Business<br />
Insights that<br />
drive results

Blog

Business
Insights that
drive results

06/16/2017

Synthetic IDs: Identity Theft … Without Your Full Identity

EZ Shield June 16th, 2017
Categories
Fraud Prevention

It’s called synthetic identity theft. Whether by a phishing scam, data breach, hack or physical theft, your information becomes compromised and falls into the wrong hands. Criminals use this stolen information to mix and match names, birthdays, Social Security numbers and addresses with other fabricated information to create synthetic IDs. Once the synthetic identity is made, criminals can make fraudulent charges to your bank account, open new lines of credit, order prescriptions and even commit crimes under your name.

In 2014, the Federal Trade Commission (FTC) called synthetic identity theft “the fastest growing type of identity fraud in the United States.” Unlike “true name” identity theft, fraudsters only need to use certain pieces of your information — paired with the criminal’s own or fabricated information — to create a new, “synthetic” identity.

In the mind of a criminal, synthetic identity theft is the ideal way to steal your identity. It’s easy to commit, yet hard for victims to detect. By 2018, Equifax predicts that synthetic identity theft will cost the U.S $8 billion annually in credit card fraud losses alone.

Fraudsters favor synthetic identities

It is much easier for a criminal to fabricate an identity with just a few pieces of your information than it is to take on your entire identity. Criminals typically start with a stolen Social Security number, targeting victims who are less likely to notice the crime like children or the deceased.

Document fraud plays a key role in creating synthetic identities. Using public information and records available online, criminals can piece together enough information to request documents like death and birth certificates. With access to these key documents, identity thieves are equipped with the tools needed to obtain even more sensitive documents and eventually, build a catalog of documents to support the fake identity.


Federal Trade Commission

Alana Benson, author and document fraud expert, explains how criminals use document fraud to commit synthetic identity theft. Fraudsters often use public records to gather the basic information needed to request legal documents. Using “Heather” as an example identity, she discusses how criminals scan obituaries for the information needed to order the death certificates of their victims.
Benson notes that proof of identity involves a few verifying documents: official documents such as birth certificates and Social Security cards, as well as two items to prove residency (i.e. mail, utility bills, etc.) and proof of Social Security number (i.e. W-2 forms, bank statements, etc.).
Listen to this excerpt of Benson’s discussion as a guest speaker at the FTC’s Identity Theft: Planning for the Future 2017 presentation where she explains how easy it is for criminals to create supporting documents of a synthetic identity once a victim’s birth and death certificates have been obtained:

 

 


Evading traditional means of credit monitoring

By using only fragments of a victim’s information, criminals can misuse your information longer. If we look at how credit monitoring and credit freezes work, we can see how traditional protective measures aren’t always full proof in detecting synthetic identity theft.

Let’s say that your Social Security number was used to open fraudulent lines of credit. With true name identity theft, credit monitoring would detect the fraudulent activity and alert you immediately since it was opened in your name. The next step would be placing a credit freeze on your file, requiring further proof of identity to open future lines of credit.

Using a synthetic identity in this scenario tells a different tale. Opening a new line of credit with a synthetic identity would create a “sub-file” to your main credit file, as opposed to directly associated with it. Sub-files are treated as separate entities, only associated to a main credit file by a corresponding Social Security number — not a name. This often occurs (legitimately) in cases of legal name changes, most commonly after marriage.

With synthetic identity theft, the fraudulent credit line is tied to the fake name, not your own. As a result, credit monitoring tools (that only look for unusual activity associated with the account holder’s name) would not detect it. But, when criminals misuse that credit, rack up thousands of dollars in debt and abandon the account, your credit will take a huge hit because the sub-file is still attached to you by your Social Security number.

What should you do?

Avoid falling victim to synthetic identity theft by following these tips:

  • Pull your credit reports on a regular basis. When requesting your credit files, be sure to ask for any sub-files as well.
  • Review your annual Social Security statement. Comparing your reported income to your actual earnings can help detect if your information has been used in the creation of a synthetic identity.
  • Never throw sensitive information in the trash. Always shred sensitive documents before disposing them, so criminals can’t dumpster dive for your information.
  • Be mindful of the information you provide online. Criminals often look to data dumps and other large pools of data from data breaches to create synthetic identities. Secure your online accounts to protect your information from hackers, and be on the lookout for phishing emails and social engineering tactics.

The content on this site is copyrighted by EZShield and used with their permission. Click here to see the original article. Continue following our blog and Fighting Identity Crimes from EZShield to receive the latest data breach and scam news, as well as timely tips from our industry experts about protecting your sensitive information.

John Burcham is Corporate Counsel for EZShield. He is a Certified Compliance and Ethics Professional through the SCCE, and has broad experience in an extensive variety of compliance and regulatory areas, including the FTC Act, UDAAP, Sarbanes-Oxley, GLB, Dodd-Frank, PCI Compliance, FCRA and state level regimes. John has Bachelor of Arts in Economics from the University of Maryland, College Park and graduated with honors, receiving a J.D. from the University of Baltimore School of Law in 2003. His background as in-house counsel for both private and publicly-traded companies provide him with a strong foundation in understanding the needs of business owners of all sizes, as well as the individual consumers who ultimately use and benefit from EZShield services.