The Rippleshot Data Breach Blog

Online Payment Fraud Trends: Synthetic Identity Fraud On the Rise

Written by Anna Kragie | Mar 6, 2020 2:54:02 PM

New insight from Juniper Research indicates that online payment fraud is expected to exceed $200 billion between 2020 and 2024. One key contributing factor is a rising number of synthetic identities created to perpetrate fraud. 

The research focused on emerging threats and specifically noted how the "ubiquity of digital payments provides an ever-increasing attack surface for fraudsters." An increase in digital access points has allowed fraudsters more channels to breach, allowing more sensitive personal data to be exposed online to be sold on the dark web and/or be used to craft entirely new fraudulent identities. Juniper's research also points to the value of machine learning to combat fast-rising fraud trends.

“The rapidly evolving nature of payment fraud and increased sophistication in attack methods requires machine learning adoption at scale, in order to minimize risk. Constant innovation in analytics and data models is increasingly essential to constraining fraudulent behaviors in payments," wrote Nick Maynard, the research co-author of the report Online Payment Fraud: Emerging Threats, Segment Analysis & Market Forecasts 2020-2024.

Machine learning allows for transaction behavior to be analyzed using data analytics that can detect and mitigate risk based on spending patterns. Juniper's research points to the correlation between rising fraud figured and machine learning investments: "The incorporation of machine learning into fraud detection and prevention software will drive spending forward, reaching $10 billion in 2024, a 15% increase on 2020," the report concludes. 

Juniper's research highlights how an increase in digital transactions — and the possibility of more PII being exposed across multiple digital touch points — is leading to more data being used for the creation of synthetic identifies. With more access to sensitive personal data, fraudsters have the power to perpetrate more digital fraud, create fake identities and drive up new and existing account fraud. 

The problem with identifying synthetic identities is that it can often be misconstrued as other similar types of fraud, such as account takeover fraud or new account fraud. The rise of PII being sold and monetized on the dark web is leading to an increase in each of these types of payment fraud that is getting increasingly difficult for financial institutions to spot and combat on their own.   

Industry experts peg synthetic identity fraud as the "fastest growing type of financial crime in the United States." This type of fraud is largely underreported since may victims of this crime are children, the elderly and homeless individuals, which allows fraudsters to scale this type of fraud without being noticed as easily. This has led to bigger payouts and attracted more fraudsters to commit this type of crime. 

Three factors have contributed to the rise:

  1. Digitization and Automation of Services: The digitization and automation of the customer experience allows people to sign up for services without working with an actual person. Fraudsters have taken advantage of this to scale their techniques.
  2. SSN Randomization Shift: The Social Security Administration made a change in 2011 that randomized the issuance of new SSNs to new applicants. This process made it easier to gain a SSN number with fabricated data. This shift opened the floodgates for fraudsters to create more false identities to exploit at mass scale.
  3. Major Data Breaches: The scope of personal information exposed during breaches has grown dramatically. In the Equifax breach alone, there were SSNs, DOBs, addresses and credit card information exposed all at once. These vital credentials are being stolen and sold on the dark web on a regular basis.

Why is Synthetic ID Fraud Such a Rapidly-Growing Problem?

Synthetic fraud allows hackers to set up accounts in a person’s name that appear to be authentic, but are in fact fictitious. The construction of new synthetic IDs is based on combining truthful and false information to build a credit file and then open new accounts, which is perpetrated at scale by opening hundreds of new accounts.

Synthetic ID fraud has grown increasingly popular for cyber criminals because of the bigger payoff. The financial gains are much greater since the fraudsters create an identity that is harder for banks to crack down on since there is no actual person to make a complaint over fraudulent activity. Because of this, it’s up to the bank’s own fraud detection mechanisms to spot suspicious behavior.

Since they don’t need as much personal information as credit card fraud, cyber criminals have shifted their attention to this type of fraud. For example, by combining a legitimate SSN with a fake name, or by using an inactive social security number with a real name, or even a fake name and SSN, an entirely new identity can be created. From there, fraudsters begin to open up lines of credit and credit cards under these synthetic identities.