In traditional identity fraud, perpetrators use another individual’s name, Social Security Number (SSN) and other personally identifiable information to acquire credit. Practitioners of synthetic identity theft also use a real SSN, but they attach a fictitious name to it. They then use this combination to establish new credit accounts. This is critical to understanding synthetic ID fraud, because operating this way makes the practice very difficult to detect.
Those who specialize in this form of fraud focus on harvesting dormant Social Security Numbers. These can belong to children (which is particularly effective because the theft can go undetected until the child turns 18 and tries to establish credit in their own name), seniors, the deceased and the imprisoned.
With these numbers, they “legitimately” apply for credit.
In many cases, the first application is denied because it looks like a person with no prior credit history is trying to get a loan. However, this plants the number in the database of a credit reporting agency with the “new” name attached. Once an identity is on file this way, subsequent inquiries are looked upon with more favor. The perpetrator then goes after small credit lines with department stores and/or other entities willing to extend credit to people with minimal credit histories.
Fraudsters then manage those accounts carefully to gradually develop a positive history. Over time, they reach the point at which major financial institutions will grant them substantial credit lines based upon “established history.” These are then extended to their limits and abandoned—unpaid.
Eventually, the person to whom the SSN was originally issued is confronted with the result. But by then the perpetrator is long gone. The real owner of the number has gone through life for years, completely unaware of the havoc being heaped upon them because the warnings went to the synthesized name and address.
To help protect consumers shopping online, the best ecommerce site builders like Shopify feature robust fraud detection filters and site-wide security measures to prevent hackers from acquiring customers’ financial data. This last point is key because unsecured websites are particularly attractive to thieves who are intent upon harvesting personally identifiable information.
Understanding synthetic ID fraud reveals a number of things you can do to reduce your potential for exposure. Chief among them is reviewing your credit reports regularly—specifically looking for new accounts, delinquencies and fragmented files. Fragmented files can reveal instances of your SSN appearing with a different name. If you have children, or are caring for elderly relatives, check their reports annually as well.
Shred all of your financially related information before discarding it. Dumpster diving is a favored pastime of people who engage in synthetic identity fraud. Shuffle the resulting shreds and dispose of them separately to reduce the possibility of criminals piecing them back together.
Memorize your SSN so the card can be kept in a safe or another secured location at home. If you ever lose your wallet or purse containing your card your SSN will be exposed to the world—so leave it at home.
Use complex passwords comprised of letters, numbers and special characters online. Assign different passwords to each of your accounts so if one gets compromised the others remain protected. Passwords should be changed at least biannually.
Subject links to scrutiny before clicking to ensure you are going where you think are. One letter out of place — or missing — can direct your information to unscrupulous individuals. For example, Macys.com and Macy.com are two completely different sites. Examine the URL to be certain information is going where intended whenever financial or other personally identifiable information is to be entered—even on a frequently used site. The URL on any page requesting such information should start with “HTTPS” to confirm the page is secured.
You’ll find additional useful information on this subject at identitytheft.gov.