The technology crime wave is a story as old as crime. Prior to our everyday use of computers and the internet, fraud was committed face-to-face. Fraudsters were capable of gaining enough information about an individual to essentially start a new life with a new identity. With the advancement of technology, these criminals developed nefarious ways to utilize new tools to advance their fraudulent agendas.
The most recent example of the technology crime wave is the development of synthetic identity fraud. Never heard of it? Chances are neither have your local government agency or doctor’s office. According to the Federal Reserve, synthetic identity fraud is “a crime in which perpetrators combine fictitious and sometimes real information, such as SSNs and names, to create new identities to defraud financial institutions, government agencies or individuals.” It is essentially phishing, identity fraud, and social engineering taken to the next level. It is the fastest-growing financial crime in the United States and is primarily directed towards youth, elderly and the homeless. In fact, over 1 million children were victims in the year 2017 alone.
What makes this form of fraud different from traditional identity fraud is that real information is combined with fictitious information to create a new identity instead of assuming the one of the victim. The simple steps for generating a synthetic identity are as follows:
Purchase personally identifiable information such as a SSN from the dark web or a data breach.
Apply online for a credit card or benefits rewards program. Fraudsters apply for and open as much credit as they have access to, to build the persona of a real person.
Depending on their goal, the criminal will build history and good credit to increase the maximum amount of credit they are eligible for.
Eventually they reach a ceiling and will max out credit cards and/or bank accounts that they developed. Leaving the creditors on the hook with no one to pursue for payment or even inform of potential identity theft.
For example, the defrauder may take the social security number of a child he or she found from a data breach, combine it with a fictitious name and address to open bank accounts, credit cards, and even apply for government benefits. Since most parents never think to check their children’s credit history it can be decades before the victim realizes that their social security number has already been used to apply for government benefits or open lines of credit.
Who it happens to and how
Children, elderly, the homeless and the incarcerated all have something in common. They are the groups most likely to be targeted as a potential target for synthetic identity fraud because they rarely monitor their credit reports and/or do not have the means to do so. Part of the problem is that personally identifiable information (information that is unique to one individual such as a passport or bank account number) is shared more often than most are comfortable with. To illustrate, your doctor’s office, your mortgage company, your employer and bank all have your social security number, name, and birthday stored. All it takes is one breach or clumsy online activity for that information to be available to unintended recipients.
In fact, data breaches are on the rise. In 2017 Equifax was hacked, leading to the compromise of over 140 million customers’ personal data, which is still an ongoing matter. In the last decade both Marriott International and Target had cyber thieves steal data including guest numbers, contact information, and payment information. As breaches increase, it broadens the pool of potential victims of identity fraud. According to Javelin Strategy and Research, identity theft set a record in 2017 with 16.7 million American victims, which is approximately 1 in 15 people.
To make matters worse, sometimes we are our own worst enemy. Many password recovery options are personal questions such as: mother’s maiden name, model of first car, name of first employer, and where you attended high school. These questions can work well as a security measure, except for when the answers can easily be found by browsing a social medial profile. It is all too common to see people posting pictures of their driver’s license to celebrate getting their first car or sharing family lineage photos.
Another data privacy mistake is conducting financial activity over unsecured internet connections. Providing that information is great if it stays within a private circle of family and friends, but with weak privacy measures it becomes available to the internet at large. This is particularly worrying for children’s security, as they can have their whole life documented online, which makes it even easier for hackers to use to create a synthetic profile.
Moving forward and prevention
Consumer awareness — Part of the solution is raising awareness for the ever-growing issue of synthetic identity fraud. Encouraging the most vulnerable groups to freeze their credit can slow down access to fraudulently building credit in their name. Providing information on who to contact during a potential identity theft is the first step for victims. Websites such as usa.gov/identity-theft and identitytheft.gov are great resources.
Proactive approach — There is often a gap in between additional identity verification measures and actual implementation. Training government agencies and credit providers in the most modern forms of identity theft can discover and prevent false claims. For example, someone filing a tax return unusually early compared to past returns can be flagged as a suspicious tax return before the refund is issued. Or if an applicant is applying for an atypical amount of credit cards from various companies.
Big data — The biggest problem with this form of fraud is that previous gate-keeping tactics have been a weak defense. Current models do not flag up to 90% of synthetic identities. Previous data indicators such as speed of credit applications and past fraud association no longer work. The best current indicator is purchasing and payment behavior. Dishonest credit users frequently purchase one kind of item such as high-end electronics.
Criminals are using modern technology to commit fraud at new levels. It is up to consumers, advocacy groups, the government, and creditors to work together to detect and prevent synthetic identity theft. Be mindful of what information is shared online and remember to continuously monitor your credit reports.
Courtney Schenkel is a director with EFPR Group.