Synthetic identity fraud explained

An emerging form of payment fraud is utilizing similar principles to defraud individuals and merchants of their hard-earned money. It’s called synthetic identity fraud.

Link to the author's page
Checkout.com
September 6, 2023
Link to the author's page
Synthetic identity fraud explained

We’re all familiar with the story of Frankenstein. When a mad scientist takes various body parts and reconstitutes them into a whole new being (who ends up going on a rampage, destroying lives and livelihoods).

Well, the movie may have come out in 1931, but – almost 100 years later – an emerging form of payment fraud is utilizing similar principles to defraud individuals and merchants of their hard-earned money. It’s called synthetic identity fraud.

Synthetic identity fraud losses were around $20 billion in 2020 – and, in a recent survey of organizations around the world, almost half (46%) had experienced it in the past year. Yet unlike some more traditional forms of cybercrime, synthetic identity fraud often has the biggest impact not on individuals, but on merchants – and it's projected to cost businesses almost $5 billion by 2024.

So, if the cost of payment fraud isn’t one your business is willing to swallow, read on. We’re explaining exactly what synthetic fraud is, how it impacts merchants, and – most pressingly – what you can do to safeguard your business’s brand, bottom line, and reputation from it.

What is synthetic identity fraud?

Synthetic identity fraud is when a cybercriminal uses aspects of a real person’s identity – typically a Social Security Number (SSN), or other personal details – is combined with falsified details to create a whole new (synthetic) identity. (They’re also called “Frankenstein identities”, which figures.)

The fraudster can then adopt this fake identity to commit any number of fraudulent activities online, including:

  • Making unauthorized purchases
  • Opening bank accounts
  • Applying for loans, credit cards, or other credit lines
  • Filing tax returns and claiming tax refunds
  • Obtaining medical care
  • Applying for unemployment benefits

How does synthetic identity fraud happen?

Synthetic identity fraud happens when a fraudster obtains – usually via the Dark Web – aspects of a real person’s identity, generally an SSN.

They then create a new identity around this SSN – fabricating, in essence, a whole new ‘person’ with a whole new date of birth, email address, phone number, and mailing address.

That said, synthetic identities don’t have to be built around an SSN alone. They can also be constructed around other aspects of a real person’s identity, and recombined in a way that they don’t necessarily match up to one individual’s profile alone.

A synthetic identity fraudster will often create many fake identities. With these, they gradually build up credit profiles – applying for credit cards and loans under them. To add a further semblance of normalcy and legitimacy, fraudsters engage in “layering” – making transactions between different accounts under their control to make it appear as if each identity is real.

These fraudsters also utilize a tactic called “piggybacking”: adding a fake identity to a credit profile that is already established to inherit the benefits of its strong credit history.

The fraudster’s goal? To establish a credit history under the synthetic identity’s name: gradually accessing higher credit limits and thus access to more money.

The cybercriminal keeps this up for as long as possible, before the activity crescendos with them maxing out the credit line or taking out the largest loan possible – a loan they have, of course, absolutely no intention of repaying.

What’s the difference between synthetic and traditional identity theft?

In traditional identity theft, fraudsters steal and use the complete, accurate personal information of a real individual. The fraudster essentially poses as this individual: masquerading as them online to commit unauthorized activity for personal gain.

Buy now, pay later (BNPL) fraud, for instance – which often involves a complete account takeover – involves traditional identity theft. 

In synthetic identity theft, the fraudster doesn’t pose as the individual. Instead, they harness aspects of their identity to create a new identity – using the fake identity’s real elements to add a sense of legitimacy to the identity.

One of the key distinctions between traditional and synthetic identity theft is how long it takes – and, in consequence, how easy it is to detect.

Traditional identity fraudsters tend to use stolen information immediately – taking advantage of the pilfered information to gain as much as they can as quickly as possible, before that identity’s real owner finds out and puts a stop to it. Victims of traditional identity fraud realize sooner that they’ve been targeted: as they’ll see new accounts being opened in their name, or pick up on unauthorized transactions in their online bank statements.

Synthetic identity fraudsters, however, play the long game. They build these fake identities up over time: applying for credit accounts and making smaller, more innocuous transactions to establish a credit history and grow it over time. This allows fraudsters to establish trust with lenders over weeks and months (often years) before engaging in larger illegitimate activities.

As for the victim of synthetic identity fraud, they often don’t realize they’ve been targeted – after all, the synthetic identity isn’t directly linked to their own. Many times, victims only become aware of the scam when the fraud becomes large-scale and significant – and creditors come knocking on their door demanding repayment of the loans taken out with their details.

How does synthetic identity fraud impact merchants?

When synthetic identity fraud occurs, it isn’t just the owners of the legitimate identities the fraudster has reappropriated who suffer – it's merchants, too.

The biggest impact? Chargebacks. Let’s use an example to explain.

Let’s say it’s time for a synthetic identity fraudster – having cultivated a fake identity for years and gained access to multiple credit cards, each with healthy limits – decides to cash in their chips and check out. How can they do this? By using those illegally obtained cards to make purchases (often for high-value goods, which they can later sell to convert to clean cash).

To do this, the fraudster needs a merchant – you. They make several purchases from your site which, after passing through your fraud detection setup, you accept payment for before shipping off the goods. It’ll only be later down the line – when the purchase is tracked down to an actual person – that you receive a chargeback.

When the issuing bank rules in favor of the cardholder in the ensuing credit card dispute, you’ll not only be out of pocket for the goods or services you provided – which will be refunded – but for an associated chargeback fee.

Worse still, some synthetic identity fraudsters “double dip” – claiming the product you delivered to them never arrived (when it did). This form of so-called ‘friendly’ fraud essentially leaves you triply frauded – losing out on the goods you shipped and the revenue for them, plus the chargeback fee.

And the impact of chargeback fraud isn’t just monetary. Fighting the credit card dispute that follows – if you choose to – is a time- and resource-intensive process. On top of this, too many chargebacks can leave you facing penalties from a dispute monitoring program: potentially meaning higher fees, or ultimately costing you your payment service provider.

To say the least, synthetic identity fraud is incredibly damaging for merchants.

So what can you do to stop it?

How to prevent synthetic identity fraud

Synthetic identity fraud is harder to prevent than more traditional forms of identity fraud.

But that doesn’t mean it isn’t preventable. Some of the strategies you can adopt to safeguard your business from synthetic identity fraud include:

  • Know Your Customer (KYC) checks: these require you to verify your customer’s identity before you allow them to open an account or engage in financial transactions with your business. These processes include biometric identity verification, document authentication, a risk assessment, and conducting thorough due diligence. KYC checks don’t just happen at the start of a financial relationship, either – but are an ongoing process of monitoring and maintenance.
  • Anti-Money Laundering (AML) monitoring: AML is a set of regulations and practices that help stop the integration of illicit funds into the legitimate financial system. These practices include analyzing transactions for suspicious anomalies (such as “layering”), changes in customer behavior (like changes in spending patterns or credit inquiries), and geographic and demographic inconsistencies. AML also includes link analysis – a way of joining the dots between seemingly unrelated accounts, transactions, or entities that could constitute a larger synthetic identity fraud scheme.
  • Machine learning: a form of artificial intelligence (AI), machine learning absorbs information about your past transactions (both the genuine ones, and the cases of known and suspected fraud) to make decisions about the data. Machine learning algorithms then use this knowledge, based on the real patterns and characteristics of those prior transactions, to detect and flag fraud going forward.

All these strategies require complex sets of data and the tools with which to interpret them – something not all businesses, especially small ones with limited budgets, have access to.

So is there a synthetic identity fraud solution that’s both effective and affordable?

Prevent synthetic identity fraud with Checkout.com

Some synthetic identity fraudsters might, perhaps, claim that it’s a victimless crime. That, since this form of fraud doesn’t steal a person’s whole identity – and instead cobbles together aspects of multiple, with fake details thrown in – there’s no one getting hurt.

Well, not only is this untrue (the real owners of these identities suffer from the bad credit histories associated with their details), but there’s another victim here – merchants.

Fortunately, there is something you can do to prevent the relentless war synthetic identity fraud wages with your business – and Checkout.com is here to help you fight that battle.

Our fraud detection solution helps you keep pace with synthetic identity fraud, as well as the other emerging types of online payment fraud cropping up. We’ll protect your payments, your business, your bottom line, and your reputation – through a range of rich fraud-fighting tools such as machine learning, dynamic risk rules, and powerful analytics.

We’ll work with you to fully customize your risk setup – creating a full, feature-rich fraud detection system that isn’t cookie-cutter, but tailored precisely to the specific pain points and goals of your business. And, through this, equip you with all the knowledge and technology you need to optimize and grow your fraud prevention suite – alongside your business.

Ready to get started? Reach out to our team today to learn more, or head to our Fraud Detection Pro page to explore how it can work for your online business.

Stay up-to-date

Get Checkout.com news in your inbox.

Back to top button
September 6, 2023 14:08
September 6, 2023 14:08