Unlike traditional identity theft, where the fraudster steals an entire real identity, a synthetic identity is a hybrid combination. It combines authentic data (in the United States, this is the social security number, while elsewhere it is usually the national identity document, date of birth and postal address) with invented information (usually contact details). This combination creates a seemingly coherent profile, especially when only the so-called authentic data is verified/analysed (as in a banking KYC process, for example).

As a result, traditional systems, which are often calibrated to validate an identity by digitising traditional practices (‘your papers, please’), miss the mark.

Why institutions are vulnerable ?
Fraudsters exploit the trust placed in partially accurate data. In the United States, with a valid official ID or minimal credit history, synthetic identities pass the initial verification stages. The fraudster can then ‘mature’ their identity: open a bank account, take out small loans, make regular payments… until they obtain a solid credit rating. This patience pays off: once credibility is established, the fraudster takes out a larger loan and then disappears. This is known as ‘bust-out fraud’.

The cost is considerable: across the Atlantic, synthetic identity fraud already accounts for several billion dollars in losses each year, according to estimates by major firms. In Europe, the figures are beginning to follow the same trend, particularly with the rise of 100% digital processes.

The limitations of traditional approaches
Traditional controls – document verification, historical scoring, ad hoc analysis of events or transactions – struggle to detect these hybrid profiles. Weak signals (email username, telephone number attributes, presence of ‘digital footprints’) can only be detected through rare expertise. Furthermore, current regulations focus almost exclusively on KYC compliance. However, control and fraud prevention are two distinct things. The former encompasses all the characteristics/steps that allow access to a service… but because all of this is exposed, it also makes it possible to understand and therefore circumvent the measures.

Towards a new approach to detection
Faced with this threat, companies must change their paradigm. The future lies in solutions capable of:

• Going beyond ‘declarative’ data by being able to add additional information.
• Cross-reference dynamic signals (browsing behaviour, machine fingerprint, location) with static identity attributes.
• Detect relational inconsistencies between different identities: shared telephone numbers, recycled addresses, accounts linked to the same device.
• Use artificial intelligence to analyse massive volumes of data/information in real time and identify patterns invisible to the human eye.

These approaches transform detection: moving from simple documentary/contextual validation to a holistic and behavioural view of the user.

A strategic challenge for digital players
Synthetic identities are not a marginal phenomenon: they directly threaten profitability, regulatory compliance and customer trust. For banks, e-merchants and insurers, investing in advanced prevention technologies is no longer an option: it is a condition for survival in the digital economy.

The post Synthetic identities: the invisible fraud that costs billions appeared first on Oneytrust.

E-commerce has grown by leaps and bounds since the early 2000s, and with it, fraud has continued to evolve. According to the FEVAD figures communicated at this Round Table, 72% of e-retailers are profitable or break-even, which clearly shows that e-commerce is a profitable business. And e-commerce is also a job creator, with 41% of e-retailers having created jobs by 2024.

2000-2005: the beginnings of e-commerce

The arrival of the Internet in homes marked the start of a new consumer channel. The first e-commerce sites appeared, often with little security. Fraudulent behaviour remained small-scale, but was already a cause for concern.

2005-2010: the boom in e-commerce… and fraud

E-commerce becomes more democratic with the rise of marketplaces and the first major peaks in online consumption. At the same time, fraud is becoming more structured, targeting payments and technical flaws.

2010-2015: the social networking effect and the expansion of fraud profiles

Facebook, Instagram and other platforms are giving rise to new uses… but also new vectors for fraud. Content linked to fraudulent methods is becoming accessible to everyone. The profile of fraudsters is changing, from organised networks to everyday opportunists.

2015-2020: regulation, PSD2 and increasingly complex payment transactions

The entry into force of PSD2 in Europe (Payment Services Directive) requires strong authentication. The aim is to make payments more secure. As a result, fraudsters are moving to other areas (PayPal disputes, neo-banks, refunds, etc.). Human error is becoming a major target.

2020-2025: industrialisation, cybercrime and AI

The boundaries between fraud and cybercrime are becoming blurred. Attacks are becoming more professional, and fraudsters’ tools are becoming ultra-technical, sometimes doped with AI.

At the same time, merchants are having to cope with tighter regulation (BNPL, consumer credit framework), ever more demanding customer journeys, and increasing pressure on security… without compromising the user experience.

The next 25 years: human intelligence at the heart of the battle

The next few years promise to be just as decisive. Deepfake, synthetic identities, behavioural fraud and offensive AI are shaking things up.

But one thing remains certain: it is human intelligence that will make the difference. Where automated models can be fooled by a synthetic identity, the human expertise built into our approach can detect anomalies.

Why merchants need to (re)think their anti-fraud strategy

With fraudsters becoming ever more equipped, merchants’ anti-fraud strategy can no longer rely solely on technology or compliance.

The keys to effective fraud prevention today :

• Combine technical and behavioural approaches
• Work with partners who are familiar with emerging patterns
• Anticipating regulatory changes (DSP3, IA Act, consumer credit, etc.)
• Combining business performance and security

It is with this in mind that Oneytrust has been working with the biggest e-commerce players for 25 years.

Our mission: to create trust, without friction.

Would you like to find out more about our anti-fraud solutions?

Please contact us.

Meet our fraud experts and find out how Oneytrust can turn your security into a competitive advantage.

The future of e-commerce is being built today. Together, let’s build it on trust.

The post 25 years of fighting fraud: retrospective, changes and the future of e-commerce appeared first on Oneytrust.