Introduction

A Synthetic Identity is created by mixing real and invented personal information to create a fictitious identity. Scammers can then use this fictitious identity to open bank accounts, apply for loans, or commit other types of financial fraud. Alarmingly, Mastercard® estimates that these tactics are behind a staggering $5B of fraud per annum.

But help is at hand. With the right measures in place, organizations can launch a robust security posture against this tricky and damaging fraud technique. Contact a Syniverse expert to learn more.

The premeditated evolution of a synthetic identity

With a mixture of fake and real personally identifiable information, the fictitious identity is ready to embark on its fraudulent journey. It evades security checkpoints that detect either completely fake or manipulated real identities by being a hybrid of each.

To bolster its disguise the synthetic identity “grows” itself. For example, bank and e-commerce accounts are set up to embolden authenticity. But key at this stage is to not commit any fraud. This is a long game. Building a seemingly genuine digital footprint is the platform to make it much easier to commit fraud further down the road.

The synthetic identity strike

New credit cards and bank accounts are created. Large value purchases are made on credit cards. Loans are taken out from the bank accounts, and the money is taken. In each case, there is no intention to pay back, and redress for the inflicted enterprise is complicated by the fact that the account owner is “synthetic.”

Other examples of synthetic identity fraud are the abuse of free trial periods and obtaining high-value chargebacks, whereby a fraudster disputes a charge that is fulfilled by the merchant.

Mobile telecom companies can also be targeted by handset and mobile money fraud. Handset fraud is where synthetic identities are used to obtain handsets on credit, which is never paid back, and the handsets are sold on for financial gain.

So, entities across various verticals are impacted: e-commerce players, financial institutions, and mobile network operators are primary examples.

How to protect against synthetic identity fraud

There are multiple layers of protection that can be used.

The simplest method is to validate that the mobile number is real and owned by the person, by sending an SMS OTP, or performing frictionless authentication for the phone number.

More in-depth protection can be achieved by using Right Party Verification to confirm that the identity information for the new account matches that on record with the mobile phone provider. In most countries the information held by mobile providers is more extensive and up to date than other sources.

Useful references

What is synthetic identity fraud and how does synthetic identity theft work?

News Flash: Identity Fraud “at a Tipping Point”

Interested in additional techniques to optimize your Mobile Identity and Authentication strategy? Check out our white paper, Cracking the Security Trilemma

Related posts
Why You Need Multi-Factor Authentication
Completing the Puzzle of Trusted Communications
What is Frictionless Authentication and Why You Should Use It
eSIMs and SIM Swap: Will eSIMs Make SIM Swap Fraud More Likely?
Why You Need an Omni-Channel Authentication Strategy
Beware The Iceberg of Trusted Communications