History of Synthetic Identity – Who Discovered This Fraud?

Just about every week you might read an article on a new type of fraud called “Synthetic Identity”.    It’s the hottest and one of the fastest growing types of fraud and it’s got the coolest name of any fraud type out there.

But did you realize that Synthetic Identity is hardly new?  It’s been around for at least 25 years in some form or fashion.  It’s gone under various names. It’s changed with the times. But it’s not a new problem at all.

So, I decided to investigate the origins of synthetic identity further.  First relying on my own experience with it, and then researching archives across the internet, news and media outlets and other resources.  I wanted to find out when the term “Synthetic Identity” first emerged.  Who discovered it?  Who coined the term? And how has it come to be one of the top frauds of this decade?

The answer to those questions took me weeks to research but in the end, I found out something new.  And I was totally surprised by what I found out.

1995 – The problem emerges in credit cards

In 1995, I worked for a large subprime credit card issuer as fraud analyst and I noticed an unusual trend developing on a new product we had just launched.   The product was called Secured Card.   A consumer could deposit $300 with the bank and receive a credit card with a $300 credit line.

It was targeted to people that had little or no credit or people who wanted to build their credit score back up.  If the customer paid their monthly bill on the credit card account, we would report the positive payment history to the credit bureaus and they would eventually establish a good credit score.

But something fishy started to happen when we launched that product.  I started to notice that people were depositing $300 into the bank, applying for the credit card, taking out a cash advance for $300 to max out the card and then several months later, they would stop paying altogether.  In some cases, they would actually write bad checks against the account and boost the credit line well above the initial $300 line of credit.

When I Dug Deeper, A Systematic Pattern Emerged of Credit Tumbling

Something was obviously wrong at the bank and it was happening at a large scale. Our portfolio of secured cards was growing rapidly but customers weren’t using the accounts to build their credit, they were doing something else.

So I started to look at the social security numbers on all of the applications.   I used a product called Experian SSN Trace to see who owned the social security number.  In almost every case, the SSN’s were not returning to the applicant.  I would type a social security number in, and it would show a completely different name than the applicant.

The applicants were plugging in any social security on the application and using their own names.  The only way I could detect it was by de-coupling the social security number from the name and seeing what got returned.

What I had stumbled upon was a technique used by first-party fraudsters called “credit tumbling” which was designed to fool credit bureaus identity linking system by removing one element of their 3 part matching algorithm (name + address + social security number).  If a credit bureau received a different social security number from the borrower it would essentially create a new record called a no-hit which would later be turned into a credit file if a second inquiry was made.

The fraudsters were targeting secured cards in particular because it was an easy gateway product to build a new credit bureau.  Since the bank was getting a security deposit they were not that worried about losing money so they did very little in terms of fraud screening during account opening.

That turned into an open door for the fraudsters.

Credit Tumbling Created New Bureau Records And Allowed People to Hide Prior Credit Problems

Credit tumbling could be called the early predecessor to synthetic identity.  The term credit tumbling would involve borrowers making small adjustments to their names and social security numbers to throw off the credit bureau’s identity linking system.

The term was actually borrowed from another type of fraud called Card Tumbling, where fraudsters armed with Mod 10 checking software could create thousands of valid card numbers by correctly guessing the sequence of card numbers by starting with a single valid card number. It was called Mod 10 because 1 valid card number could be generated for every sequence of 10 numbers.

Credit Tumbling, however, was a perfect way for fraudsters to hide their true credit profiles.

Credit Tumbling Evolves to Synthetic Identity

Fast forward to 2019, nearly 25 years later and the term synthetic identity has emerged as one of the top fraud types here in the US.  The roots of the fraud type have their origins in credit tumbling but I really wanted to understand who came up with the name for this fraud type.  It was a perfect way to describe the fraud  – the creation of a Frankenstein credit profile made up of some real parts and some fake parts.

To answer this question I started researching the internet, media archives and fraud publications.  I went back as far as 1980 and I searched and I searched.

Eventually, I found the first mention of Synthetic Identity in 2004.   It turned out, I knew the person pretty well – Mike Cook who was the co-founder of ID Analytics .  ID Analytics created the first ID Network (Identity Bureau) that enabled banks to share their identity related information and fraud occurrences with each other to stop identity related fraud.

In 2003, The Term Synthetic Identity Was Created at 3 o’clock in the Morning

I reached out to Mike Cook to confirm if he had in fact discovered and coined the term “synthetic identity”.   He confirmed that YES, he in fact had, but the story about how he had come up with it was even more interesting.

Since his company was so busy at the time, he had to perform much of his research and analysis on fraud patterns late into the night.  On this particular night, he worked from 3 am to 8 am  analyzing how breached data was being used by fraudsters after the information was stolen.

He noticed an unusual pattern that included SSN tumbling, linking elements, similar names, transposed similar first/last names on many different applications.   He decided to write a whitepaper on what he had discovered in the network and wanted to come up with a term that would describe the fraud and capture the imagination of the reader.    He had just finished watching the movie Aliens the night before and remembered the character Lance Bishop who was a synthetic human.

So, he created the term “Synthetic Identity” based on the fact that the identity was created in much the same way the Android was created in Aliens.

He wrote his whitepaper with the help of Cooper Bachman and the rest is history.  Synthetic Identity has now become part of the fraud vernacular and has served as an excellent term to help rally fraud fighters to target this very specific and damaging problem.

When You Think of Synthetic Identity, Think of Lance Bishop from Aliens

So next time you think of where Synthetic Identity, think of Lance Bishop from Aliens. His serial number is A17/TQ2.0.35100E and he isn’t set to expire until 2179.  So it looks like we have at least another 150 years to fight the problem of synthetic identity.

Thanks for reading this interesting history of synthetic identity fraud.

Frank McKenna is the Chief Fraud Strategist for PointPredictive and a Fraud Consultant based in San Diego California