Synthetic identity theft

Synthetic identity theft

An expansion crime that threatens all companies.

Synthetic identity usurpation is one of the financial crimes that develops the fastest in the world.Facebook's attack in 2019 alone (2) has exposed personal data of almost 420 million accounts worldwide, or around 20% of 2.3 billion users.

The information obtained thanks to these data violations often end up for sale on marketplaces of the Dark Web.This is where fraudsters buy the data they need to perpetrate synthetic identity usurpations.

What is synthetic identity theft?

We are talking about synthetic identity usurpation when an ill -intentioned actor uses personal information from different individuals to create an authentic identity.A synthetic identity can consist of real and false personal information.Personal information used by such a crook may include a name, an identity card number, a date of birth and a home address.

In order to form a new identity, a fraudster can for example use a stolen identity card number combined with the personal information of several people, such as the email address, the address of the home and the date of birth.When the attributes are combined, identities may seem legitimate since certain parts of the whole are real.

1.Sophistication of fraudsters

First, fraudsters are sufficiently sophisticated and patients to make large -scale frauds.They will thus devote months, even years, to treat an identity in order to preserve its integrity and to establish the credibility.

In addition, synthetic identities are mainly made up of information from real people and often includes an official identification number that has been stolen.Fortunately for these fraudsters, some countries do not yet have an easy way to validate these unique identification numbers.

2.Undetectable fraud

It is very common for fraudsters to fly the national identity numbers of children.Since most children have no credit history, it is easy for a crook to use their identifier for years without being detected.

3.Deceptive behavior

A talented fraudster takes a particular care in creating synthetic identities in order to maintain a solid credit score.A fraudster from Singapore takes his time to build up a solid CBS credit score.His American counterpart, for his part, devotes months, even years, to build up a high Fico score.Never underestimate the work necessary to establish confidence and credibility!

Those who are at the top of the deception game often use automated tools such as bots to quickly create hundreds, even thousands, online accounts or to submit online requests.They even use devices of devices to reset devices of devices and imitate the behaviors of good consumers.Everything to escape detection!

4.Lack of experience

Fraud is nothing new.Unfortunately, traditional fraud tools, which have been designed to capture stolen identities, are not effective in solving synthetic identity problems.There are indeed fundamental differences between the way of stealing an identity and the way of committing synthetic identity fraud.Here are the characteristics:

Data inconsistency:

Identity elements that do not correspond to reality are strong signals both in stolen identities and in synthetic identities.However, given that they are manufactured, their value is higher in synthetic identities.

Le vol d’identité synthétique

Speed of fraud:

A fraudster who seeks to steal identities acts quickly and takes all the occasions that arise to him.On the other hand, a fraudster with synthetic identity takes its time to establish a profile.

Historical black lists of frauds:

Likewise, if the historical black lists have been moderate indicators of stolen identities, they are not strong indicators of synthetic fraud since identities have not been reported as "bad".

How do fraudsters use synthetic identities?

Fraud at the opening of account is one of the very common uses of synthetic identities.This is the starting point for a string of opportunities that only ask to be used: opening of a bank account to prepare loan requests or money laundering, creation of online accounts for transactionsfraudulent...Fraudsters use the system with creativity.

Bank and loans fraudsters often use synthetic identities for "à la carte fraud" or "torn off" frauds ".A fraudster or a network of fraudsters requires several credit cards or bank loans using one or more synthetic identities.Fraudsters incubate these accounts for months, sometimes years, in order to build a good image.As their image improves, they open as many credit lines as possible with different lenders.At the right time, fraudsters are unleashed and exhaust all credit lines at once or in a short time.For lenders, the accounts seem legitimate because they are in good standing and present an authentic appearance activity.

Marketplaces and e-commerce

Some fraudsters target marketplaces to commit triangular fraud.Triangular fraud is an elaborate ploy which involves three parts: a fraudster, a legitimate merchant and a slightly suspicious customer.First, the fraudster uses a false identity to open an account on a marketplace and create a showcase.Then, he bought products from legitimate merchants using stolen or obtained credit cards using synthetic identities.Finally, he sells these products on the marketplace.Buyers have no idea that they bought products from a fraudster practicing triangular fraud.Suppliers of fraudulent merchants are cornered by chargebacks because of the disability of credit cards.

Credit recovery services

Frauders sometimes defraud consumers through "credit recovery" companies.These disguised synthetic identity operations harm consumers who use it.They charge costs to "repair" the bad credit of a consumer.Instead of helping him improve his credit by legitimate means, fraudsters provide him with step -by -step instructions on how to commit identity theft.

Fighting synthetic identity theft

Let's be honest: if it was a game of chess, fraudsters would have three strokes ahead of their opponent!This is largely explained by national identification numbers, which are static identity attributes.Just like your date of birth, they do not change over time.

Since the identity card numbers can be purchased and stolen, they are vulnerable to fraud.Some banks and traders use risk assessment tools that apply rules -based algorithms to these static attributes, but this is not enough.

At Ekata, we consider digital identity as a complex set of attributes.Let's make an analogy with DNA.The identity of each of you can be traced from your DNA.You leave a trace of your DNA wherever you go.Anyone can examine this information and get a fairly precise idea of who you are without ever interacting with you in person.The same goes for digital identity.We explore the fundamental identity elements that we consider as the global standard in identity verification.Our identity validation processes involve working with dynamic identity attributes, which may change, but not very often: a name, a telephone number, an email address, an residence address and an IP address.

How to detect synthetic identities?

Since synthetic identities behave differently from the other types of stolen identities and that they are designed not to present an apparent risk, they are generally not detected by the historic black lists of fraud.However, an important aspect of these synthetic identities is that the attributes of data underlying each profile are inconsistent.The relationship between the name and email address or the name and telephone number of a synthetic identity, may only exist once, because these attributes are reused in other identities.This is precisely where the use and observation of dynamic attributes can help detect synthetic identities.

What are the most useful digital identity signals?

Unlike a static attribute such as an identity card number, which is specific to a country and is generally based on a single parameter, dynamic attributes are global and can rely on a large number of dynamic links, metadata, historicals and activity models to validate a profile.

In general, these attributes are used to verify legitimate identities and are relevant to assess synthetic identities.The difference is that the importance of each signal changes.

The link between identity elements has much more for synthetic identity elements.In metadata, examining the addresses history in relation to the duration of credit history is a very useful indicator, because the duration should be similar.Finally, the elements of behavior include many strong indicators.IP risk is particularly effective in detecting the origin and location of identity.In summary, these elements can help identify good customers in the file as well as high -risk customers who create synthetic identities.

Based on what a customer has entered an account, whether it is an account opening request or a transaction, the information provided (name, email, telephone number, address)can be evaluated.The results are based on a probabilistic risk assessment and can provide predictive signals for potential fraud.This approach validates dynamic attributes and the way they are linked.

The validation of an identity requires a multi-dimensional approach

Preventing fraudsters from taking advantage of your digital platform requires an identity validation approach on several levels.This implies designing a solution to prevention of fraud and validation of identity which includes everything, with a decision -making based on rules as well as on the machine learning.

A several level approach is generally made up of a combination of internal and external identity data.At least, rules are established to eliminate known frauds such as black lists.However, synthetic identities generally do not have the characteristics that would place them on a blacklist.In this case, a more sophisticated approach calling for algorithmic intelligence fear adding a level of security to help distinguish good from bad ones and identify potential fraudsters.

Platforms that adopt an informed and proactive approach in the fight against fraud and the treatment of fraud by synthetic identities can really take a big step forward in the fight against this specific type of fraudsters.

Conclusion

Companies around the world face the challenge of synthetic identity fraud.Not only are these synthetic identities real in many ways, but they are also real attributes of legitimate customers.In order to combat this group of fraudsters constantly increasing, companies must recognize the drawbacks and limits of a single assessment of static identity attributes.They must absolutely examine each customer, each transaction, through a multidimensional prism which is based on dynamic identity attributes and their mutual relationships.But this is not enough.They must also examine their fraud prevention solutions in place in order to ensure that there is no weakness that could be exploited by fraudsters.It looks like a chess game.What is your next blow?

After that ?

Let's lead the change!

About Ekata Ekata, leader in internationally recognized digital identity verification solutions and bought by Mastercard in 2021, allows companies that sell online worldwide to connect any interaction on their Human Being Site which'undertakes.The Ekata product range, popular and awarded international and continuously supplied by Ekata Identity Engine, is made up of two exclusive data assets: Ekata Identity Graph and Ekata Identity Network.It includes large -scale and low latency APIs as well as a Saas for Manual Fraud Examination, which already allow more than 2,000 companies and partners, such as Alipay, Equifax or Microsoft, to fight cyber fraudand offer their customers an inclusive and friction experience in more than 230 countries.

To find out more: https: // ekata.com |1.888.308.2549

Tags: