves “piggybacking” where a fraudster is added on someone else’s real account for a fee in order to boost their credit score. 

How Does Synthetic Identity Theft Work?

For a cyber criminal to pull off synthetic identity fraud, they normally need one of two pieces of information: a Social Security number or Credit Privacy Numbers (CPNs). These are the “home run” numbers that fraudsters can use to quickly open up lines of credit and begin their attack. 

Now, let’s delve into the typical synthetic identity theft scenario. Here are the main steps it can involve:

  • Synthesizing an identity: At this stage, the criminal steals the SSN from someone, creates a bogus name and combines real and false information to form a new identity. This might start by shopping for information on the dark web or buying it from people- search sites. As we saw earlier, the Social Security numbers of children are fifty times more likely to be used for synthetic identity fraud than the Social Security number of adults. This is because these numbers tend not to be included in credit report databases. By connecting these numbers to false information (such as name, birth date, and address), the thief can commit more serious crimes involving stealing funds from banks, facilitating drug and human trafficking and even funding terrorism. 
  • Starting a credit file for the new identity: Once the identity is ready, the fraudster can apply for a credit card – most probably unsuccessfully the first time. This failed attempt is not all in vain as it creates a record for the fraudulent person and enables them to build a fake, but realistic, credit history. 
  • Establishing and improving credit — then cashing out: Now that they have an open credit line, the fraudster can slowly build up a positive credit score, raising the maximum credit limit until they feel ready to put their exit strategy in action. At that time, they will max out all of the credit cards available, and then vanish without paying off the bills.
  • Facing the consequences: Imagine you are a victim, that very child whose SSN has been stolen. Years have passed and you apply for a credit card or your first student loan and as your application gets rejected you find out that your SSN has been criminally misused for years as part of a fake identity. The time and effort it will take to clean up the mess? A very frightening perspective. 

Factors Contributing to the Rise of Synthetic Identity Fraud

Why are fraudsters increasingly turning to synthetic identity theft? it’s never been easier to commit — and get away with. Here’s why:

  • Universal use of SSNs: Just about every major financial decision you make requires a Social Security number. It’s a widely-used source of identity verification, so if it’s compromised, you’re in trouble.  Back in 2011, the Social Security Administration began randomly assigning SSNs. On one hand, this removed the geographical significance of each number, increasing privacy. But on the other, it makes it more difficult for financial institutions to catch fraudsters because their SSNs can’t be used to determine a state of origin.
  • Massive PII exposure: The exposure of personally identifiable information is at an all time high. From data breaches to people-search sites, hundreds of millions of sensitive records are just waiting to be exploited by fraudsters. Combined with social engineering, fraudsters can use PII to access more sensitive information, like SSNs. Identity theft often begins by looking for the right target, so minimizing your personal information exposure online is an important step to preventing synthetic ID theft.
  • Credit system faults: Gaps in the credit process can let fraudsters apply for credit at financial institutions with their synthetic identities. Even if institutions reject these identities, their rejections can be leveraged as “proof” of existence in future attempts with other financial institutions.

How to Prevent Synthetic Identity Theft

The key to avoiding this particularly stealthy form of identity fraud is to minimize  the online exposure of your information as much as possible so that it doesn’t get into the hands of fraudsters in the first place. Here are the basic things you can do:

  • Opt Out of People-Search Sites: People-search sites aggregate public record information on individuals into one easy-to-find profile. These profiles can be viewed or purchased by anyone. As you can imagine, people-search engines are a major tool in the modern fraudster’s toolbelt. From scouting potential victims to purchasing reports filled with sensitive information, these sites are often the first step toward identity theft. That’s why removing your personal details from them is essential if you want to maintain your online privacy. You can use our OneRep privacy tool to scrub your information from the internet automatically. Otherwise, you’ll need to manually remove it by yourself. This is a tedious process, but with enough persistence and some free time, it can be done. We’ve created these DIY opt-out guides to help you along the way.

     

  • Think Twice Before Giving Out Your SSN: There are very few reasons why your family’s Social Security numbers or sensitive information should ever be given out. Beyond entering information into verified government websites or financial institutions, always minimize your exposure and keep the number to yourself. Likewise, secure all physical documents behind lock-and-key.

     

  • Safeguard Your PII: Understanding and practicing modern online security is a must. With some forethought, you can cut down a lot of personal information exposure. Your good practices here would be:

     

    1. strengthening your online security by keeping your passwords randomized
    2. enabling two-factor authentication on your accounts
    3. social media hygiene of never oversharing personal information
    4. being wary of latest SSN fraud, phone scams and other social engineering attempts. 

By doing all of the above, and more, consistently, you can keep your information secure without denying yourself the joys of the internet.

FAQ About Synthetic Identity Theft

How can you identify a fake identity?

Fake identities are very difficult to identify until it’s too late. Your best chance of catching a fraudster early is monitoring you and your loved ones’ credit reports and financial statements thoroughly.

Can someone use a child’s Social Security number for credit?

Yes. Children’s Social Security numbers are often targeted by fraudsters because they can go years without being noticed.

Can someone use a Social Security number with a different name?

Yes. Synthetic identity fraud involves combining real information with false information to misuse another person’s SSN. In this way, two people could be using the same SSN.

Can a person have two Social security numbers?

No. Legally speaking, individuals are only allowed to have one Social Security number.

How can banks do a better job at fighting synthetic identities?

Banks need to adopt policies that will encourage early fraud detection. This can be done by looking for suspicious behaviors, fleshing out verification and authentication practices, and utilizing more extensive documentation and biometric scanning procedures.

Let’s Wrap It Up…

While the consequences of synthetic ID theft can be severe, you can be proactive in safeguarding your online  identity and the identities of your loved ones. Start building your privacy by viewing OneRep plans here and try our privacy protection tool for free to remove your personal information from 196 people-search sites.

 
Iryna Slabodchykava

Content Strategy Manager at OneRep | LinkedIn