In the Federal Reserve’s July 11, 2019 White Paper, “Synthetic Identity Fraud in the U.S. Payment System, A Review of Causes and Contributing Factors,” the authors conclude that synthetic identity fraud is a serious and growing problem for the U.S. payments ecosystem that can only be addressed by a collaborative effort among all payments industry stakeholders.
While “cybersecurity” is a high priority for businesses and financial institutions generally and individuals are regularly bombarded by “identity theft” warnings, “synthetic identity theft” is a term that has largely flown under the radar—at least until now. Perhaps one reason for this is that this rapidly growing type of crime, by some accounts the fastest growing financial crime in the U.S. , is often unreported because many victims—children, the elderly or homeless—are less likely to access their credit information to uncover the fraud.
According to the Fed’s report, synthetic identities are created using certain key information, often Social Security numbers (SSNs) stolen from real people. These fictitious identities are then used to defraud financial institutions, government agencies, or individuals.
Synthetic identity payments fraud also takes advantage of gaps in the credit process, making this a potentially lucrative enterprise for criminals and crime rings. The report outlines a 5-Step process demonstrating how synthetic identities are used to commit payment fraud:  create an identity using stolen or fabricated personally identifiable information (“PII”);  apply for credit using the synthetic identity;  repeatedly apply for credit until approved;  accelerate a positive credit history; and  “bust out” by maxing out the credit line and vanishing!
The increase in PII available to fraudsters on the “darkweb”, including account login credentials, driver licenses, credit card numbers, SSN’s and other PII, appears to be a key factor in the dramatic growth of synthetic identity fraud.
The most alarming example of synthetic identify fraud cited in the report is the 2013 Department of Justice case charging 18 co-conspirators in “ one of the biggest, most complex credit card fraud schemes ever”. In that case, a crime ring spanning 38 states and eight countries used more than 7,000 synthetic identities to fraudulently obtain more than 25,000 credit cards. The total theft exceeded $200 million although there is speculation that the actual loss was closer to $1 billion.
The report estimates that the cost of synthetic identity fraud to U.S. lenders in 2016 was $6 billion.
The report concludes with a call for collaboration. “Like cybercrime, the growing problem of synthetic identity payments fraud cannot be addressed by any government or private sector organization working in isolation. It requires the attention of all payments industry stakeholders to collaborate and work together to understand, detect, mitigate and address synthetic identity fraud in the U.S. payments ecosystem.”