Synthetic Identity Theft:
Three Ways Synthetic Identities Are Created
October 28, 2014 | By Steven D’AlfonsoShare
Synthetic identity theft is fraud that involves the use of a fictitious identity. Identity thieves create new identities using a combination of real and fabricated information, or sometimes entirely fictitious information. Fraudsters use this fictitious identity to obtain credit, open deposit accounts and obtain driver’s licenses and passports.
Typically, fraudsters will use a real Social Security number (SSN) and pair it with a name not associated with that number. Fraudsters seek SSNs that are not actively being used, such as those of children and the deceased. In some cases, an identity fraudster may create a completely fake identity with a phony SSN, name and address. This would be categorized as synthetic identity fraud since there is no theft involved. For the purposes of this article, synthetic identity theft or fraud will be treated as the same.
Why Is Synthetic Identity Theft Important?This type of theft has been emerging as a major fraud activity over the past five to seven years. The size of the synthetic identity theft business is estimated to be in the billions per year across North America. According to CBC, monthly case volumes are in the thousands as compared to five years ago, when they saw about 100 per month.The exponential growth of synthetic identity theft — and particularly its impact on children’s identities — will have distressing consequences for young individuals in the future. A study performed by Carnegie Mellon’s CyLab found that children’s SSNs are 51 times more likely to be used in a synthetic fraud scheme than those of adults for the population studied. While CyLab clearly stated its findings could not be extrapolated to the general population, the threat to children is evident.
Synthetic identity thieves target children’s SSNs because they are inactive and will generally remain unchecked for up to 18 years. Children generally have no public information associated with their SSN, making them a prime target. Unless a victimized minor’s parents are tipped off by a bill collector, the child begins receiving credit card offers in the mail or the child is denied a driver’s license or college loan, the fraud may not be discovered.The true impact of child identity theft, which has been increasing over the past 10 years, will be realized as the victimized youngsters approach college age, start applying for college aid or have difficulty getting their first jobs after high school when negative information appears in a company background screening.
How a Credit File Is Created
It’s important to understand how a credit file is created prior to delving into the ways in which cybercriminals manipulate the system to their advantage.Credit history is compiled and maintained by credit reporting agencies (CRAs) or credit bureaus. There are three major CRAs in the United States: Equifax, TransUnion and Experian. These agencies collect consumer credit history from credit card companies, banks, mortgage companies and other creditors to create an in-depth credit report.
Whenever a consumer completes an application for a credit card or loan of some type, all the application information is sent to the CRAs. CRAs gather the applicant’s personally identifiable information and determine whether a credit report exists. They also scour public records for financial information such as court records from bankruptcies and foreclosures. If no matches are found, the CRAs must keep a record of the inquiry by establishing a credit file. If a match is found, the credit file information is returned to the lender for it to make a credit decision.The key concept to understand is that any credit request submitted to a CRA will create a credit file if none existed prior to the request.
Every month, lending institutions and other creditors send updated consumer credit information to the CRAs. This information includes how much individual consumers owe and whether they make their payments on time.There are two kinds of inquiries: hard and soft. Hard inquiries are requests made by institutional creditors such as credit card companies, mortgage lenders, retail companies and landlords for rental applications. Soft inquiries are made by the consumer or by an employer as part of an employment background screening.
Negative events such as bankruptcies, foreclosures and charge-offs stay on credit reports for seven to 10 years, while positive events such as on-time mortgage payments, can stay on even longer.
There are three main ways in which identity fraudsters exploit the credit process to establish synthetic identities and execute frauds: apply for credit directly with a lender, use the authorized user provision of most credit card accounts or through a data-furnisher scheme.
Applying for Credit Fraudsters will create a synthetic ID and build a credit profile by directly applying for credit with a lender such as a credit card issuer. The initial application will be declined, but a new credit file will be established as a result.With the newly established credit file, the fraudster will then apply for credit with a credit card issuer. When the card company runs a credit inquiry, the CRA will return information to the card company that a profile does exist.
The profile will not have any credit history associated with it, though the fraudsters typically target card issuers that offer credit lines of $300 to $500 to applicants with no history.Armed with a new credit account, the fraudster will legitimately use the credit account and make payments to establish good history. The fraudster will leverage the positive credit history to obtain more credit cards, retail store credit accounts and car loans.The process is straightforward and easy to execute, but it is less favorable because of the time it takes to build a solid credit profile.