Oh Great, Now We Have to Deal With Synthetic Identities Too?

Identity is like a mercurial droplet flowing downhill, absorbing new elements while shedding others along its path. Except it's a digital stream of personal data that's constantly being stolen and manipulated to create things like synthetic identities for credit fraud.

Oh Great, Now We Have to Deal With Synthetic Identities Too?
It’s extremely difficult to track down someone who doesn’t exist. - https://legal.thomsonreuters.com/blog/synthetic-identity-fraud-what-is-it-and-how-to-combat-it/
Synthetic identity theft pairs a few pieces of real information with fake information to create a new hybrid identity that they build up into legitimacy. - https://www.security.org/identity-theft/synthetic/

We spend most of our lives building our own identities, doing things like buying a house or getting a degree, building a credit score so we can get along in the world, all the while saving our money for retirement in banks and other financial institutions...and in a flash it can all be taken away...by someone or something pretending to be us, or part of us.

What is a person anyway, just a name and a social security number? It reminds me of what people used to say about some of the sports cars of the 80's, where it wasn't a solid, well-engineered thing, rather a collection of parts loosely flying in the same direction at the same time. That's what it feels like to have an "identity"...just a collection of details in roughly the same area at the same time. Just like when you authenticate your identity to a bank or something over the phone...what's your name, where do you live, what's your phone number, etc...nothing that feels really solid.

Our identity is an ever changing collection of jumbled pieces, sometimes we collect new pieces, sometimes pieces fall off, sometimes they are pulled off. To make matters worse, our identities, these little details that help to identify us, are now digital and stored in hundreds, if not thousands, of institutions around the world, some of them government, mostly not, all of which are extremely poor at securing our data and maintaining our privacy, and so our data is lost, scattered and copied countless times across the so-called Dark Web where it can be manipulated, copied, pasted, xeroxed, scripted, GenAI-ed, and combined to make entirely new identities.

Identities Are So Unreal, We Can Just Create Mostly Fake Ones Now Too

Synthetic identity fraud occurs when genuine information is merged with fabricated information to create a new synthetic identity. - https://b2b.mastercard.com/news-and-insights/blog/what-is-synthetic-identity-fraud-and-how-does-synthetic-identity-theft-work/

Here are the steps fraudsters take:

  1. Steal a real "identity number" like a social security number, or other piece of information
  2. Combine the stolen details with fake information such as names, birth dates, and addresses to create a Frankenstein identity
  3. Using this "Frankenstein" identity, the fraudster may spend considerable time building up other details to add to this profile, engaging in a long con
  4. Finally using this synthetic identity as part of a fraudulent transaction of some kind

We're used to the idea of an entire identity being stolen, or at least someone pretending to be us long enough to get a bank loan or a credit card, but in our name. In the case of synthetic identity, it's really about the fact that it's hard to validate what is an honest to goodness real person. Banks and other services don't have a perfect way of doing that, and so while we understand the idea of identity theft as it happens in the movies (and of course in the real world) where someone is pretending to be us, it's harder to wrap our heads around the idea of a fraudster making up a sorta-kinda-real person and running a "long con" to effectively create a new person out of some real parts and some fake parts.

The dark web is a bustling marketplace for stolen data. The types of data traded there have evolved over the years, reflecting the growing sophistication of cybercriminals. - https://threatintelligencelab.com/blog/types-of-data-cybercriminals-sell-on-the-dark-web/

As I mentioned earlier, identity is really a floating, ever-changing collection of details. Unfortunately, times have changed, and while we have newer technologies like the Internet, which on the surface seems like a mostly good thing, we also have the downside of generating so much digital data that it overflows its cheap containers and falls into the hands of bad actors.

The fact that this data is relatively easy to steal from large organizations, and because it is digital and thus easy to copy, it ends up on the dark (inter)web, which is a real thing, where it can be stitched together to create synthetic identities. This is a reality of our weird postmodern age–companies collect our data, lose it, and it forms new people. Unbelievable. Imagine what'll happen when AI really gets going.

How Does This Affect Me as a Regular Person?

“The perpetrators of this scheme, which began in 2016, are alleged to have created more than 680 unique synthetic identities, many of which were used to apply for and open hundreds of bank and credit accounts at various banks and financial institutions across Ontario,” he said at a news conference at police headquarters on April 29. - https://www.tps.ca/media-centre/stories/arrests-in-synthetic-identity-fraud/

Ultimately, synthetic identities are mostly a concern for banks and other financial institutions, but parts of a synthetic identity are real and could be yours...maybe a social security number. This means that everyday REAL gosh darn normal people can get caught up in this, just like any other awful identity fraud.

Defending against this kind of thing as an individual person isn't going to be any different than other types of identity fraud–really, the best thing to do is probably use multi-factor authentication everywhere, make sure you use financial services that have high levels of regulation and government-backed insurance, and I guess hope that your data isn't in a lot of big, insecure organizations.

Further Reading

Link - https://www.tps.ca/media-centre/stories/arrests-in-synthetic-identity-fraud/

Link - https://legal.thomsonreuters.com/blog/synthetic-identity-fraud-what-is-it-and-how-to-combat-it/

Link - https://b2b.mastercard.com/news-and-insights/blog/what-is-synthetic-identity-fraud-and-how-does-synthetic-identity-theft-work/

Subscribe to Tidal Series by Curtis Collicutt

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe