Synthetic identity theft is a type of fraud in which criminals creates an identity instead of stealing genuine identity. Fraudster combines real and fake information to create a new identity. Real information used in synthetic identity fraud is generally stolen or gathered from dark web. This new identity is used to open fake accounts, for fraudulent shopping or other illegal activities. This fraud is one of the fastest growing financial crime in India.
Synthetic identity theft allows fraudster to steal money from loan companies including credit card companies who provide new card or is used to fraudulently extend credit.
How synthetic identity theft works:
Fraudsters target individuals and steal their information to create a synthetic identity. They steal information (e.g., Aadhaar card numbers) and replace it with fake information like fake name, address, date of birth etc. In this kind of fraud there is no identifiable victim, so it goes unnoticed for long.
Fraudster who commits this fraud can use multiple identities at the same time and may keep accounts active for months before the fraud is detected. Sometimes fraudster uses own real information to create synthetic identity and acts as a victim to get their credit line restored. In some cases, synthetic identity fraud is not meant to steal money rather fraudster sells this identity to illegal immigrants to obtain financial services.
Also Read: How to Perform Email Header Analysis?
Difference between synthetic identity theft and traditional identity theft:
Synthetic identity theft is totally different from traditional identity theft. As mentioned above, criminals behind synthetic identity fraud uses both real and fake information to create new identity, which makes it harder to track. But in traditional identity theft, fraudster uses other people’s real identity for opening accounts and for varied other purposes.
How to protect yourself against synthetic identity theft:
In India as per the Information Technology Act 2000, Sec 66C deals with identity theft and is a punishable offense. The law says, “Whoever, fraudulently or dishonestly makes use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh.”