What is synthetic identity theft

But the phenomenon is spreading more and more in Europe too. A married couple arrested in August 2020 had stolen a total of 23 million euros in several EU countries. As part of a larger gang, the couple used synthetic identities for their scams. But what is it exactly?

Through data leaks, illegal data sales or upstream criminal activities such as phishing email campaigns, criminals succeed in gaining access to a large number of personal data. Unlike in the past, the fraudsters do not pick out a single identity. Instead, they combine parts of the various data sets into a completely imaginary but very believable identity. In some cases, the criminals also enrich these Frankenstein identities with fictitious data. The number of possible forged identities that can be created in this way is therefore almost infinite.

Once the perpetrators have found a vulnerable institution, they can easily expand their activities there - with the security of being able to act undisturbed for a long time. Because synthetic identities appear deceptively real due to their closeness to reality. Compared to previous forms of fraud with real identities, there is also no clear victim of identity theft who, for example, receives reminders and can thus discover the fraud.

The monster as a chameleon
The fight against synthetic identities is far more complicated than using this type of fraud. This can already be seen in comparison to the previous types of fraud, which are based on real data. A general distinction is made here between:

  • First-party fraud: Here criminals use their own identity (partially modified so as not to be caught) for their activities. This form of fraud can also be successful, as has been observed in the past.
  • Third-party fraud: This is where criminals use stolen records for their activities. While the identity of the perpetrators is not revealed in this case, they need many unique data sets for larger attacks. Since a real person can notice the identity theft, there is always the possibility that a fraudulent identity will quickly become unusable for the criminals.

A survey on LinkedIn last year clearly illustrated the complexity of the topic of synthetic identities: of 42 fraud experts, 40 percent saw them as a subgroup of first-party fraud, 31 percent as a subgroup of third-party fraud and 29 percent would have their own for synthetic identities Create a category. If the experts disagree even on the classification, identifying and fighting this type of fraud becomes more complicated.

This problem is already evident in the resounding success of the relatively new fraud scheme: Because synthetic identity fraud usually goes undetected for a long time. If a credit institution finds that no repayments are being made - because the borrower does not actually exist - the account is classified as criminal, the case is forwarded to the debt collection company and ultimately recorded as a bad debt loss. But until the point in time at which the lender realizes that the alleged customer is just a synthetic identity, it takes - and the money is long gone.

Digitization as a driver of fraud
The advancing digitization makes it even easier for criminals to adopt other identities. The more sophisticated these become, the more carefully banks have to be careful. How can one efficiently counteract the criminal activities surrounding synthetic identities?
An important point for this is the classification of claims. An understanding must be created that fraud is not the same as bad debt. Often fraud losses are still classified as bad debts because no precise classification is carried out. This can help to better understand future fraudulent identities, to protect oneself against it and it may save costly claims measures.

After distinguishing between fraud and credit default, it is important for banks to understand the fraudulent identity. The first contact is particularly important here: The analysis at the starting point is crucial in order to identify patterns and discrepancies and to observe or stop suspicious applicants. If, despite indications, there is insufficient evidence to classify an account as a fraud case at the application stage, it helps to flag the suspicious accounts. These can then be checked regularly for questionable movements, such as sudden changes in user behavior, changes to the postal address or early payment arrears. In this way, fraud is contained without restricting real customers' access to your own services.

Identify sleepers on existing accounts
But not only new customers need to be checked. If, for example, a new account with a potential risk of fraud has been opened, this data record can be used to compare existing accounts with it. Are similar data used? Are there activities that are repetitive? This way, insights from new activities can be used to identify sleepers on existing accounts.

Data analysis tools and solutions help with all of these steps in the fight against synthetic identities. Various AI and machine learning models can be used to classify transactions and data that appear very realistic at first glance. This 360-degree view of the entire customer lifecycle helps to identify fraudulent activities quickly - preferably before fraudulent losses occur.

Strong identity verification measures can also be implemented in the digital world: modern face recognition, which determines whether the user is really sitting in front of the camera, or digital document capture with hologram recognition and real-time confirmation help with identity authentication. This not only simplifies the work of the clerks. Customers also receive a digital contact point that is easy to use, but at the same time provides the security of a classic financial institution.

Scams are becoming more and more complex. Synthetic identities are just the latest evolution on the road to the perfect scam. With the necessary attention, however, this new method can also be discovered and combated. This can be done efficiently and resource-saving with the latest analysis tools.