In the rapidly evolving digital landscape, artificial intelligence is a two-sided coin. Fraud protection software, like INETCO BullzAI, harnesses artificial intelligence (AI) technologies to offer fraud protection against financial criminals and cyber attackers. Conversely, fraudsters can weaponize the same technology to steal funds. A prominent example of this connection is synthetic identity fraud. This payment fraud vector often employs AI and deepfakes. For synthetic fraud, fraudsters create new identities using real and fabricated information, making it incredibly difficult to detect and prevent. Synthetic identity fraud is now one of the fastest-growing financial crimes in the world, causing losses estimated at between US$20B – US$40B annually. It poses a significant threat to the financial industry. As AI continually reshapes our payment systems, the sophistication of these fraudulent schemes escalates, creating a high-stakes game of cat and mouse between fraudsters and cyber-security experts. This article aims to decode this burgeoning threat, delving into its mechanisms, the challenges it poses to AI progress and potential measures for combat. Join us as we explain how this type of fraud works and how you can defend against it.
I sat down with Ugan Naidoo, CTO at INETCO, to talk about what synthetic identities are, how they are evolving in the age of AI, and how organizations can work to protect themselves from synthetic identity payment fraud.
Understanding Synthetic Identity Fraud
Fraudsters are continually devising new methods to exploit the vulnerabilities in accounts and payment systems. In recent years, we have witnessed a sharp rise in the incidence of electronic payment fraud, including mobile banking fraud, internet banking fraud, and credit/debit card fraud.
What is Synthetic Identity Fraud?
“Synthetic identity fraud starts when malicious users create fictitious identities,” explains Ugan, “They create these identities by applying for an account. The account is linked to a transaction account or set up to establish a baseline for the identity of a loyalty account. The account can even include a gaming identity.” The account differs from traditional identity theft because it does not necessarily involve directly stealing a single individual’s identity. Instead, it utilizes a mix of authentic and falsified personally identifiable information (PII) to construct a fictitious identity aimed at conducting dishonest acts for personal or financial gain. The genuine data, usually stolen, makes synthetic identity fraud an insidious threat to individuals and organizations. Ugan adds, “This makes it incredibly challenging to detect as these identities often pass through traditional verification checks.”
Fraudsters are becoming increasingly subtle. “If they are just implementing a specific attack pattern, something elementary, then they would only need to create one of those identities for that attack,” Ugan says. “They would then build up the legitimacy of the identity by making transactions to create a history for the targeted service.”
Once the identity has been established, the fraudsters can execute their attack for financial gain or, in some cases, for glory. Ugan told me that in the past, this often occurred in the hacking world to demonstrate the prowess of the hacker, rather than for financial gain.
The Anatomy of Synthetic Identity Fraud
Synthetic identity fraud essentially falls into two categories:
These synthetic identities, often called Frankenstein identities, are composed of valid data assembled from multiple identities. More recently, fraudsters use information that doesn’t belong to any one consumer. The information used to create a manufactured identity can be a government-issued identification number such as a National Identification Card, Social Insurance Number, or National Registration Card number. In the USA, fraudsters often use a Social Security Number (SSN) chosen from the same range of numbers that the American Social Security Agency (SSA) uses to issue SSNs randomly. Using multiple identities to create the manufactured identity makes it difficult for existing techniques to identify this new form of synthetic identity.
In this scenario, the identity draws from an actual individual, but the government-issued identification number and other elements are slightly altered. The fraudsters could, for example, use the SSN of a deceased person, a child, or an unhoused person. This method often obscures a previous history and allows access to credit. In some cases, the person creating the manipulated identity may not be a criminal but is a consumer who has difficulty getting credit due to a poor credit rating. They change their own details to obtain credit with the intention to repay. Detection of manipulated identities is comparatively straightforward as they often conflict with the real identity they are augmenting and fail validity checks.
The Impact of Synthetic Identity Fraud
Synthetic identity fraud is damaging to consumers and financial institutions alike. If the fraudster creates the synthetic identity using some of a person’s real information, that person might find their credit score impacted if they are linked to a synthetic identity. This can negatively affect their ability to get financial services. If a financial institution has, over time, increased the synthetic identity’s credit limit, it will be burned when the criminal maxes out the account and disappears. The fraudster can also make a series of smaller credit card purchases and pay them off on time. After the bank increases the credit limit, the fraudster makes a much larger purchase and disappears. The same thing can happen with a line of credit. Merchants can be impacted when the fraudster uses the synthetic identity to purchase multiple gift cards redeemable for cash. Since synthetic frauds are often categorized as credit fraud, they can be harder to identify as synthetic fraud problems. Therefore, it is more difficult to assess if your fraud prevention solutions are effective.
Synthetic identity fraud will continue to escalate. According to research conducted by TransUnion, in 2022 over 5% of global online fraud was attributed to synthetic identity fraud, with US$4.6 billion in losses in the USA alone. Regula’s 2023 research further emphasizes this, indicating that nearly half (46%) of global organizations have experienced synthetic identity fraud in the past 12 months. Now is an excellent time to assess if you have adequate protections to address it.
Concern about Synthetic Identity Fraud
The proliferation of digital channels for financial transactions is further fueling the problem of synthetic identity fraud. These digital channels provide fraudsters with abundant opportunities to exploit vulnerabilities. The digital landscape’s anonymity makes it easier for fraudsters to operate undetected.
The issue of synthetic identity fraud threatens businesses and financial institutions and poses significant risks to consumers. Consumers may unknowingly become victims of these fraudulent activities when their personal information is used to create synthetic identities.
AI, the Double-Edged Sword
Ugan further explained that “AI and generative AI can be used to create deepfakes, manipulate data, and automate the process of creating synthetic identities, even if the fraudster doesn’t have the technical skills that were once required to do these tasks. These technologies can help fraudsters mimic legitimate individual behaviors and develop credible digital personas perceived as legitimate by many existing fraud detection models.”
“Criminals can then use these synthetic identities to open new accounts, apply for credit, and carry out various fraudulent activities such as credit fraud, account takeover, and money laundering schemes.” Ugan adds, “They often build credit and financial transaction histories over time, establishing credibility with financial institutions. This makes it more difficult for traditional verification technologies to detect fraudulent activities.”
Synthetic identity fraud is becoming a significant concern for businesses, financial institutions, and consumers. As fraudsters become more sophisticated in their techniques, the scale and complexity of these fraudulent schemes continue to escalate.
“We also find synthetic identity attacks are getting pretty elaborate, with fraudsters first creating an identity in one environment, and then they slowly gain access to pieces of information from different autonomous systems, to piece together a comprehensive synthetic identity.” Ugan goes on to say that “and as technology changes, there are more troubling situations where fraudsters can piece together even more information than ever. For example, a customer may find themselves with an issue and need to phone a call center for assistance. The call center may collect the customer’s voice information to generate a voice Extensible Markup Language (XML) biometric identification for that person. A fraudster in another system may be able to capture that XML using phishing techniques, giving them another piece of identification for their synthetic identity that creates further legitimacy.
While the relationship between AI and synthetic identity fraud is evolving, AI and its subset, machine learning (ML), stand at the forefront of combating its intricacies. These technologies wield unparalleled power in recognizing and mitigating evolving threats, establishing them as essential tools for modern fraud detection. ML algorithms can rapidly dissect enormous datasets, identifying patterns and anomalies in real-time using both supervised and unsupervised learning to recognize when abnormalities occur in your system. Integrating ML into your fraud defense strategy helps you proactively fight payment fraud. ML can detect and predict potential threats based on information and patterns it detects and on evolving threat vectors. As fraudsters refine their deceptive tactics, the self-training nature of machine learning ensures a robust and ever-improving response, making it an indispensable ally in the ongoing battle against sophisticated financial crimes.
Despite the conflicting aspects of AI, its potential for combating synthetic identity fraud is enormous. With continued research and development, AI’s capabilities in detecting and preventing this type of fraud will only continue to expand.
Using AI to Combat Synthetic Identity Fraud
AI-enabled fraud prevention systems have made significant strides in combating synthetic identity fraud. AI can identify synthetic identities by analyzing transaction patterns and behavioral data to understand better when an entity acts in a manner inconsistent with its previous transaction history. However, despite these advancements, synthetic identity fraud remains a formidable challenge. The sophistication of these fraudulent schemes often evades traditional fraud detection systems, even those enhanced with AI. Synthetic identities often appear legitimate, passing through standard identity verification checks.
What can make AI effective in preventing this type of fraud is its ability to analyze vast amounts of data at high speed, making it an invaluable tool in the fight against this form of fraud. AI’s predictive capabilities also enable it to forecast potential fraudulent activities before they occur. By identifying anomalies and unusual patterns in transaction data, AI can alert businesses and financial institutions to potential threats, allowing for swift action to prevent fraud.
“However, the effectiveness of AI in preventing synthetic identity fraud also hinges on the quality of the data it analyzes,” explains Ugan. “Inaccurate or incomplete data can lead to false positives or negatives, undermining the effectiveness of AI systems. Therefore, maintaining accurate and comprehensive data is crucial for the success of AI in fraud prevention.”
INETCO BullzAI for Fraud Prevention
INETCO BullzAI (BullzAI), a leader in AI-enhanced fraud detection, offers a powerful solution to combat synthetic identity fraud. Leveraging advanced machine learning and predictive analytics, BullzAI can detect patterns and anomalies in transaction data that may indicate fraudulent activity.
BullzAI can also collect and analyze detailed transactional data at a granular level in real-time, allowing businesses to swiftly identify and prevent fraudulent activities, minimizing potential losses and reducing false positives on your network. BullzAI’s continuous learning capabilities ensure that its detection methods evolve, gaining insight into what is normal behavior for each entity on the system. This provides a robust and reliable solution to help identify fraud initiated by a synthetic identity before it leaves your payment network.
While synthetic identity fraud poses an increasing threat, it is not insurmountable. Organizations can safeguard their systems and protect their customers by understanding its intricacies, staying abreast of technological developments, and implementing robust prevention strategies.
To learn more about how INETCO can help prevent payment fraud caused by synthetic identities and bolster your fraud prevention strategy, request an INETCO BullzAI demo today.