Synthetic Identity Fraud: Part One, Symptom Solutions are not Enough
In 2014 ID Analytics reported that the synthetic identity fraud rate increased by 100% over three years, based on new account application data from the financial services and wireless industries.¹ With no sign of slowing down, synthetic identity fraud has been a headliner in 2018—from the Wall Street Journal to Congress—all eyes are on this crime that costs enterprises, by some reports, billions of dollars annually.²
We have been tracking and researching synthetics for years and time is of the essence to address this insidious threat. Unfortunately, synthetic identity fraud manifests itself in multiple ways, which makes it difficult to define, monitor and prevent. This article is the first in a three-part series that will examine the different types of synthetic fraud and share insight regarding the development of an effective response to this evolving problem.
One form of synthetic fraud is manipulated synthetic identity. Manipulated synthetic identities are based on real identities, but limited changes are made to the individual’s social security number (SSN) and other personally identifiable information (PII). Often, the culprits are not career criminals but rather actual consumers typically with poor credit scores who are attempting to evade their subprime history to access credit or other services. Even though these new identities are often created without malicious intent, they can still pose a risk to lenders who don’t know the real identity and credit risk of the applicant.
The good news for enterprises is that manipulated identities can be detected. The key to identifying manipulated synthetics is that they often collide with the real identity they are augmenting and don’t pass validity checks. For example, John Doe filed for bankruptcy which will remain on his credit history for seven years. He decides to apply for a new home loan several years later. Knowing he has a blemish on his credit report he changes his SSN slightly, so the creditor will not connect him to the bankruptcy and potentially decline his loan request. Even though he alters his SSN, the combination of John’s real PII elements on the credit application will help uncover his real identity.
Consumers using Credit Privacy Numbers (CPNs) can often be identified in the same way. A CPN is a nine-digit identification number sometimes marketed by less-than-reputable credit repair agencies as a way for consumers to “refresh” their credit history. It is a myth that CPNs can be used instead of SSNs in credit applications. CPNs are not government-issued numbers and using a CPN as a substitute for an SSN is illegal.³ Often the intent of credit repair agencies who use CPNs is to scam consumers who are simply seeking help to access credit. If an individual uses a CPN in place of their SSN on a credit application, unless they have changed all their PII (e.g., address, phone, date of birth, etc.), the application will likely raise a red flag when the identity elements are shown to have a history of being used together in the past.
Manipulated synthetics only represent a portion of synthetic identity fraud. And while some of the symptoms can be uncovered and addressed, there is no cure for the unsolved problem—manufactured synthetic identities. Our next post will dive into the evolution of synthetic fraud from Frankenstein identities to entirely fictional identities and why solutions that only address the symptoms are not enough.
For an overview of synthetic identity fraud, download our infographic, The Rising Tide of Synthetic Identities. For more information about how ID Analytics helps enterprises target manipulated synthetics, visit our website.
Aaron Kline is the Vice President of Product Management at ID Analytics
2. Forbes, https://www.forbes.com/sites/alanmcintyre/2018/02/07/the-battle-against-synthetic-identity-fraud-is-just-beginning/#f233d744ca0b (accessed 6/11/2018).
3. AAA CreditGuide, www.crediful.com/credit-privacy-number-cpn/ (accessed July 26, 2018).