What is Synthetic Identity Theft?

By |2019-10-24T21:08:31+00:00October 23rd, 2019|

Protect yourself and your family

Identity thieves and fraudsters consistently innovate and adapt to new security measures when it comes to their crimes. One of the more modern cons, known as synthetic identity theft, is high on the list of concerns for legislators and financial institutions alike.

Any demographic could be vulnerable to this form of fraud, but children are particularly at risk for synthetic ID fraud.

What is synthetic identity theft?

Rather than hijacking someone’s finances or opening phony accounts in their name, synthetic identity thieves take bits and pieces of personal information and create an entirely new, fictitious identity: a synthetic identity.

Thieves won’t need to steal your entire identity, only pieces of it. This mix of real and fake information is all criminals need to trick the financial system. Synthetic identities are generally used for financial gain, but they also can be used to commit medical identity fraud, file fraudulent tax returns, or obtain employment.

These new fake identities, sometimes called “Frankenstein identities,”  include information that appears valid but can’t be traced back to any one individual. Authorities will waste valuable resources trying to find a person who doesn’t exist, which gives identity thieves plenty of time to get away with the crime.

How does synthetic identity theft work?

Sometimes the thieves are just individuals but, in many cases, an entire enterprise is involved behind the scenes – and they might spend years using your information fraudulently. These criminals will spend long periods of time establishing a good credit record with the fake identity to maximize the amount they can borrow before they make off with goods or cash.

Whether thieves obtain your information because of a data breach or a phishing scam, an identity fraud first gains access to a legitimate Social Security number (SSN). They’ll then combine it with your falsified or elsewhere stolen PII. This could include a name, birth date, address, or any other phony information necessary to fly under the radar. Then, they’ll be able to apply for credit cards and loans without triggering any red flags.

Even if their application is initially rejected, a paper trail of this fake “person” is created. It is then possible for an accomplice to add the synthetic identity as an authorized user to one of their credit accounts, allowing the fake persona to build a credit file with a real credit score in order to apply for credit lines of their own in the future.

A real SSN is often all thieves need to commit synthetic identity theft.

Financial institutions rely heavily on a SSN confirmation process, which validates the SSN without matching it to a name. Often, synthetic identity thieves use a SSN that is valid, but not necessarily the name and other info that actually matches it.

Another way that thieves exploit a synthetic identity is by faking that they’ve been impacted by identity theft themselves. They’ll go through the entire identity theft recovery process to clean the slate of their synthetic identity – only to steal even more money before walking away from the account.

Since the identity can’t be traced back to one individual, the financial institution has little to no recourse when it comes to recovering their stolen funds.

Who is vulnerable to synthetic identity theft?

If you’ve ever been the victim of a data breach, it’s likely that your SSN is already available to thieves. Adults and children alike are vulnerable, but children born after 2011 are the most likely to be impacted by new theft.

There are two main reasons for this:

  1. Children have a blank slate when it comes to credit, and parents aren’t likely to check on it until their kids are old enough to open a bank account.
  2. SSN randomization made SSNs harder to guess but impossible to validate.

Before 2011, SSNs were assigned by geographic area, group number, and age. After 2011, randomized SSNs were harder to guess but impossible for case managers to validate. This change was made to help combat identity theft and accommodate more 9-digit SSNs to future people who would need one.

The new SSNs are more difficult to guess. Without a sound logic, it’s nearly impossible for criminals to guess someone’s SSN based off other information about them.

Unfortunately, it’s now nearly impossible for risk managers to determine if the SSNs they receive on applications are legitimate to the individual on the application.

On older SSNs, public information could be used by risk managers to find out whether a SSN in question was really issued or not. If they received fraudulent applications with falsified SSNs that fell into the unissued category, alarms bells would sound, and they’d immediately investigate further. Now, criminals can use randomized SSNs of their own, and some may have been or will be issued to children who won’t discover the fraud for years to come.

How to Protect Yourself

Monitoring your credit and identity is essential. A credit and identity protection service can provide you with alerts when you SSN is used, so you can act quickly if your personal information is at risk. With criminals coming up with new methods to target you and your loved ones, being on top of your credit and identity helps put you in control.