What is synthetic identity theft, and what does it involve?

Fraud is sadly all too common in our very world today. The increasing amount of personal data online has given rise to new forms, such as synthetic identity theft.

According to the Institute for Development and Research in Banking Technology, synthetic identity fraud is experiencing accelerated growth and has been established as the fastest-growing financial crime. The KnowledgeFlow Cybersafety Foundation also expresses that this fraud means over 80% of all identity fraud events today.

But before we dive into synthetic identity, it is key to comprehend the basic concept of identity fraud. In its simplest form, identity fraud involves misusing someone’s personal information without their consent. It can include stealing full name, National Insurance Number (NI number), email address, and other sensitive data.

What is synthetic identity theft? Concept of synthetic identity

Synthetic identity is a more advanced and subtle form of identity fraud. Instead of using a user’s information directly, cybercriminals create entirely new identities from fragments of real and fictitious data. It can combine names, dates of birth, phone numbers, and other information to build a fake identity that appears genuine at first glance.

Types of synthetic identity

There are several types of synthetic identities that fraudsters can create. Each has its specific features and purposes. Here are some of the most common types:

• Identities based on real stolen information: cyber criminals combine real data from different people to create a new identity. They may use names, NI numbers, and addresses from various sources.
• Merged identities: these are created by combining data from several real people. For instance, one person’s name, another individual’s address, and another user’s date of birth may be used. This type of identity is sometimes called Frankenstein because personal identification information (PII) from real people is mixed to create a fake one.
• Young identities: Fraudsters may build fake identities for minors because they are less likely to have an established credit history.

• Deceased persons’ identities: Data from passed-away individuals is often used to create synthetic identities, as when a person dies, their data is usually no longer monitored or updated.
• Fake student identities: these are used to apply for grants using forged information or a combination of real and fake data.
• Fake credit card identities: created using fictitious credit card numbers to make online purchases.
• Fake social media identities: criminals can create fake SSMM profiles using invented information or a combination of real and simulated data.

How is a synthetic identity created?

Before going into detail on how synthetic identity fraud or synthetic identity theft works, it is necessary to discuss the elements of personally identifiable information (PII) and the methods or processes depending on the type of information used to create the identity.

Elements of personally identifiable information (PII)

• Primary elements are personal data linked to the unique identity of an individual. These data elements include name, date of birth, Ni no, and other non-transferable government-issued data.
• Additional elements are extra data that help validate a user’s identity but do not establish the person’s identity. Address and telephone number are good examples of this.

Methods of creation

• Identity compilation: the most common way to create a synthetic identity is to obtain a person’s NI number. This number can be stolen or purchased on the dark web. Once got it, this number is combined with fabricated identification information.
• Identity manipulation: in the manipulation process, identifying information is stolen from a real person and slightly altered to impersonate a new one.
• Identity manufacturing: the PII does not correspond to real people, and even the national identity number has been randomly established.

How synthetic identity theft works

Creating and using a credible synthetic identity can be long and complex, as it thoroughly builds a new identity and credit profile. Next, we will explain the process from the step the information is collected until a crime is committed:

1. Data collection: criminals start by collecting pieces of real information from various sources to create the identity.
2. Creation of the synthetic identity: From the collected information, fraudsters combine this data to create a new identity. This identity may include a fake name, a manufactured date of birth and other details.
3. Linking the identity to a legitimate account: cyber criminals use this synthetic identity to open bank accounts and apply for credit cards, loans or other financial services. Often, the synthetic identity is “strengthened” over time by making regular payments and establishing an apparently legitimate credit history.
4. Commission of criminal activities: over time, cybercriminals can use this fake identity to carry out various illegal activities, including financial fraud. Since the synthetic identity is based on a combination of real and fictitious data, it can be extremely difficult for financial institutions to detect.

How to detect this type of fraud?

Behavioural patterns and defining features direction 

As mentioned above, one of the purposes of creating synthetic identities is to obtain a loan or credit. In this sense, banks can study the applicant, including a basic investigation of their life to detect inconsistencies. In other words, checking if they are registered in any city, holding a driver’s licence, and investigating if they have a family unit since such identities usually lack a family record book in public institutions such as the General Register Office.

On the other hand, criminals often apply to open accounts in several banks, so a high volume of applications could indicate fraud.

Synthetic identity detection with digital identity verification technology

Identity verification technology plays a crucial role in detecting synthetic identity fraud. Using advanced biometric authentication methods, such as facial recognition, unique and irreplicable features are analysed to confirm a person’s authenticity.

Furthermore, this technology examines identity documents, such as passports or ID cards, in real time, looking for possible irregularities or signs of forgery.

Anti-document fraud module

For this purpose, anti-fraud measures incorporate some controls that allow document-related validations to be performed. Some of the most relevant measures are the following:

• Content-based document verification: the validity of check digits, data correspondence between front and back, the integrity of two-dimensional codes and the presence of sample documents or specimens are analysed. 
• Document verification based on appearance analysis: possible physical tampering of the document concerning the reference model is detected, such as cuts, no distinctive elements, alteration of typefaces, etc.
• Document verification based on file analysis: an image frame analysis is carried out to find possible traces of digital editing.
• Document verification based on dynamic element analysis: some elements such as laser marks are analysed.

Biometric identity verification and additional measures

A low-intrusive biometric identity verification is performed once the document verification has been completed. Specifically, the technology performs an instant comparison between the selfie and the photo of the document, obtaining a facial correspondence index that is interpreted as the level of confidence between the two images to determine whether they correspond to the same person. 

Furthermore, the user’s behaviour during the verification process can be verified by analysing interaction patterns to detect discrepancies that could indicate fraud attempts. 

The technology can also integrate with external databases to verify the authenticity of the data provided. It can also check AML lists, comparing the information provided with identities known for fraud or suspicious activity.

Finally, in some cases, attributes of the device used to access the platform, such as IP address and location, could be analysed.

Liveness detection and synthetic identity theft

One of the most effective technical solutions to detect this type of fraud is including liveness detection in verification processes. This approach uses advanced biometric technologies to verify an individual’s liveness in real time, providing a robust defence against identity tampering and financial fraud.

Liveness detection is based on biometric recognition algorithms that analyse a person’s unique facial patterns, gestures or physical features to confirm their presence and authenticity at a given time. This process can be performed by capturing images or micro videos in real time, subjected to detailed analysis. Advanced image processing and machine learning techniques are used to ensure the accuracy and reliability of this process.

Integrating liveness detection into authentication and identity verification systems provides an additional layer of security essential in preventing synthetic identity fraud. This technology verifies that the individual is active and present during the transaction.

From a technical point of view, liveness detection is implemented through APIs and SDKs that ease integration with existing applications and systems. These resources allow organisations to customise and adapt the technology to their needs, ensuring a seamless and secure user experience.

Therefore, requiring real-time liveness during certain processes or transactions significantly reduces the possibility of fraudulently using a synthetic identity.

How to prevent synthetic identity crime?

Businesses and users should establish prevention and mitigation strategies that include some of the following measures:

• Monitoring financial reports: individuals should regularly monitor their bank accounts and bank movements for suspicious activity.
• Setting up security alerts: users can set up alerts on their accounts to receive notifications about unusual transactions.
• Identity verification with MobbScan: Businesses should implement robust KYC identity verification processes, including biometrics, to ensure customer legitimacy.
• Use of multi-factor authentication: Enterprises should offer the option to enable MFA to add a layer of security.
• Education and awareness: individuals and businesses should be updated about cyber criminals’ tactics and how to recognise early warning signs.
• Limit information shared on social networks: users should adjust the privacy settings on their profiles to limit the visibility of their data.

Feel free to contact us if you would like to implement an access control system using Mobbeel biometrics, a highly testing solution in the market.