Synthetic identity fraud—when fraudsters conjure up entirely new identities—results in massive losses and are some of the most difficult attacks to catch.
Synthetic identities look and may behave like your average customer, so the schemes in which they are used result in losses to banks that are often charged off as bad debt. Up to 20% of consumer credit charge-offs are related to SIF, according to some estimates. Figures are difficult to quantify; however, IDC Financial Insights conservatively estimates that SIF-linked charge-offs are north of $4 billion per year in the U.S.
Fraudsters create synthetic identities by combining a real Social Security number with a fake name, date of birth, and an address controlled by the fraudster. There are several ways in which the identity can be operationalized by the fraudster or organized crime group. The most basic and common use is establishing revolving credit lines and expanding the identity's credit profile over time, leading to an eventual "bust-out" scheme.
It's difficult to detect synthetic identities because they generally look and act like an average customer. However, identities associated with real people generate tremendous amounts of data reflecting patterns of how real people behave—it's our digital exhaust. In contrast, a synthetic identity, while controlled by a real person (aka fraudster), does not create the same depth, breadth, and complexity of data that a real person would.
The digital exhaust that true identities produce can be collected into a SIF data amalgam to create a synthetic identity risk model. The SIF data amalgam collects and analyzes hundreds of data points to determine that an identity is associated with a legitimate human being.
To effectively build a synthetic identity risk model, external data must be used to determine the validity of the identity elements provided at account application. The ideal synthetic identity risk model would amalgamate all the identity elements and behaviors over time to identify patterns representative of good identities. Outliers would be possible synthetic identities and subjected to increased identity validation checks.
A traditional rules-based fraud system will not be capable of detecting SIF. A combination of supervised and unsupervised machine learning algorithms must be implemented to process the data necessary to effectively segment good and bad identities.