Synthetic IDs: Great For Fraudsters, Bad For Victims

Identity theft… without your full identity 

It’s called synthetic identity theft. Whether by a phishing scam, data breach, hack or physical theft, your information becomes compromised and falls into the wrong hands. Criminals use this stolen information to mix and match names, birthdays, Social Security numbers and addresses with other fabricated information to create synthetic IDs. Once the synthetic identity is made, criminals can make fraudulent charges to your bank account, open new lines of credit, order prescriptions and even commit crimes under your name. 

In 2014, the Federal Trade Commission (FTC) called synthetic identity theft “the fastest growing type of identity fraud in the United States.” Unlike “true name” identity theft, fraudsters only need to use certain pieces of your information — paired with the criminal’s own or fabricated information — to create a new, “synthetic” identity.

In the mind of a criminal, synthetic identity theft is the ideal way to steal your identity. It’s easy to commit, yet hard for victims to detect. By 2018, Equifax predicts that synthetic identity theft will cost the U.S $8 billion annually in credit card fraud losses alone.


Fraudsters favor synthetic identities

It is much easier for a criminal to fabricate an identity with just a few pieces of your information than it is to take on your entire identity. Criminals typically start with a stolen Social Security number, targeting victims who are less likely to notice the crime like children or the deceased.

Document fraud plays a key role in creating synthetic identities. Using public information and records available online, criminals can piece together enough information to request documents like death and birth certificates. With access to these key documents, identity thieves are equipped with the tools needed to obtain even more sensitive documents and eventually, build a catalog of documents to support the fake identity.

Federal Trade Commission

Alana Benson, author and document fraud expert, explains how criminals use document fraud to commit synthetic identity theft. Fraudsters often use public records to gather the basic information needed to request legal documents. Using “Heather” as an example identity, she discusses how criminals scan obituaries for the information needed to order the death certificates of their victims.
Benson notes that proof of identity involves a few verifying documents: official documents such as birth certificates and Social Security cards, as well as two items to prove residency (i.e. mail, utility bills, etc.) and proof of Social Security number (i.e. W-2 forms, bank statements, etc.).
Listen to this excerpt of Benson’s discussion as a guest speaker at the FTC’s Identity Theft: Planning for the Future 2017 presentation where she explains how easy it is for criminals to create supporting documents of a synthetic identity once a victim’s birth and death certificates have been obtained:
Full video: Federal Trade Commission 2017 

Evading traditional means of credit monitoring

By using only fragments of a victim’s information, criminals can misuse your information longer. If we look at how credit monitoring and credit freezes work, we can see how traditional protective measures aren’t always full proof in detecting synthetic identity theft.

Let’s say that your Social Security number was used to open fraudulent lines of credit. With true name identity theft, credit monitoring would detect the fraudulent activity and alert you immediately since it was opened in your name. The next step would be placing a credit freeze on your file, requiring further proof of identity to open future lines of credit.

Using a synthetic identity in this scenario tells a different tale. Opening a new line of credit with a synthetic identity would create a “sub-file” to your main credit file, as opposed to directly associated with it. Sub-files are treated as separate entities, only associated to a main credit file by a corresponding Social Security number — not a name. This often occurs (legitimately) in cases of legal name changes, most commonly after marriage. 

With synthetic identity theft, the fraudulent credit line is tied to the fake name, not your own. As a result, credit monitoring tools (that only look for unusual activity associated with the account holder’s name) would not detect it. But, when criminals misuse that credit, rack up thousands of dollars in debt and abandon the account, your credit will take a huge hit because the sub-file is still attached to you by your Social Security number.

What should you do?

Avoid falling victim to synthetic identity theft by following these tips:

  • Pull your credit reports on a regular basis. When requesting your credit files, be sure to ask for any sub-files as well.
  • Review your annual Social Security statement. Comparing your reported income to your actual earnings can help detect if your information has been used in the creation of a synthetic identity.
  • Never throw sensitive information in the trash. Always shred sensitive documents before disposing them, so criminals can’t dumpster dive for your information.
  • Be mindful of the information you provide online. Criminals often look to data dumps and other large pools of data from data breaches to create synthetic identities. Secure your online accounts to protect your information from hackers, and be on the lookout for phishing emails and social engineering tactics.

Continue following Fighting Identity Crimes to receive the latest data breach and scam news, as well as timely tips from our industry experts about protecting your sensitive information.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.

Leave a Comment.