In the last post, we discussed the rising incidents of synthetic identity fraud and how cybercriminals stitch together pieces of information—authentic and fabricated—to create synthetic identities. In this post, we will discuss the three ways that cybercriminals abuse these synthetic profiles to build credit and defraud businesses and end customers. These include:
- Applying directly for credit with a lender
- Piggybacking on genuine cardholders
- Data furnishing
Now, let us dive a bit deeper to learn more about the modus operandi.
Applying directly for credit with a lender:
As the name suggests, cybercriminals use the freshly minted synthetic profile to apply for credit directly with a lender—for instance, a credit card issuer. The first time around, when a cybercriminal applies for credit; the application gets rejected, as there is no credit file associated with this fictitious profile. When the cybercriminal applies again, there is already a record of this digital profile with credit reporting agencies (CRAs) as having made an enquiry in the past. Therefore, the application doesn’t get rejected. Although there is no credit activity—as in the case of a student applying for credit for the first time or an elderly not having engaged in credit activity for long—the lender processes the application. The interest rates may be higher than usual, but a cybercriminal is able to open a new line of credit, nonetheless.
Piggybacking on genuine cardholders:
This, probably, is the most abused form of synthetic identity fraud, as it abuses the perfectly legitimate procedure of adding authorized users to an account. It is often used to add a spouse or a child and is widely accepted by credit card issuers. Cybercriminals exploit this lacuna by luring credit card holders (with good credit) to add unknown people or profiles to their card for some time. Cybercriminals ‘piggyback’ on the legitimate accounts in exchange of a small fee.
Once the CRAs receive the records, the piggybacking identities are removed, but the credit history remains. Now, the cybercriminal can approach multiple card issuers for credit. On successfully obtaining multiple cards, the cybercriminals will max out these cards by purchasing expensive items that can be easily sold off later. Often, cybercriminals abuse the credit limit twice by paying off the outstanding dues by fake checks and maxing out the cards again before the ‘payments’ are declined. This is called busting out the card accounts.
This is a sophisticated technique, which is often perpetrated through collusion with insiders. Cybercriminals not only apply for and are granted credit, but fictitious ‘payments’ are also reported to the CRAs. Over a period of time, the credit scores improve. Cybercriminals now use this credit score to obtain more credit cards and max them out.
Why synthetic identity fraud is a rising challenge
Synthetic identity fraud is becoming a growing headache for lenders. This is largely because the verification mechanisms that lenders deploy are outdated and cannot detect the sophisticated tactics that cybercriminals have come to use. In the absence of robust authentication, cybercriminals can easily manipulate the business ecosystems and escape undetected. By the time the fraud is detected, it is too late, causing extensive losses to businesses and end customers, alike.
The article has been written by Neetu Katyal, Content and Marketing Consultant
She can be reached on LinkedIn.