Blog

Background top
Feb 08, 2022
Ciberfraude

Online commerce, victim of synthetic identity fraud

Synthetic identity fraud is more present than ever. In this post, we clarify its definition and let you know how it affects online commerce.

What is synthetic identity fraud?

Before we get into fraud, we need to define what a synthetic identity is.

A synthetic identity is a fabricated identity that is created from real information (social security numbers, physical addresses, etc.) and fabricated or false information.

In Synthetic Identity Fraud, a cybercriminal steals real personal information to merge it with made-up personal information. The result is a false identity that cybercriminals use to apply for loans, credit cards or to buy products online.

  • It is very difficult to detect and combat, since users who don’t exist are persecuted. In addition, the criminals adopt ordinary behaviors, which makes them look like real users.
  • Synthetic identities don’t follow a pattern, they are all different.
  • It is a complex and growing form of identity theft.

⚠️ If you are wondering how cybercriminals get the real information, the most common way is on the deep web or through social engineering techniques.

How does this type of fraud work?

Cybercriminals combine fabricated data and real data to trick financial institutions and businesses. The objective of these combinations is to impersonate real people and access credit cards or loans, among others.

Banks often reject credit applications from people without a registered credit profile. Nonetheless, they manage to get approval. In some countries, even with a single credit card, these scammers can access additional accounts.

Once fraudsters have access to cards and loans, they make purchases and continue to feed the profiles created with “real” information. Their goal is to appear creditworthy and therefore eligible for higher spending limits. This, in turn, makes it easier to access more credit. When the scammers decide that the credit limits are high enough, a process that can take years, they “run away,” maxing out all accounts associated with the fake customer before discarding the identity entirely.

It is also common for fraudsters to make large purchases or apply for loans. Once approved, they stop using that fictitious identity. And, of course, they don’t pay the debt.

Identity theft vs. Synthetic identity fraud

Identity theft is the theft of real identities. The scammer gains access to a cardholder’s account or personal data. Once he gets the data, he squeezes it to the maximum (he usually buys as much as possible) until he is discovered. Therefore, it is a scam against the clock, with time counted.

By contrast, in synthetic identity fraud, cybercriminals adopt a “longer-term” strategy. Fraudsters get the real data and combine it with fabricated information to create a fictitious identity. Next, they pretend to be that person and try to feed the false profile as much as possible to raise as little suspicion as possible. In fact, victims of synthetic identity fraud are often unaware that they have been a victim of this type of fraud. The fraudsters themselves are in charge of receiving the states of their cards and avoiding being discovered.

Online commerce, the most affected victim

Scammers are also going digital. Synthetic identity fraud is rapidly gaining traction due to relaxed standards for applying for credit cards and the relative ease of stealing personal data. This type of fraud doesn’t only affect people and financial entities. More and more online businesses are facing fraudulent purchases (on behalf of cardholders that don’t exist) and chargebacks, causing them huge losses.

In fact, the biggest loser is the online business that encounters a fraudulent customer, since these false identities appear real and the merchant has no way of controlling who they establish a business relationship with. Also, most of the time, they can’t find the person who owes them money.

In addition to losses in products, associated resources, and chargebacks. It is also common for these fraudsters, false account holders, to claim that they haven’t received the purchases. They then request a refund of the cost from the bank, which of course is paid by the ecommerce. Even if the bank doesn’t ask for compensation for the loss, the business has to pay the expenses associated with the product (storage, shipping, etc.).

What can you do to protect your business online?

Ideally, financial institutions should collect as much data as possible about their new customers. Knowing their context and understanding their activity is key to preventing threats and avoiding fraudulent customers. In addition, by gathering as much information (from email, social security number, address, etc.), there are more possibilities to check if that data corresponds to another client. And therefore it is easier to spot fraudsters before they apply for new fraudulent accounts using already registered data.

Of course, this practice requires significant effort to collect, compare and confirm information from different sources. These difficulties, added to the distrust of users, complicate the prevention of fraud.

On the other hand, it is difficult to estimate the exact cost of synthetic fraud in online trading companies. Therefore, it isn’t given as much attention as it should be. However, digital businesses must prevent attacks and must ensure that their systems are protected to avoid damage and further costs.

Identity verification is the first step in protecting your online business.

Online businesses can prevent the threats and risks of synthetic fraud thanks to identity verification and monitoring processes. Adding this step to the new customer onboarding process allows businesses to confirm that their new customers are legitimate and intend to purchase legally (otherwise they would not record their real identity). Furthermore, analyzing transactions and monitoring behavior in order to confirm the authenticity of customers is an additional layer of security in the fight against fraud. .

Alice’s artificial intelligence and facial recognition are the perfect combination to prevent e-commerce fraud and deter fraudulent users, while offering a comfortable and fast user experience to legitimate users.


Follow us on LinkedIn!