TL,DR:
- Compromised passwords are exposed user credentials sourced from data breaches and malware that enable criminals to execute account takeovers or construct synthetic identities. If left unchecked, these stolen credentials lead to severe business impacts, including unrecoverable financial losses and regulatory fines from excessive fraud.
- Security teams must take immediate action by deploying API-driven risk analysis tools at vulnerable account entry points to evaluate key threat indicators like password reuse percentages and anomalous identity data.
- To prevent future credential compromises and associated fraud, organizations should integrate recaptured criminal underground data into their existing control frameworks to proactively detect malware-infected users and block malicious authentication attempts.
Synthetic identity fraud is a steadily growing risk that proves costly.
Let’s dig into synthetic identity fraud, telltale signs to identify it, and how you (and your business) can detect and avoid this activity.
What is synthetic identity fraud?
Fraudsters create synthetic identities by piecing together personal information from multiple sources. These identities are a Frankenstein-like mixture of stolen or made-up Social Security Numbers combined with various addresses, names, phone numbers and a date of birth. Once they’ve created these synthetic identities, fraudsters can open new accounts, apply for credit, make big purchases, or do anything else that might establish these identities as real consumers.
It may take months or even years for a bad actor to build up their credit line based on the synthetic identity. Once they’ve reached a high enough credit limit to make large dollar purchases, they max out the credit line, stop making payments, and abandon the account. Enterprises become the victim as they attempt to recover funds in collections, only to find there is no one to contact for payment. The fraudster will move on to other synthetic identities to repeat this pattern.
Organizations striving to increase legitimate account openings struggle to proactively detect indicators of synthetic identities which is critical to avoiding regulatory fines from excessive fraud and money laundering attacks.
Top signs of synthetic identity fraud
The key to identifying synthetic identity fraud lies in all of the details fraudsters patch together to create their fake profiles. Here are key signs to look for to spot false identities:
Not enough information: Just about everyone has appeared in one – or more likely – multiple data breaches at some point in their life. These breaches expose, at minimum, an email address but often expose what criminals call “fullz” – a whole profile of personally identifiable information (PII) for an individual.
Financial institutions rely on historical evidence to validate that an account being opened or a credit application being submitted is legitimate in order to avoid potential financial losses. Uncirculated or newly created consumer emails that have never been exposed on the criminal underground can easily bypass fraud solutions with no negative history. But they should be flagged as suspicious with the potential to be part of a synthetic identity.
Too much information: Consumers having multiple identifiers like several email addresses, a few past physical addresses, and an old phone number are not uncommon, and can be viewed as a part of a timeline of a digital identity’s lifecycle.
This could be an indication that a criminal is using many different emails and burner phones, instead of a reasonable number of email addresses and phone numbers. Same goes for social security numbers (SSN) – an identifier that should be one constant number for an individual.
Too much (or inconsistent) information is just as suspicious as not enough when it comes to detecting constructed identities.
How SpyCloud Identity Risk Engine detects synthetic identity fraud
Synthetic identity fraud isn’t going anywhere and is on the rise. As criminal tactics continue to evolve, it remains one of the hardest types of fraud for organizations and their anti-fraud solutions to detect. SpyCloud Identity Risk Engine is designed to do exactly this.
What separates Identity Risk Engine from other solutions is that its user risk analysis is based on information that is not available anywhere else – data that otherwise only fraudsters have access to and share. SpyCloud rapidly recaptures data from the criminal underground, and then links billions of assets from data breaches, malware-infected devices, and other underground sources to individuals across their multiple online personas. This enables the solution to detect anomalies within a user’s information that indicate you’re dealing with a synthetic identity.
When used at entry points vulnerable to fraud in a customer account lifecycle, this API-delivered solution can be queried with as little input as an email address or phone number and provide actionable fraud risk assessments without revealing PII. The real-time or off-line/out-of-band delivery of the service delivers a risk score and is supported by reason codes, key risk indicators, and security behavioral information such as password reuse percentages, malware infections, unique counts of emails, phone numbers and name included in the digital identity, along with breach type, recency, and severity to aid in confidently distinguishing real consumers from bad actors.
Identity Risk Engine can serve as a complement to your control framework or can be built into an existing risk engine to help organizations illuminate stolen or constructed identities, as well as predict account takeover, detect malware-infected users, and defend against account new account fraud. SpyCloud helps you stay ahead of criminals, protecting your organization from avoidable, devastating fraudulent attacks that can stem from tactics including synthetic identity fraud.
Learn how you can use recaptured data to prevent synthetic identity fraud with SpyCloud Identity Risk Engine – request a demo today.
SpyCloud recaptures stolen session cookies and OAuth tokens from criminal underground sources, alerting your team to compromised identities so you can quickly remediate.
Synthetic fraud FAQs
Two major red flags indicate synthetic identity fraud: too little information (newly created emails with no breach history) and too much information (multiple SSNs, excessive email addresses, or numerous burner phones associated with one identity). Financial institutions flag these anomalies because legitimate consumers typically have a moderate digital footprint with some breach exposure history.
Synthetic identities combine a real Social Security Number (often from a child or elderly person with no credit history) with fabricated information including a false name, date of birth, and fictitious address. Fraudsters build credit over months or years before maxing out credit lines and abandoning the account, leaving no real person to contact for payment recovery.
Detection requires analyzing data from the criminal underground to identify anomalies in user information, including password reuse patterns, malware infections, and unusual counts of emails or phone numbers linked to a single identity. API-driven risk analysis tools query this recaptured breach data using just an email address or phone number to deliver real-time risk scores and fraud indicators.
Check your credit report for searches from lenders you didn’t contact, addresses you never lived at, and loans or accounts you didn’t open. Children and elderly individuals with no credit history are common targets because their SSNs provide a clean slate for fraudsters to build synthetic identities over time.