Payments

Guarding Against Synthetic Identity Theft

Fraud False Positives_Blog Image

As much as we may prize authenticity, there’s a lot to be said for synthetic things. Synthetic fibers are durable and stretchy. Synthetic meat is better for the environment. And if you ask a fraudster, they might tell you that they prefer their identity theft victims to be synthetic, too.

Synthetic identity theft is a growing problem that solves one of the main challenges of traditional identity theft—namely, that the victim will figure out what’s going on and freeze their credit. How does synthetic identity theft work, and what should merchants do to protect themselves from the fraudulent schemes it enables?

  1. What is Synthetic Identity Theft?
  2. Why Would Fraudsters Prefer Synthetic Identities to Real Ones?
  3. How Can Merchants Protect Themselves from Synthetic Identity Theft Fraud?
  4. Conclusion

Old-school identity theft is rapidly becoming obsolete. According to the FTC, as much as 85% of all identity theft cases now involve synthetic identities.

BNPL E-Guide

From a consumer perspective, this may seem like a positive development—on the face of it, creating a fake identity would seem to be less potentially harmful than stealing an existing one.

However, synthetic identities are often cobbled together out of real people’s personal information, and synthetic identity theft is hardly a victimless crime—it just tends to shift the financial liability upstream, to the businesses who are initially fooled by the synthetic identity.

For the average retail merchant, synthetic identity theft may be less impactful than garden-variety credit card fraud, but they can still be targeted, victimized, and harmed by synthetic identity thieves and the scams they pull. The worst part is that it can be very difficult to tell whether or not a new customer account is a real person or a synthetic identity. The best chance you have of identifying synthetic identity theft and stopping it in the act is to learn as much as you can about how it works, why it’s a problem, and how to recognize its signs.

What is Synthetic Identity Theft?

On a basic level, identity theft describes any situation in which a perpetrator uses another individual’s personal identifying information to impersonate them for the purpose of committing fraud or some other illicit act. Under this definition, even basic credit card fraud counts as identity theft.

In a narrower sense, identity theft refers to crimes where the fraudster is using somebody else’s information to set up financial accounts under their name and identity, but controlled by the fraudster.

In a classic “bust-out” scam, a fraudster applies for a credit card account using a stolen identity, uses it normally for a while in order to build up a credit history and increase their spending limit, then maxes out the card and disappears. Ultimately, the victim may not be held financially liable for the charges run up under their name, but they have to deal with the stress and hassle of reporting the crime and getting their credit history corrected.

Synthetic identity theft works similarly, but instead of stealing a complete, existing identity, it creates a new identity out of modified or mismatched pieces of personal identifying information.

“Manipulated” synthetic identities start with a real person’s identity but modify certain elements in order to fork off a new identity with a fresh credit history, and “manufactured” synthetic identities are put together out of disparate elements—for example, a manufactured synthetic identity might use one person’s social security number, a second person’s name, and a third person’s shipping address.

Why Would Fraudsters Prefer Synthetic Identities to Real Ones?

The main advantage of synthetic identities over stolen ones is that synthetic identities can go undetected for longer, allowing the fraudster more time to reap the benefits of their illegal actions. By design, synthetic identities are difficult to connect back to specific real-world victims, which makes it less likely that anyone will notice and report the crime before massive amounts of charges are run up.

Synthetic identities are also harder for anti-fraud filters to detect. Real stolen identities may have obvious and glaring incongruities with the fraudster’s customer data (such as their device, IP address, and geolocation), but synthetic identities can be “made to order” and may not show as many fraud indicators, even when put under close scrutiny. 

How Can Merchants Protect Themselves from Synthetic Identity Theft Fraud?

Synthetic identity theft may show up in conjunction with credit card fraud, new account fraud, and other scams familiar to online retailers. The primary implication of the synthetic identity theft angle is that it may make these attacks harder for merchants to detect with normal methods.

When fraudsters make purchases with credit cards issued to synthetic identities, it can be very difficult for merchants to spot any red flags that would lead them to reject the transaction. While there may be no individual consumer victim who is entitled to dispute the charge, the issuing bank could try to initiate a chargeback on their own behalf. Merchants who find themselves in such circumstances should consult with their acquiring bank to determine the best course of action.

Merchants who offer financial services, reward programs, resalable digital goods, and other products that can be exploited by fraudsters should consider implementing Know Your Customer protocols. You don’t want to put up too many roadblocks for your actual customers, but if you’re a prime target for new account fraud, it’s worth looking into adding an identity verification layer to your registration process.

Conclusion

Synthetic identity theft represents the more sophisticated side of a problem that merchants deal with every day. Fraudsters don’t need stolen or synthetic identities in order to pass off stolen credit cards on their own, or engage in after-the-fact friendly fraud by disputing valid transactions.

Some merchants may benefit from taking precautions against new users showing up with unverifiable identities, but instead of trying to anticipate highly advanced schemes, the best way to keep fraud rates down is to build your defenses to address the attacks that you’re actually dealing with.

A close analysis of your chargeback data can reveal detailed information about where your fraud attacks are coming from, what tactics they employ, and which vulnerabilities they’re exploiting. With that information in hand, you can patch up the holes in your defenses and choose the right anti-fraud tools for your situation.

Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions, or requests for advice to: win@chargebackgurus.com

Chargebacks 101