Fakers Gonna Fake: How to Detect and Prevent Synthetic Identity Fraud

Confirming the identity of an existing account holder or for a new account opening is an expensive responsibility looming over the financial sector. Without proper oversight and controls, it results in massive losses, regulatory fines, and the threat of reputational damage.

As fraudsters become increasingly savvy and their attacks become more sophisticated, financial services organizations are hard pressed to address fraud across the board. In their True Cost of Fraud Study, LexisNexis found that every $1 lost to fraud costs financial services $4, which underscores the fact that traditional verification and fraud detection measures just aren’t enough.

One of the biggest challenges for the financial sector is the need to balance efficiency and positive customer experiences for account opening, application submissions, money transfers, use of loyalty points, and more, all while seamlessly deflecting fraud. Notably, synthetic identity fraud is one that plagues financial institutions and is gaining momentum, with losses related to this specific type of activity expected to grow to $2.42 billion in 2023. 

Fraudsters are relentless in their use of stolen data to create these fake profiles, often crafting phony identities with personally identifiable information (PII) from children for mule accounts and money laundering. As this type of fraud becomes increasingly pervasive and fines for Know Your Customer (KYC) and Enhanced Due Diligence (EDD) can have significant impacts, it’s critical to find new ways to detect and prevent synthetic identities.

How Fraudsters Create Synthetic Identities

The darknet offers fraudsters a treasure trove of information that can be used to create synthetic identities. Let’s take a look at how this information gets into the hands of criminals:

Data breaches: Last year saw a significant increase in data breaches, with more than 1,800 breaches being publicly reported, up 68% from the previous year. These breaches exposed vast amounts of PII that made its way on to the criminal underground. How do we know? Because SpyCloud recaptured more than 13.8 billion PII assets in 2021, a whopping 200% increase from 4.6 billion the year before. Information from data breaches includes everything from national ID numbers to credit card information, billing and shipping addresses, dates of birth and more – which is the exact type of data frauders use to piece together fake personas.  

Malware: With 2.8 billion malware attacks in the first half of 2022, malware is becoming more prevalent and should be top of mind for fraud prevention teams. Malware amplifies risk exposure; when a customer’s device is infected, all of the data and activity on that system is at the fraudsters’ fingertips, enabling them to siphon PII, credentials, web session cookies and much more, which is used to commit fraud even after the device has been cleared of the infection. 

Consumer behavior: Unfortunately, consumers themselves unknowingly play a part in these schemes. A prime example is their poor cybersecurity practice of reusing passwords. According to SpyCloud analysis, 70% of breached passwords were still in use a year later, and with reused passwords being a leading vector for credential stuffing attacks, this practice puts financial institutions at risk for fraud losses. Further, consumers often conduct online transactions on devices that don’t have adequate security and lack awareness about the latest social engineering techniques, increasing the risk to themselves and the companies they do business with. 

Too Much or Too Little: How to Detect Synthetic Identities

Synthetic identity fraud often occurs at account opening, and victims or credit issuers typically don’t become aware of this type of scam until the account is sent to collections. Research shows that synthetic identities resulting from application fraud is the type of attack financial institutions are concerned about the most – with 52% of surveyed FIs expressing their worry about adequately detecting attacks and preventing losses stemming from these threats.

We’ve found two key signs to look for that will help spot synthetic identities:

Not enough information: With the amount of breaches that happen everyday, just about everyone has appeared in at least one breach at some point in their life, exposing identifying information that ends up on the criminal underground. As such, uncirculated or newly created consumer emails that have never been exposed should serve as a red flag for synthetic identities. However, they often pass fraud checks since financial institutions typically rely on historical evidence to validate the identity of someone opening a new account or applying for credit. With no negative history, these accounts easily bypass traditional fraud detection solutions when they should be flagged as suspicious. 

Too much information: It’s common for consumers to have multiple pieces of one type of PII aligned to their identity – perhaps a couple of personal email addresses, a handful of past physical addresses, and a few phone numbers could make up someone’s digital identity and history. What should be concerning is when someone has, for example, 25 email addresses and 15 phone numbers; you’re most likely dealing with a criminal using many different emails and virtual mobile numbers to create synthetic identities to perpetrate fraud. Another indicator of too much information to look out for is if someone appears to have multiple SSNs or National IDs – since each individual should only have one constant number for these types of identification, having more than one could be a sign of a synthetic identity.

The Role of Darknet Data in Preventing Synthetic Identities

In an attempt to help differentiate legitimate customers from criminals, financial institutions have layered identity verification and anti-fraud solutions into their security posture, but often miss the impacts that darknet-exposed data can have on fraud detection and prevention. Without visibility into stolen data circulating in the criminal underground, organizations will continue to be taken advantage of by fraudsters who are able to bypass traditional fraud solutions with synthetic identities.

The missing link to detecting digital identity fraud, including synthetic identities, is the ability to understand customers’ underground risk profiles. Armed with intelligence from the darknet such as breach data, stolen PII, and victim data siphoned by credential-stealing malware, financial institutions can be empowered to better detect and prevent fraud faster and more accurately. 

Exposed data can be used to check for criminals and synthetic identity fraud at every step of the financial customer journey, including account creation, login, account modification, money transfer, and credit card application. The ability to spot the signs of synthetic identities with data from the darknet can help financial institutions better detect transactions that may result in fraud. 

Fight Fraud with Recaptured Data

Ever-evolving and more sophisticated cyberattacks continue to challenge financial institutions’ ability to stay a step ahead. The abundance of cheap PII and stolen credentials on the darknet, coupled with the automation that fraudsters employ, makes online fraud a lucrative gig. And the skyrocketing number of data breaches creates a snowball effect that will keep exacerbating synthetic identities and new account fraud. 

But there is hope – by arming yourself with the same information fraudsters use, you can level the playing field against criminals to better detect and prevent not only synthetic identity fraud, but other forms of fraud as well. 

With October being Cybersecurity Awareness Month and International Fraud Week coming up in November, now is an ideal time to evaluate your security framework to ensure it includes recaptured data from the criminal underground to protect against fraud losses and close the gaps in financial fraud prevention.