Last week, we tackled the topic of identity proofing – how it’s changing and why it matters to your organization. We learned that when setting up new accounts, the practice of answering questions as unique identifiers has become less effective and may be putting you at risk for identity theft. This week, we’re going to talk about synthetic-identity fraud, and while it may not be someone stealing your actual identity, it can still do considerable harm and presents another challenge for security professionals to overcome to keep your data safe from breaches.
What is Synthetic Identity Fraud?
Synthetic-identity fraud is the crime of committing identity theft while using fictitious information. A fraudster creates a fake identity and uses that identity to obtain credit, open deposit accounts, and secure important documents such as driver’s licenses and passports. This new identity is often made up with a real Social Security number, often stolen from a child, who has not yet used their number to establish credit. The rest of the identifying information used may include small snippets of real information – a mother’s date of birth or ex-husband’s address. Often, parts (or all) of the identity is completely fabricated. It’s important to understand that this type of fraud is elaborate and complex and first requires the expert-level thief to obtain sensitive personal identifying information.
How Does a Synthetic-Identity Become Legitimate?
Thieves engaged in this kind of activity are patient and persistent and use many methods to obtainsensitive information: stealing mail, trash, phishing, and hacking online accounts to name a few. Large data breaches, such as the recent breach against Marriott, is an example of how your personal data may get into the wrong hands. Fraudsters take advantage of this information and loopholes in the credit application system to develop a credible identity. When a new applicant applies for credit, a new credit file is created. Often the application will be denied if the applicant has no credit history. But with the credit file established, the con-artist applies for more credit, focusing on sources that tend to be more tolerant of those trying to establish credit. Eventually, they get an approved application and will use that for credit-building, gradually getting higher limits and maxes out the account. This is why child and inactive Social Security numbers are popular with thieves. Scammers also seek to find ways to use a fake identity as an authorized user on a credit card account. This can create a borrowing history that allows the thief to apply for new cards and cash them out. Worse, identity thieves may use fraudulent checks to pay for the credit card debts maximizing the use of the cards.
How to protect yourself
It’s up to each of us to do what we can to keep our information safe. It’s not enough anymore to simply protect your Social Security Number as this has likely been shared across many different areas over the years. As we’ll discuss in our next blog, now is the time to take advantage of existing identity solutions and authentication solutions to replace the commonly, and insecure, use of usernames and passwords. Additionally, take the time to learn how to keep your child’s identity safe, place a fraud alert on your credit card reports (you can do this directly with Equifax, Experian, and TransUnion) and make sure you’re doing business with trustworthy sources.
What about data breaches?
Data and privacy breaches continue to happen, and consumers expect their information to be protected by the companies they do business with who require them to share sensitive information. How do security leaders prevent fraud at scale? There are many companies working on the answer to this. Join us in mid-January when we will take a closer look at new identity strategies and leading companies that are committed to protect themselves and consumers from the growing threat of data breaches.
The Kuma difference
Kuma is making a difference and helping organizations strike a balance between establishing a secure identity verification process and making it easy to do business with them. We havesolutions to help you achieve your privacy, security, and risk goals and ensure you have access to senior level resources and confidence through our forward-thinking approach. Learn more about Kuma at www.kuma.pro and what makes us different.
Learn more about our privacy, security, and identity services.
Request a consultation with a Kuma team member.
