A new type of credit card fraud is emerging, dubbed “synthetic identity theft.” In instances of synthetic identity theft, cybercriminals create new identities to credit card accounts instead of stealing existing Social Security numbers.
According to a report in Bloomberg, this type of credit fraud scam is increasing and could only get worse thanks to the data breach at credit scoring company Equifax. In the hack announced last Thursday (Sept. 7), the company said names, Social Security numbers and other information on 143 million consumers in the U.S. were potentially breached. This information could give identity thieves the means to meld the stolen data with new identities, possibly resulting in the opening of fake credit lines associated with fake identities.
The cybercrime technique, which wasn’t on the minds of law enforcement just five years ago, now accounts for as high as 20 percent of all credit card loans that go unpaid, reported Bloomberg, citing data from Auriemma Consulting Group. What’s more, synthetic identity theft may have cost banks $6 billion or more in 2016 alone. The crimes with fake identities are increasing at the same time credit card companies have gotten retailers of all stripes to roll out EMV-enabled payment systems. EMV chip cards are supposed to be harder to hack.
In the past, Bloomberg noted, synthetic identity theft took a lot of time to pull off — a main reason why there wasn’t a massive amount of this type of cybercrime. In its basic form, hackers steal a Social Security number or try to guess a number that isn't being used, then combine that number with a fake identity. They rely on real addresses to create the identities, then begin opening credit cards.
Banks often reject the first request because there is no credit card history, but bank inquiries with the credit scoring companies create a history. That, in turn, enables cyberattackers to get a credit card the next time around, reported Bloomberg.
“In the last two months, I’ve talked to three large credit card issuers, two large telecommunication firms, a large retailer, a large auto lender and a large fraud consulting company — and every one has had huge synthetic fraud concerns,” says Paul Bjerke, vice president for fraud and identity at LexisNexis Risk Solutions Inc., told Bloomberg.