Modern eCommerce security procedures are often based around answering what should be a simple question: are you who you say you are? In real life this can be quickly established through photo ID, but online the problem is much more difficult, hence the creation of Know Your Customer (KYC) procedures. As always, cybercriminals have responded to the creation of innovative tools to bypass KYC checks, namely synthetic identities.
A synthetic identity is a collage of fake information and real information, usually from multiple sources, that when edited together creates a wholly new synthetic ‘person’ who can be used, for example, to apply for loans and credit cards. Experian’s ‘Future of Fraud Forecast’ cites synthetic identity fraud as the fastest-growing sector of online fraud, and based on Experian’s own definition it accounts for 80% of credit card fraud losses and nearly 20% of chargebacks.
How does synthetic identity fraud work?
Gathering the components of a synthetic identity is difficult, so fraudsters turn to vast collections of stolen data available through dark web marketplaces or from real people via ‘rent an ID’ services. Once they have a sufficiently believable identity in place, they will typically apply for a credit card – there are many financial institutions that allow customers to apply for credit cards online (‘get a decision in minutes!’) which use automated screening to make decisions on whether a card is granted. These systems aren’t equipped to spot, for example, a Photoshopped passport.
After they have been granted the card they will use it legitimately, buying goods and paying back the interest, perhaps even for years. They will then ask for the limit to be raised and max out the card. Since the card is registered to a synthetic identity there will be nothing a credit card company can do to get their money back.
How can you stop it?
Synthetic identities are one of the most sophisticated, time-consuming forms of fraud, usually only perpetrated by professionals, so it can be very difficult to spot without the kind of difficult manual review procedures that would be time-consuming to carry out at scale.
There are several ways that you can (potentially) spot synthetic IDs:
- Device fingerprinting: fraudsters don’t want their synthetic IDs to link back to their own IP address, so they will use proxies, Tor browsers, VPNs and emulators. By logging each device with a unique ID, you can see if one device is being used to create multiple accounts.
- Social media lookup: Gathering the components of a new ID is easy but creating a believable social media presence is much less so. Looking up new customers on social media can be highly effective at spotting fraudsters.
- Behaviour analysis: Fraudsters often use automated systems to fill in hundreds of credit card applications rather than doing them by hand, so they will ‘move’ much differently through the application process than most people. They will also do things like copy and paste information rather than entering it by hand.
Doing this by hand would of course be time-consuming. However, there are automated systems that use machine learning to carry out the checks above and many more and is continually being updated in real time. Given the sheer quantity and sophistication of modern synthetic identity fraud automated systems are the only way for companies to stay ahead.
To learn more, visit: https://seon.io/
About the author
Tamas Kadar by is the . He started the company with his co-founder when they were still students in university and built it from scratch. A graduate of the elite Corvinus University, he studied Deep Info Comms where he saw first-hand how fraudsters and hackers looked to get around security measures. He has been featured in Forbes’ ‘Hottest Young Startups in Europe’ and is a regular startup pitch winner. He’s a true tech nerd’s product visionary for creating a fraud-free world.
SEON helps online businesses of all sizes fight back against fraud. It was built out of necessity and aims to remove the barriers to fraud prevention that many companies face, with rapid integration times, rolling monthly contracts and a one-size-fits-all platform that is easy to operate and is accessible 24/7. Its technology draws on data from across the internet to establish customers’ digital footprints to wean out false accounts and prevent fraudulent transactions from taking place and all of SEON’s tools work in the back-end to remove any friction associated with fraud prevention. To learn more about the company, visit: https://seon.io/