Understanding and Combating Synthetic Identity Fraud in Business

IN THIS ARTICLE

Like it? Share it

Synthetic identity fraud involves the piecing together of genuine personal information and fake details to form a brand new identity, which fraudsters then use to access a business’ private information or financial accounts.

AI plays a huge role in preventing synthetic identity fraud, as do image history searches, data matching and information monitoring. Platforms like Trustpair work to prevent businesses from falling victim to payment fraudsters by detecting discrepancies in real time, and monitoring changes to the data that could indicate higher risk.

Learn how to safeguard company funds by preventing synthetic identity fraud. Book a demo to learn more!

What is synthetic identity fraud?

Thieves create new identities by using a mix of real information and made-up details. For example, the fraudster may steal a genuine social security number, but add a fake name, date of birth, and address. Then, they commit synthetic identity fraud.

As a business, synthetic identity fraud could hit you where it hurts. You might encounter fake suppliers who take your money without delivering any services, committing invoice fraud, or realize that customer after customer who you’ve spent time and money to obtain and onboard, never existed in the first place.

Scarily, fraudsters tend to create synthetic identities to max out lines of credit before disappearing into the abyss. And it’s an expensive issue. Synthetic identity fraud is thought to have cost the US approximately $5 billion in 2024.

How are synthetic identities created?

There are two types of synthetic identities:

Manipulated

This is a genuine identity where only one or two items of information have been altered
Example: A consumer commits first–person fraud by falsifying their poor credit history in order to access better loan terms

Manufactured

This is a completely fake identity where none of the data corresponds to a genuine victim
Example: The fraudster opens a bank account using their fake identity with the purpose of getting approved for a loan

Here’s the step–by–step of synthetic identity creation:

The fraudster obtains one piece of real information, usually a social security number, and typically on the dark web
They combine the real SSN with other fake data; a false name, date of birth, and address to establish an identity
Next, the fraudster gets to work in building a credit profile for the identity. This is a long-term play in which they will open accounts with smaller lines of credit and even make legitimate payments in order to build trust with the Federal bank, financial institutions and perhaps even the government. The longer the fraudster ‘incubates’ the identity to harvest a credit history, the more credible and mature the identity seems
Finally, once a strong credit history is established, the fraudster will max out all lines of credit (including loans and credit cards) in one go and immediately shut down the false identity so they cannot be tracked down
The fraudster rinses and repeats

Key indicators of synthetic identity fraud

One of the worst aspects of synthetic identity fraud is that cyber attackers often incubate their synthetic identities and wait until the right time to strike. This makes it challenging to confidently identify attempts of this kind of fraud.

However, there are some key indicators for detection:

Digital identity mismatch
Complaints from real customers or suppliers
Lack of credit history
Multiple accounts with the same details, such as phone numbers or email accounts
High risk IP metadata

Digital identity mismatch

While the physical data may not be suspicious, we always recommend that businesses use extra verification methods to concretely validate the identity of their customers and suppliers.

By applying detective controls like assessing digital identity factors like IP address, you can determine whether the individual is contacting you from where their physical address is.

Similarly, using two–factor authentication and sending a text message to the phone number associated with the applicant enables you to not only verify that they are a real person, but also that the phone number is associated with the right identity.

Where these factors don’t match up to the details you’ve either been given or verified through an external database, this applicant might require escalation to the fraud team.

Complaints from real customers or suppliers

As mentioned, dangerous cyber fraudsters often lie in wait, spending weeks or even months to build up the credit history on their synthetic identities before striking – but this offers one key advantage if they choose a manipulated identity.

Since these are largely based on real people, there is a chance that the victims notice something, for example if money leaves their account. Once this occurs, the victim is likely to make a report to their provider, who can then launch an investigation, identify the synthetic identity, and block the fraudster.

Strategies to detect and prevent identity fraud

Preventing identity fraud requires you to answer two primary questions:

Does this person really exist?
Do these details all match publicly available records?

To answer these questions, many companies rely on technology like Trustpair’s vendor database monitoring, which:

Collects the data that vendors provide and compares them against trusted external sources
Grades each vendor as favorable or unfavorable in terms of real–time risk
Spots the likes of duplicate entries, errors, or missing data and enriches these inputs with suggested corrections Automatically blocks payments to fraudulent vendors with customizable AI rules

The role of AI in combatting synthetic identity fraud

AI is almost always used by fraudsters in order to build these trustworthy credit profiles with efficiency, especially more than one at a time. However, it’s also the best verification solution to the problem.

Generative AI can combine biological and behavioral biometrics to combat synthetic identity fraud, checking how many applications have been made per device, for example. It has the ability to cross-reference images, like those in ID photos, to find duplicate identities in real-time. AI can also conduct Know Your Customer (KYC) or Know Your Business (KYB) on an ongoing basis.

To conclude

Synthetic identity fraud can occur in business when criminals use a mix of real and false information to impersonate customers or vendors. Protect by checking for digital identity mismatches or stolen info with external databases and customer complaints.

Prevent synthetic identity fraud by verifying the identity and using automated tools, like Trustpair’s vendor monitoring platform, to constantly oversee the data. Contact an expert to learn more!

You’d like these articles

Fraud protection

6 min

Mandatory E-Invoicing: What Businesses Need to Know for Compliance

Compliance Finance

4 min

Payment Pre-Validation: Preventing Errors and Fraud in Transactions

Fraud protection

5 min

Credential Stuffing Attacks: Understanding the Threat and How to Prevent Them

FAQ

Frequently asked questions

Browse through our different sections and find the answer to your question.

Identify synthetic identities by checking if images are duplicated elsewhere, verifying the personally identifiable information against external sources and applying biometric AI to see if the device, location or identity has been previously used to commit fraud.

Notifications about unrecognizable payments, suspicious log–in attempts and multiple accounts using the same personal details are all warning signs of identity theft.

Vulnerable populations like children are the most likely victims of identity theft because they have working social security numbers but don’t yet have a pattern of normal behaviour which could help teams to identify fraud.