The “Fastest-Growing” Financial Crime: Synthetic Identity Theft

Con artists are putting a new twist on an old fraud by cooking up make believe identities based on data they steal from their victims.

The scam is known as “synthetic” identity theft. A crook takes a piece of real information, such as your Social Security number, and then links it to a phony name to create a new identity. Once the synthetic identity is established, the criminal can apply for lines of credit, government benefits, income-tax refunds and more.

The fraud is “creating far-reaching impacts” on the U.S. financial system, health care industry, government and consumers, according to the Federal Reserve. Losses are believed to now exceed $6 billion.

Victims can run into many kinds of problems, including loss of credit, denial of benefit applications and disputes with the Internal Revenue Service.

Little detected, little understood

“But unfortunately, many consumers don’t realize how it can hurt their access to credit or how to protect themselves,” said Ken Montgomery, first vice president of the Federal Reserve Bank of Boston. Synthetic ID fraud often goes undetected by routine credit-checking systems. Schemers may wait a long time–sometimes years–before taking advantage of their fictional identities to make illicit purchases.

Synthetic ID fraud often goes undetected by routine credit-checking systems. Schemers may wait a long time–sometimes years–before taking advantage of their fictional identities to make illicit purchases.

It is “the fastest-growing type of financial crime in the United States,” according to a report earlier this year by McKinsey & Company, the management consulting firm.

In June, the U.S. Department of Justice said it had accused 11 defendants of such a scheme, in which they used fraudulently obtained credit cards to buy property and set up shell companies.

To learn more about this popular scam, go to: https://fedpaymentsimprovement.org/news/press-releases/federal-reserve-system-white-paper-examines-the-effects-of-synthetic-identity-payments-fraud/ and https://www.mckinsey.com/business-functions/risk/our-insights/fighting-back-against-synthetic-identity-fraud.

…And Children are Often the Victims

Young kids may not have credit cards, passports or driver’s licenses, but they usually have Social Security numbers. And that makes them prime targets for identity theft.

When a child’s ID has been stolen or used in a scam, it may take many years to discover. More than 1 million children were targets of identity theft in 2017, according to Javelin Strategy & Research. Learn more here: https://www.javelinstrategy.com/node/59561. Their families were stuck with more than $540 million in out-of-pocket costs, while total losses hit $2.6 billion.

Remarkably, a report out of Carnegie Mellon University found that the rate of identity theft for children was 51 times higher than that for adults. Learn more here: https://www.cylab.cmu.edu/_files/pdfs/reports/2011/child-identity-theft.pdf.

Kids’ data may appeal to criminals because no one is paying attention. The children may be too young to buy anything expensive, and parents have no reason to check their credit.

Also, the government shifted to a random way of creating Social Security numbers in 2011, eliminating linkages to birth date and location. But this had the unintended effect of making it harder to identify wrongdoers.

How to protect your kids

Experts suggest a few ways to protect the identity of your children:

• Carefully watch over all their financial activity and any online accounts.
• Teach them to be responsible with their personal information.
• Consider freezing their credit if this is practical under the rules in your state.
• Make sure that critical identifiers, such as Social Security cards and birth certificates, are secure.

Consumer Hacks are Costing Companies

Consumers can lose a lot of money when their data gets swiped, but what about the companies that failed to protect them?

Equifax recently agreed to pay up to about $700 million to settle an array of claims over the giant 2017 data breach of personal information affecting 148 million consumers. Under the deal, the credit bureau will set aside at least $380 million in a fund to compensate individuals who can show they were hurt by the data exposure.

Meanwhile, foreign officials are seeking penalties from other large companies that failed to protect consumer data in their possession.

The United Kingdom wants Marriott to pay $123 million in response to a huge breach reported last year that affected data from millions of consumers, possibly including passport numbers.

Separately, UK officials are demanding $230 million from British Airways, which allowed hackers to divert half a million customers to a fake Internet site. Scammers then captured personal information, such as credit card data.

Stiffer penalties may be an answer

Companies frequently gather personal information about consumers for marketing purposes but often fail to shield the data from cyber attacks, which they say should be blamed on criminals, not them.

But consumer advocates are hoping that stiff penalties will give companies an incentive to do a better job of safeguarding personal info.

Both Marriott and British Airways have said they will contest the judgments.

U.S. policies to protect consumers have been criticized as fragmented and inadequate. Two years passed before the Equifax settlement, which was greeted with mixed reactions by consumer advocates.

Keeping Your Social Security Secure

Social Security is the financial lifeline for millions of older adults.

It is also a key to your identity, which is why scammers often try to trick people into revealing their Social Security numbers through phone calls and emails.

A good way to interact safely with the Social Security Administration is to create a personal account. Doing so will prevent a criminal from starting a fake account in your name. Personal Social Security accounts offer other advantages, as well. If you are not yet claiming benefits, they are an easy way to check how much you may qualify for when you retire.

They also enable you to review your earnings record (and spot any errors), find out benefit amounts for survivors if you die, request a replacement card and check the status of an application.

To create a personal “My Social Security” account just go to https://www.ssa.gov/myaccount/.

Protecting your online account

Such accounts are secure as long as you don’t give your personal data to wrongdoers. The Social Security Administration now encourages users to have a second layer of security to log in, based on their cell phone or email address.

If you are worried that your Social Security account is safe, you have the option of blocking electronic access (just know that you also will be electronically blocked). You can request to undo such blockage later.

If you believe your account has been hacked, report it to Social Security’s Office of Inspector General: https://oig.ssa.gov/.

Medicare: The Scams Keep Evolving

Criminals that target older adults don’t stop with Social Security. For many years, a Medicare card could be a ticket to trouble, because it featured the person’s Social Security number, which crooks would try to grab.

The Centers for Medicare and Medicaid Services advises:

• Never share your Medicare number with a stranger who contacts you by phone or email. Scammers make up all kinds of reasons to trick people into providing this information.
• Be careful if you do give it out. Only share your Medicare ID with someone you trust, such as a doctor’s office or insurance plan you are working with.
• Tell Medicare about suspicious requests. If someone calls you and seeks your Medicare number, hang up and call 1-800-MEDICARE (1-800-633-4227).

Risk Factor: Keep Your Trash out of the Wrong Hands

The term is “garbage theft,” but what you toss in the trash can be worth a lot more than garbage.

Any documents with personal data can be used to hijack your identity. Some pose obvious risks, such as bank and financial statements or any ID papers.

But thieves can use many sorts of information to exploit your identity, including pre-approved credit card offers, school correspondence, medical data, pay stubs, phone bills, retail invoices, and mail from work, insurance companies or the government–to give a few examples out of many.

Even junk mail can yield valuable personal data, such as your name and address.

Tip: Shred Documents the Right Way

An answer to garbage theft is to buy a shredder if you don’t have one. But make sure it’s the right kind.

You can buy a cross-cut shredder that will turn your papers into confetti, at prices starting around $35. The alternative–known as a strip-cut shredder–is less secure, because it cuts papers into strips that can potentially be reassembled.

Be aware that self-shredding can be a bit messy, and that a cross-cut shredder should be oiled periodically. If the task is not practical, look for shredding events in your community, or find a private company to destroy your documents at a modest cost.

Remember: What seems like garbage to you may be precious to an identity thief.