Fraud Prevention: Foiling Synthetic Identities

Postal Inspector Describes Mitigation Difficulties

By , November 20, 2013.
Claudel Chery
Claudel Chery

The use of synthetic identities is a rising concern for organizations, and financial institutions are often the ones taking the hit for the fraud, says Claudel Chery of the U.S. Postal Inspection Service.

See Also: Breaking Down Ease-of-Use Barriers to Log Data Analysis for Security

Fraudsters develop synthetic identities by taking personal information from various individuals and combining them into a new, hybrid identity that only exists in the virtual world. Fraudsters use this information to open new bank or credit card accounts.

In the past, individuals who wanted to use and pay off their accounts legitimately but couldn't do so because of past bad credit created synthetic identities. "Fast-forward 20 years later, and it's more for illicit gain where the intention is specifically to establish a pool of accounts that can be used to create a greater systematic fraud," Chery says in an interview with Information Security Media Group (transcript below).

Financial institutions usually are the victims of the fraud because there's no individual victim; losses generally get written off as bad debt, Chery says.

Mitigation Difficulties

Preventing fraud based on synthetic identities is difficult. If a bank took every possible measure to curb fraud, it wouldn't have any customers, Chery says. "As the balance shifts up and down between higher security, less security and better customer experiences, there's always a little loophole or a little crack where fraudsters or suspects will exploit for their illicit gain," he says.

In the interview, Chery discusses:

  • How information is compromised to create synthetic identities;
  • The role law enforcement is playing in helping organizations curb identity fraud;
  • Continuing investigations within the U.S. Postal Service.

Chery recently gave a presentation on synthetic identities at ISMG's Fraud Summit 2013. A video of his presentation is now available.

Before joining the United States Postal Inspection Service in 2004, Chery worked as an investigator for the New York City Department of Investigation. Criminal investigations Chery conducted as a postal inspector have led to the arrest and conviction of more than 150 individuals.

Synthetic Identities

ERIC CHABROW: One of the things you discussed in your presentation was synthetic identity. What is synthetic identity?

CHERY: Synthetic identity essentially is an identity of an individual that's created using various different PII, personally identifying information. This is where the ... bad guy ... will take that information - part of the information from [one victim], part of the information from himself and part of the information from another victim - put it into a melting pot, so to speak, and then try to make up a hodgepodge of a new person that really does not exist except in the virtual world.

Essentially, he'll take this address from this victim, this date of birth from this victim maybe, or his own date of birth so he or she actually remembers it, and half of a Social Security number from this victim, a portion from himself and a portion from another victim, or any type of variation of that kind of structure, and he'll create a synthetic identity that can be used to apply for different credit cards, different bank accounts and things of that nature.

CHABROW: This has been around for quite a while?

CHERY: It has been a while. ... It goes back to the days where someone would apply for a credit card account and they had bad credit so they would probably change their Social Security number so that they would actually get approved. It's gone to the way where someone would actually just change it to legitimately get a card so that they would use and legitimately pay off on their own to where someone will do this to illegitimately get a card ... with no intention of paying off. The express purpose is to use it for illicit gains where, before, someone might have done it because they had bad credit, they couldn't get a credit card and they really needed one. They wanted to continue using credit but they made mistakes in the past so they might have doctored or fudged their numbers a little bit to try to get that approval process done. Fast-forward 10, 15 or 20 years later, and it's more for illicit gain where the intention is specifically to establish a pool of accounts that can be used to create a greater systematic fraud.

Fraud Victims

CHABROW: Who are the general victims of this kind of fraud?

Follow Jeffrey Roman on Twitter: @gen_sec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE HP Inform: Art Wong, SVP Enterprise Security Services

Read HP Inform with discussions on five trends this year and beyond, how Big Data is reshaping...

Latest Tweets and Mentions

ARTICLE HP Inform: Art Wong, SVP Enterprise Security Services

Read HP Inform with discussions on five trends this year and beyond, how Big Data is reshaping...

The ISMG Network