It isn’t enough that identity theft poses a threat to just about anyone with a pulse; now there’s something called “synthetic identity fraud (SIF).” Security experts say it could be an even more dangerous threat.
Because of the numerous data breaches that have occurred over the last five years, there are bits and pieces of personal data on millions of consumers floating around the dark web. In many cases, these bits and pieces are not enough to steal someone’s identity.
In a just-published white paper, GIACT Systems, which provides customer identification and authentication, reports fraudsters are combining various bits of real identification data with fake data to create a very real identity of someone who doesn’t exist.
What makes these schemes so dangerous is they can be very hard to detect. They combine valid information with fictitious, yet established, email and social media accounts. That makes the fictitious identities hard to spot.
All those past data breaches that were not considered that threatening because only email addresses and names were exposed might prove very valuable to scammers trying to create synthetic identities.
GIACT Systems counts more than 446 million consumer records that were exposed in data breaches in 2018 alone. That’s a 126 percent increase over the year before.
Growing number of SIF attacks
These data breaches could be fueling an upsurge in SIF attacks. The Federal Reserve reports that the credit card industry lost $6 billion in SIF attacks in 2016. GIACT researchers say that’s likely just the beginning.
"The problem with synthetic identity fraud is that it's not just a 'grab-and-go' job – cybercriminals will build synthetic identities and foster them patiently over time to build credit,” said David Barnhardt, chief experience officer at GIACT. “Once a certain credit threshold is reached, they strike – leaving businesses in the lurch."
Businesses will most likely react by adopting new authentication procedures that may make commercial transactions more difficult and complex for consumers. Barnhardt predicts businesses will adopt ongoing identity management that will include the use of traditional and non-traditional data to validate identity.
Consumers will be impacted in another way. As losses to businesses mount due to SIF attacks, companies will at some point have to raise prices.
"Businesses need to take identity seriously, throughout the customer lifecycle and as change events occur, if synthetic identities are to be stopped," said Kyle Marchini, senior analyst, Fraud Management at Javelin Strategy & Research. "Today, synthetic identities are hiding in plain sight. They're a recipe for disaster."