Synthetic identity theft is one of the fastest-growing fraud attacks in the United States of America. According to the recent white paper by The Federal Reserve, it has been found this type of fraud has cost the country’s lenders $6 billion in 2016. Apparently, 85%-95% of applicants identified as potential synthetic identities are not flagged by traditional fraud models.
What is synthetic identity theft?
Synthetic identity theft is a type of fraud where a fraudster creates a new identity to commit fraud in one or the other form. There are several ways to execute this attack:
Difference between traditional and synthetic identity frauds
Traditional identity fraud can be carried out in two ways:
Unlike the traditional, synthetic identity fraud involves fraudsters creating a whole new identity by combining real (usually stolen) and fake information. The fraudsters can use the identity to open fraudulent accounts and make fraudulent purchases.
What is its impact?
Synthetic identities can be used to deceive the government or corporate systems into thinking they are real people. This fraud attack can impact business entities across different sectors such as financial systems, healthcare industry, government entities, and individual consumers.
The fraudsters usually commit system identity fraud using PII stolen from previous data breaches. Between 2017 and 2018, the volume of PII exposed in data breaches was reported to be more than 446 million - which is an increase of 126% when compared to the previous year figures.
For many fraudsters, the process of launching a synthetic identity begins on the dark web, where they can purchase PII and other personal details.
How to prevent it?
Synthetic identity theft can be addressed by: