What Is Synthetic Identity Fraud?

When constructing synthetic identities for fraud, the data used can be either verifiable or unverifiable. This evolving tactic suggests a need for adaptable security systems that can accurately verify identities while serving new customers.

In these situations, it is possible to have a minor component of original personal details, such as a Social Security number (SSN), co-occurring with created data components, for instance, names, addresses, or birth dates. The outcome can be a new identity not necessarily linked to a specific individual, highlighting the relevance of identity verification, data security, and ongoing monitoring.

The key difference lies in how identities are formed and detected. Traditional identity theft, characterized by the unauthorized use of a person’s identity, can sometimes be detected more quickly because unusual transactions on account statements may be noticed and reported.

In contrast, synthetic identity cases involve the creation of a new identity using a mix of real and fabricated information. Because these identities are built gradually, they may take longer to identify, which highlights the importance of ongoing monitoring and early identity protection, especially for individuals whose information may be less actively reviewed, such as minors.

•   Traditionnel: Use of an existing identity; typically easier to spot; clear and direct impact.
•   Synthetic: Involves building a new “persona” over time; detection may take longer; highlights the importance of proactive monitoring and early identity protection.
•   Objectif: Seeking out “dormant” SSNs, as these are less likely to raise an alarm.
•   Objectif: Build credit over a long period to make a large payoff at the end.

The formation of these fake characters can occur in two main ways: by manipulating existing identities or by manufacturing new ones.

•   Manufactured Identities: These identities are created by combining an unassigned Social Security number (SSN), such as those generated after Social Security Administration randomization changes in 2011, or one associated with a minor, with newly created details (such as a name and address). This highlights the importance of strong identity validation processes and safeguarding personal information from an early stage.
•   Manipulated Identities: This involves making small changes to existing personal information, such as adjusting an SSN digit or name spelling, to create what appears to be a new identity. This approach highlights the demand for precise data matching systems and continuous monitoring to detect subtle inconsistencies.

Building a synthetic identity follows a gradual, step-by-step process, highlighting the importance of consistent monitoring and long-term risk awareness in financial systems.

•   The Stitch: An identity is formed by combining a Social Security number (SSN), whether assigned (or randomized), with newly created personal details such as a name. This step emphasizes the necessity for strong identity verification at the point of application.
•       The Soft File: The rejection of an initial credit application does not preclude the possibility of a credit record being generated. This illustrates how early-stage data can establish a footprint, reinforcing the value of tracking and reviewing new or limited credit histories.
•     The Build-Up: Over time, the identity may be used responsibly to establish credibility and access to higher credit limits, which highlights why continuous behavior monitoring is essential.
•   The Bust-Out: At a later stage, available credit may be fully utilized in a short period. This underscores the importance of real-time alerts, spending pattern analysis, and proactive safeguards.

Detection efforts can be influenced by the shared characteristics observed in synthetic identities and certain “thin-file” customer profiles, for example, those belonging to students and new borrowers. This similarity suggests a potential area for organizations to adjust their detection methods beyond traditional automated filters.

Because the data elements (such as name, address, and SSN) may not directly match an existing individual who would report discrepancies, advanced analytics, behavioral monitoring, and cross-data validation become especially valuable in strengthening fraud prevention efforts.

Financial institutions and consumers may observe these indicators:

•   Multiple identities may be associated with the same SSN.
•   A credit record that starts suddenly with a high credit score.
•   Applications originating from the same location or IP address may exhibit randomized naming conventions.
•   Phone numbers and emails that lack a substantial digital footprint or have a history of only a few months may be considered for enhanced risk verification.