Use Cases

Cognito Broadcast

Synthetic Identity Fraud

What is a synthetic identity?

A synthetic identity is a fake identity that combines real personal information, like a Social Security number, with fraudulent or fabricated information. Fraudsters create synthetic identities to pass identity verification checks when signing up for financial services, like bank accounts or loans.

Not all synthetic identities are created with the intention to defraud people or financial institutions. Sometimes, a real person without access to the required documentation or credit history creates a synthetic identity to apply for loans, open bank accounts, or similar, without the intent to defraud anyone, but simply because that's the only option available to them. Nonetheless, synthetic identities are still a financial crime, and not a legitimate solution.

Contrast this synthetic fraud with traditional identity theft, which typically involves identity thieves impersonating a real person using entirely real data.

Why are synthetic identities becoming more common?

Synthetic identities -- and synthetic ID fraud -- have become more common in recent years. While there are a few reasons for the increase, the tremendous amount of personally identifiable information (PII) data available on the dark web has made third-party synthetic ID fraud much easier.

What's more, after the Social Security Administration decided to randomize social security number assignments, anti-fraud systems that used algorithms based on the formula the SSA used to assign SSNs could no longer quickly spot fake SSNs. While the initiative was designed to help prevent traditional identity fraud by making the numbers less predictable, the move inadvertently made it more difficult for fraud detection systems to suss out fake identities.

Should I be concerned about synthetic identities?

No more or less than traditional identity theft. Synthetic identities are difficult for identity verification platforms to detect, and oftentimes, they are not used to defraud individuals (although they can be). In many cases, synthetic identities are used to defraud financial services platforms or an institution, rather than individual users.

Synthetic identities are of growing concern, in part, because they are difficult for platforms to find and prevent before a crime has occurred. In some cases, fraudsters may wait years - in the process, building up a legitimate financial history - before committing any kind of fraud.

An individuals credit history is, for the most part, built under the assumption of trust, provided by a credit reporting agency, and is only loosely regulated by the government. In the US, financial consumers typically need to rely on private companies to maintain their credit history, and should carefully monitor their credit score and run a yearly credit report.

How does someone create a synthetic identity?

Creating a synthetic identity involves combining real personally identifiable information with fake personal information. By using a mix of real and fake identity information, fraudsters can bypass some identity verification checks when signing up for an account with a financial institution.

Typically, people using synthetic identities to defraud banks and lenders then build up their credit history with legitimate records at a credit bureau - applying for a credit line and paying it off, for example - to make them harder to find by risk assessment tools. They will often wait for years before actually defrauding an institution by, for example, taking out a huge loan or opening a credit card without the intent to pay it back.

How does synthetic identity theft occur?

Synthetic identity theft occurs when a bad actor cobbles together real and fake PII - like a deceased person's Social Security Numbers and a made-up address, for example, combined with some information purchased on the dark web from a data breach - with the intent of defrauding a financial institution. This usually takes years, after they have built up a credit history that implies this is a real person making legitimate financial transactions, like building credit, using fraudulent accounts.

In some cases, bad actors will defraud a financial institution, then use the real and verifiable elements of their synthetic identity to claim identity fraud.

Another common tactic is “piggybacking” - where someone adds a synthetic identity to an established credit file, oftentimes inheriting the positive credit history.

How big is the threat of synthetic identity fraud?

The impact of synthetic identity theft is hard to measure. Synthetic identity fraud can be hard to detect, and once it's discovered, there's no standardized process for how those losses are recorded. Some banks may record the loss as a credit loss, while others may account for it as third-party fraud loss.

Estimates cited by the Federal Reserve pegged the losses at $6 billion per year, or roughly 20% of credit losses. And that was back in 2016 - in the subsequent years, the threat has almost certainly grown.

How does Cognito prevent synthetic identity fraud?

Cognito Flow mitigates the risk of synthetic identity fraud in a few different ways.

We start by evaluating multiple sources of identification:

  1. Data source: does the person know their basic personally identifiable information (PII)? Does it match an authoritative source?
  2. Documentary: does the person physically possess an authentic government-issued ID document?
  3. Liveness: can the person, using their mobile phone camera, follow a few instructions to prove they are live?

Using sophisticated neural networks, while completing the steps above, Cognito:

  1. Ensures, using OCR, that the information included in the data source verification matches the information on the government-issued document.
  2. Ensures, using facial matching, that the face captured during the liveness test matches the photos on the government-issued ID document.
  3. Ensures, using best-in-class tools, that the person in the liveness check is real and not, for example, a printout of someone's face. Cognito Flow looks at factors like skin reflectivity, patterns seen on screens, signs of image manipulation, etc.

And Cognito looks to make sure that the person has active accounts online, like a valid email address and phone number, and social media accounts for identity authentication. Using our proprietary Flow Network Explorer, we can also alert you to repeated ID verification attempts coming from a single IP address, device, and more. And behind the scenes, we run a host of fraud checks to detect any other flags that may be indicative of fraudulent activity to prevent synthetic identity theft.

Ready to get started?

More Stories