Too Much, Too Little, or Just Right: How to Spot the Signs of Synthetic Identity Fraud

Two dark blue silhouettes with puzzle pieces etched within facing each other amongst 1s and 0s

Synthetic identity fraud is a steadily growing risk that proves costly. The financial services industry has been hit hard, with institutions enduring $20 billion in synthetic identity losses. And with Forbes rating synthetic identity fraud as a top five cybersecurity trend to watch in 2022, it’s high time to address this threat.

Let’s dig into synthetic identity fraud, telltale signs to identify it, and how you (and your business) can detect and avoid this activity.

What Is Synthetic Identity Fraud?

Fraudsters create synthetic identities by piecing together personal information from multiple sources. These identities are a Frankenstein-like mixture of stolen or made-up Social Security Numbers combined with various addresses, names, phone numbers and a date of birth. Once they’ve created these synthetic identities, fraudsters can open new accounts, apply for credit, make big purchases, or do anything else that might establish these identities as real consumers.

It may take months or even years for a bad actor to build up their credit line based on the synthetic identity. Once they’ve reached a high enough credit limit to make large dollar purchases, they max out the credit line, stop making payments, and abandon the account. Enterprises become the victim as they attempt to recover funds in collections, only to find there is no one to contact for payment. The fraudster will move on to other synthetic identities to repeat this pattern. 

Organizations striving to increase legitimate account openings struggle to proactively detect indicators of synthetic identities which is critical to avoiding regulatory fines from excessive fraud and money laundering attacks.

Top Signs of Synthetic Identity Fraud

The key identifying synthetic identity fraud lies in all of the details fraudsters patch together to create their fake profiles. Here are key signs to look for to spot false identities:

Not enough information:
Just about everyone has appeared in one – or more likely – multiple data breaches at some point in their life. Analysis of SpyCloud’s data shows that the average person, if exposed in one data breach, will be included in 8-10 others, and 3-4 of those could be within a given year. These breaches expose, at minimum, an email address but often expose what criminals call “fullz” – a whole profile of personally identifiable information (PII) for an individual.

Financial institutions rely on historical evidence to validate that an account being opened or a credit application being submitted is legitimate in order to avoid potential financial losses. Uncirculated or newly created consumer emails that have never been exposed on the criminal underground can easily bypass fraud solutions with no negative history. But they should be flagged as suspicious with the potential to be part of a synthetic identity.

Too much information:
Consumers having multiple identifiers like several email addresses, a few past physical addresses, and an old phone number are not uncommon, and can be viewed as a part of a timeline of a digital identity’s lifecycle.

What causes concern is when someone can be associated with not just three email addresses but 30, and not just a mobile and home phone number but 10 phone numbers. This could be an indication that a criminal is using many different emails and burner phones, instead of a reasonable number of email addresses and phone numbers. Same goes for social security numbers (SSN) – an identifier that should be one constant number for an individual.

Too much (or inconsistent) information is just as suspicious as not enough when it comes to detecting constructed identities.

How SpyCloud Identity Risk Engine Detects Synthetic Identity Fraud

Synthetic identity fraud isn’t going anywhere and is on the rise. As criminal tactics continue to evolve, it remains one of the hardest types of fraud for organizations and their anti-fraud solutions to detect. SpyCloud Identity Risk Engine is designed to do exactly this.

What separates Identity Risk Engine from other solutions is that its user risk analysis is based on information that is not available anywhere else – data that otherwise only fraudsters have access to and share. SpyCloud rapidly recaptures data from the criminal underground, and then links billions of assets from data breaches, malware-infected devices, and other underground sources to individuals across their multiple online personas. This enables the solution to detect anomalies within a user’s information that indicate you’re dealing with a synthetic identity.

When used at entry points vulnerable to fraud in a customer account lifecycle, this API-delivered solution can be queried with as little input as an email address or phone number and provide actionable fraud risk assessments without revealing PII. The real-time or off-line/out-of-band delivery of the service delivers a risk score and is supported by reason codes, key risk indicators, and security behavioral information such as password reuse percentages, malware infections, unique counts of emails, phone numbers and name included in the digital identity, along with breach type, recency, and severity to aid in confidently distinguishing real consumers from bad actors.

Identity Risk Engine can serve as a complement to your control framework or can be built into an existing risk engine to help organizations illuminate stolen or constructed identities, as well as predict account takeover, detect malware-infected users, and defend against account new account fraud. SpyCloud helps you stay ahead of criminals, protecting your organization from avoidable, devastating fraudulent attacks that can stem from tactics including synthetic identity fraud.

Learn how you can use recaptured data to prevent synthetic identity fraud with SpyCloud Identity Risk Engine – request a demo today.

Transforming recaptured data to protect your business.