Synthetic identities and financial crime

Synthetic identity fraud is one of the fastest-growing and most challenging types of financial crime. Unlike traditional identity theft (using a real person's identity), synthetic identity fraud creates entirely new identities by combining real and fake information. This article explores synthetic identity fraud, detection strategies, and prevention approaches.

What is Synthetic Identity Fraud?

Synthetic identity fraud involves creating a new identity using a combination of:

Real information: Social Security Numbers (SSNs), addresses, phone numbers
Fake information: Names, dates of birth, other personal details
Mixed information: Combining real and fake elements

The result is an identity that doesn't correspond to any real person but can pass initial verification checks.

Why Synthetic Identities Are Growing

Factors Driving Growth

Data Breaches: Massive amounts of personal data available
Digital Onboarding: Reduced in-person verification
Credit Building: Ability to build credit history over time
Detection Challenges: Difficult to identify initially
Financial Gain: High potential returns for fraudsters

Scale of the Problem

Synthetic identity fraud accounts for significant portion of identity fraud losses
Growing faster than traditional identity theft
Often undetected for months or years
High financial impact when discovered

How Synthetic Identity Fraud Works

Phase 1: Identity Creation

Information Gathering:

Obtain real SSNs (often from children or deceased individuals)
Create fake names and personal details
Combine real and fake information
Create supporting documents

Identity Assembly:

Name: Fake (e.g., "John Smith")
SSN: Real (from data breach)
Address: Real or fake
Phone: Fake or burner phone
Email: Created for identity
Date of Birth: Fake

Phase 2: Credit Building (Credit Bureaus)

Initial Steps:

Apply for secured credit cards
Make small purchases
Pay on time
Gradually increase credit limits
Build credit history over 6-18 months

Credit Building Strategies:

Authorised user on legitimate accounts
Secured credit cards
Small loans
Consistent payment history
Gradual credit limit increases

Phase 3: Exploitation

Once Credit is Established:

Apply for multiple credit cards
Max out credit limits
Apply for loans
Open bank accounts
Use for money laundering
Abandon identity when discovered

Financial Impact:

High credit limits = large losses
Multiple accounts = multiplied losses
Long detection time = accumulated losses
Network effects = broader fraud

Detection Strategies

Identity Verification Red Flags

Data Quality Indicators:

SSN not matching name/DOB
SSN issued after date of birth
SSN from different state than address
Name variations across sources
Inconsistent address history

Verification Checks:

def check_synthetic_identity_indicators(identity_data):
    """
    Check for synthetic identity indicators
    """
    flags = []
    
    # SSN validation
    if identity_data['ssn_issue_date'] > identity_data['date_of_birth']:
        flags.append('ssn_after_dob')
    
    # Name consistency
    if identity_data['name_variations'] > 3:
        flags.append('name_inconsistency')
    
    # Address history
    if len(identity_data['addresses']) < 2:
        flags.append('limited_address_history')
    
    # Credit building pattern
    if identity_data['credit_age'] < 12 and identity_data['credit_score'] > 700:
        flags.append('rapid_credit_building')
    
    return flags

Credit Building Pattern Analysis

Suspicious Patterns:

Rapid credit score improvement
Unusual credit building timeline
Multiple accounts opened quickly
Consistent perfect payment history
Authorised user patterns

Analysis:

-- Identify rapid credit building
SELECT 
    identity_id,
    MIN(account_open_date) as first_account,
    MAX(account_open_date) as latest_account,
    COUNT(*) as account_count,
    AVG(credit_limit) as avg_limit,
    MAX(credit_score) as max_score
FROM accounts
WHERE account_open_date >= DATE_SUB(CURRENT_DATE, INTERVAL 18 MONTH)
GROUP BY identity_id
HAVING account_count >= 5
   AND DATEDIFF(latest_account, first_account) < 365
   AND max_score > 700
ORDER BY account_count DESC;

Network Analysis

Identifying Synthetic Identity Networks:

Shared SSNs across multiple identities
Common addresses or phone numbers
Similar credit building patterns
Coordinated account openings
Money laundering connections

Network Detection:

import networkx as nx

def detect_synthetic_identity_network(identities):
    """
    Detect network of synthetic identities
    """
    G = nx.Graph()
    
    # Add nodes (identities)
    for identity in identities:
        G.add_node(identity['id'], **identity)
    
    # Add edges (connections)
    for i, id1 in enumerate(identities):
        for id2 in identities[i+1:]:
            # Shared SSN
            if id1['ssn'] == id2['ssn']:
                G.add_edge(id1['id'], id2['id'], type='shared_ssn')
            
            # Shared address
            if id1['address'] == id2['address']:
                G.add_edge(id1['id'], id2['id'], type='shared_address')
            
            # Similar patterns
            if similar_credit_pattern(id1, id2):
                G.add_edge(id1['id'], id2['id'], type='similar_pattern')
    
    # Find communities
    communities = nx.community.greedy_modularity_communities(G)
    
    return communities, G

Behavioural Analysis

Unusual Behaviours:

Perfect payment history (too good to be true)
Limited account usage
Specific transaction patterns
Geographic inconsistencies
Device and location patterns

Behavioural Indicators:

No missed payments ever
Minimal account activity
Specific merchant patterns
Unusual transaction timing
Device fingerprint mismatches

Prevention Strategies

Enhanced Identity Verification

Multi-Source Verification:

Verify against multiple data sources
Cross-reference information
Check for inconsistencies
Validate SSN authenticity
Verify address history

Document Verification:

Authenticate identity documents
Check for document tampering
Verify document consistency
Validate against databases
Biometric verification

Credit Building Monitoring

Early Detection:

Monitor new credit applications
Track credit building patterns
Identify rapid credit improvement
Flag unusual credit histories
Analyse authorised user patterns

Controls:

Lower initial credit limits
Enhanced monitoring for new accounts
Gradual credit limit increases
Regular account reviews
Risk-based authentication

Data Quality Checks

Validation:

SSN validation and verification
Address verification
Phone number validation
Email verification
Cross-source consistency checks

Tools:

Identity verification services
Credit bureau data
Public records
Data quality scoring
Anomaly detection

Case Study: Detecting Synthetic Identity Network

Scenario

Multiple new accounts opened with similar credit building patterns, sharing some common elements.

Detection Process

Step 1: Identity Verification

SSN validation flags inconsistencies
Name variations detected
Address history limited
Data quality score low

Step 2: Credit Pattern Analysis

Rapid credit building identified
Multiple accounts opened quickly
Unusual credit score progression
Perfect payment history

Step 3: Network Analysis

Shared addresses identified
Common phone numbers
Similar credit building timelines
Coordinated account openings

Step 4: Behavioural Analysis

Limited account usage
Specific transaction patterns
Geographic inconsistencies
Device pattern anomalies

Outcome

Identified network of 15 synthetic identities, prevented additional account openings, and recovered significant funds.

Best Practices

Identity Verification

Multi-Source Verification: Verify against multiple data sources
Data Quality: Ensure high-quality identity data
Consistency Checks: Cross-reference information
Document Authentication: Verify identity documents
Ongoing Monitoring: Continue monitoring after onboarding

Credit Monitoring

Early Detection: Monitor credit building patterns
Pattern Recognition: Identify suspicious credit histories
Network Analysis: Detect coordinated fraud
Risk Scoring: Score identities for risk
Controls: Implement appropriate risk-based controls

Collaboration

Industry Sharing: Share synthetic identity intelligence
Cross-functional: Work with credit, fraud, and compliance teams
Technology Partners: Leverage identity verification tools
Regulatory: Stay current with regulations

Regulatory Considerations

Compliance Requirements

KYC: Know Your Customer requirements
AML: Anti-Money Laundering regulations
Data Protection: Privacy and data protection laws
Consumer Protection: Fair credit reporting

Reporting

Suspicious activity reporting
Credit bureau reporting
Regulatory notifications
Industry sharing (where permitted)

Metrics and KPIs

Key Metrics

Synthetic Identity Detection Rate: Detected / Total synthetic identities
False Positive Rate: Incorrectly flagged identities
Detection Time: Time to identify synthetic identity
Financial Impact: Losses prevented
Network Detection: Synthetic identity networks identified

Dashboard Metrics

Identity risk distribution
Credit building patterns
Network connections
Detection effectiveness
Prevention metrics

Future Trends

Emerging Threats

AI-Generated Identities: Using AI to create more convincing identities
Deepfakes: Synthetic media for identity verification
Cryptocurrency Integration: Using crypto for identity fraud
Cross-Platform Attacks: Coordinated synthetic identity fraud

Evolving Defences

Advanced ML: More sophisticated detection models
Biometric Evolution: Enhanced biometric verification
Blockchain: Immutable identity records
Industry Collaboration: Enhanced fraud sharing

Conclusion

Synthetic identity fraud is a significant and growing threat. Effective detection and prevention require:

Enhanced identity verification
Credit building pattern analysis
Network analysis to identify fraud rings
Behavioural analysis
Multi-layered prevention strategies

The key is to detect synthetic identities early, before they can cause significant financial damage. This requires analytical thinking, technical skills, and a deep understanding of identity fraud patterns.