In 2013, details emerged on one of the most elaborate credit card scams ever seen in which a US-based fraud ring allegedly stole at least $200 million. To do so, they didn’t steal from existing cards, they created new ones, setting up 7,000 false identities and 25,000 credit cards over a number of years, according to the FBI.

The case is one of the most high-profile examples of what the US Federal Trade Commission calls “the fastest-growing and hardest-to-detect form of ID theft:” synthetic identity fraud.

Instead of stealing an existing identity, perpetrators typically use a mixture of real and fake information to create a new ‘individual’. By supplementing an individual’s personal information with made-up addresses, thieves use the new ID to obtain credit and debit cards, which can then be used to apply for loans and purchase insurance policies.

No opportunity to recover losses

How fraudsters make money from these IDs varies. Typically, they slowly build a credit rating, enabling them to do greater damage later on. It could take years, but eventually they will ‘bust out’ by maxing the accounts assigned to an ID, potentially for tens of thousands of dollars, and then discarding the identity. But the identities could also be used to submit fake personal insurance claims or even create fraudulent businesses to extract money from insurance companies.

With no trail leading back to a real person, banks or insurers are forced to swallow the losses. At some point, the second victim – the person behind the real data – will likely be faced with the task of separating their identity from the crimes committed. Their credit rating may be temporarily affected.

More data, more risk

The cost of global synthetic ID fraud is hard to estimate, but it runs well into billions of dollars, not to mention the many hours banks spend chasing people who don’t exist. Its rise is mainly down to the availability of data that can now be used to create synthetic identities: our online footprints are growing ever larger and cybersecurity is becoming increasingly important, as highlighted by numerous high-profile data breaches. Any data stolen can now be bought and sold relatively simply on the Dark Web, the part of the World Wide Web that is only accessible via special software, allowing users and website operators to remain anonymous or untraceable.

Prevention is difficult. New security chips may have made it harder to steal credit card numbers, but they can’t stop synthetic ID fraud. Banks are turning to a variety of technological innovations in an attempt to combat the problem. Voice recognition software, for example, can ascertain if one voice has been contacting call centres under numerous identities. Artificial intelligence engines and machine learning can be used to dig deeper into our digital data to help verify identity more effectively, analysing information such as social media or community records that matches a name with a location. Has this person been posting on Facebook or Instagram in a particular town? Does the name crop up in local school records at the correct time?

Out-innovate the fraudsters

Financial institutions may need to club together to develop an industry-wide solution, as they have in the past with EMV or Early Warning Services, a consumer reporting agency set up by US banks to help prevent fraud. To out-innovate the fraudsters, they must get to know their customers better while respecting data privacy and maintaining a hassle-free consumer experience.