Facts:
According to the FTC, synthetic identity fraud is the fastest-growing form of identity theft in the U.S.
Synthetic identity fraud occurs when, rather than stealing an identity, a criminal invents one. This is sometimes referred to as “Frankenstein fraud.”
The criminal then spends years building up credit under his fake alias.
Eventually, once this fake person reaches an 800 credit score, he can use it to fool lenders into giving him multiple high-limit credit cards and unsecured loans.
One estimate from Auriemma Insights puts the losses at around $6 billion annually.
A Cautionary Tale
It started out like any other online loan.
Notre Dame Federal Credit Union reviewed the application — completing their usual background checks and authenticating the applicant’s credit score. Everything looked to be in order, so the application was approved and the money transferred. Just another day at the office.
It wasn’t until months later, when the borrower abruptly stopped making payments, that the lender started to suspect foul play. By the time compliance officers at the credit union connected the dots, they realized that the applicant didn’t, in fact, exist — resulting in a $200,000 loss for the firm.
The Larger Scheme At Play
This isn’t the first time something like this has happened, which begs the question: how do you catch a thief who doesn’t exist? That’s the problem facing investigators of synthetic identity fraud.
Synthetic identity fraud v.: a form of identity theft in which criminals combine pieces of real personal data with fake information to create an entirely new identity — one that’s almost impossible to trace.
Unlike traditional identity fraud — where someone steals and misuses a person’s actual identity — perpetrators of synthetic identity fraud only need a single piece of legitimate data to create their new aliases. For example, someone may have a real “shippable” address and a valid-looking social security number, but further digging would reveal that the SSN, name, and date of birth combination do not match with any one person.
Source: ID Analytics
Using these fabricated credentials, con artists can open lines of credit or intercept tax returns, among a plethora of other things.
A major contributing factor to the rise of Frankenstein fraud is the issuance of randomized social security numbers, which went into effect back in 2011. While this new approach was meant to better protect the public going forward, it has created an unintended side effect: fraud detection systems have a difficult time identifying fictitious SSNs.
How It Works
To commit synthetic identity fraud, fraudsters often start by stealing legitimate social security numbers from people who aren’t using their credit. This could be a child, a homeless person, or a recently deceased individual. From there, they can create bogus addresses, phone numbers, and social media accounts to make the new identity more convincing.
However, not all synthetic identities are created equally. What method the fraudster uses determines how long he can go undetected, as well as how much financial harm he can do.
These methods fall into two categories: manipulated synthetics and manufactured synthetics.
Manipulated Synthetics are based on real identities, but with a few small changes. Individuals with bad credit histories may use this method to gain access to various lines of credit, which they may or may not intend to repay. Manipulated identities are easier to detect, as they often collide with the real identities they are based on and, therefore, do not pass validity checks.
Manufactured Synthetics were originally created out of valid pieces of data assembled from multiple identities. More recently, however, fraudsters have been able to choose from the same range of numbers that the Social Security Administration uses to randomly issue SSNs. Because the personal identifying information they use to create the account does not belong to any known consumers, manufactured synthetics are difficult to identify with existing techniques.
In either case, once the new alias has been established, the real fraud can begin:
Using these synthetic identities, thieves begin applying for credit online. The problem is, their aliases don’t have any credit history attached to their names. However, fraudsters know that they can start a credit history simply by applying for credit. After X amount of denied applications, a lender will eventually decide to take a risk and extend a small line of credit (somewhere in the range of $500 to $1,000.)
Now the fraudster is “in”. He proceeds to make a series of minor purchases over the next several months, paying off the balance to up his credit rating.
It doesn’t take long before he starts to qualify for higher lines of credit. Once this happens, the fraudster accepts these offers and repeats the process.
Over the course of a year or two, while he’s building up his credit (often with dozens of manufactured identities), the fraudster will also take advantage of other opportunities. These can include taking out auto loans, filing claims against his alias’ health insurance, or benefitting from various government programs.
When his credit limit grows large enough, — let’s say in the $10,000 to $15,000 range — it’s time for the thief to strike. He’ll take out five-figure loans, max out all of his cards, and disappear into thin air.
Afterwards, the individual whose social security number was used is left with their credit score in ruins and the lenders are out tens of thousands of dollars. As for the fraudster, he gets to skip away scot-free and repeat the whole process with his next set of synthetic identities.
Take Steps to Protect Yourself
All of this may leave you wondering: is there anything you can do to protect yourself? While the nature of these crimes makes them difficult to detect, there are a few preventative measures you can take:
For starters, keep your social security card and other sensitive documents safe and secure. Before throwing away any documents containing your personal information, be sure to shred them. The same goes for bank account, credit card, and tax statements.
Next, beware of phishing attempts that trick you into sharing your SSN. These can happen by phone, email, or text and they often come in the form of a “government agency” contacting you to verify your identity. Play it safe and check to be sure that the person on the other end is, in fact, legitimate before you take any action.
Because of the high number of data breaches that have occurred in recent years, it’s possible that your SSN and other personally identifying information is already out there for the taking. Therefore, it’s important to keep an eye out for any indication that this information is being used by bad actors:
Monitor your credit reports for any activity you don’t recognize. This can be done at AnnualCreditReport.com, where you’re allowed to access one free report each year from each of the three major credit agencies. This means that you can order a report from Experian, then one from TransUnion three months later, followed by Equifax three months after that. By accessing a different report every four months, you can track your activity, at no charge, at different points over the course of a year. If you discover anything suspicious, report it immediately and consider freezing your credit.
Review your annual social security statement. Synthetic identities can be used to obtain employment. Therefore, it’s possible that the fraudster’s income might show up on your statement — if your SSN was used. Make sure that the amount on your social security statement aligns with your current known income. If it doesn’t contact the Social Security Administration.
Watch your mail. Be on the lookout for any mail sent to your address in someone else’s name. This could be a sign that creditors are trying to reach the thief — and your home address may have been used to help create the synthetic identity that committed the theft.
Final Notes and Updates
The true danger of synthetic fraud is that there is no single identity used to commit all the defrauding. This may put your mind at ease, as a consumer. But keep in mind that, with traditional identity theft, the victim is the critical link used to detect and stop the fraud.
Therefore, without any specific victim to alert an organization to fraudulent activity, thieves can use synthetic identities to keep accounts open for months or even years. And the longer they can remain under one alias, the greater the losses are for the companies involved.
All of this is to say that synthetic identity theft is both difficult to track and quantify. And without a paper trail leading to a real person, the true victims of this fraud are the lenders and service providers who are left to absorb the high-frequency, high-dollar losses.
Useful Resources
To get your free credit report:
https://www.annualcreditreport.com/index.action
Toregister for credit freezes:
To get your social security statement:
https://www.ssa.gov/myaccount/statement.html
To contact the Social Security Administration:
https://www.ssa.gov/agency/contact
Editor’s Note: Have you been affected by fraud? Most people have, in some form or another. If you have a story you would like to share, we’re sure our readers would benefit from hearing it. Please send an email to editor@theconartist.pub detailing your experience, and we will be in touch. Your privacy and any wishes of anonymity will be respected.
Thanks for reading! If you haven’t already, consider joining our community to receive in-depth exposés on the latest scams, hoaxes, and other forms of fraud.