Credit application fraud occurs when an attacker uses stolen personally identifiable information (PII), to apply for a credit card, loan, or other type of credit. They may even exploit the financial system to create a synthetic identity, i.e., a fictitious person, which is even harder for financial institutions to detect.
Other terms for credit application fraud: synthetic identities; identity theft; new account fraud; credit card origination fraud.
Shape’s advanced fraud detection can flag and prevent attackers from applying for credit online under assumed identities, whether the fraudster uses automated or manual methods.
FORBES ESTIMATED THAT 20% OF ALL CREDIT LOSSES ARE DUE TO SYNTHETIC IDENTITY FRAUD.
Attackers typically only need a victim’s social security number, address, and date of birth to apply for a credit card in their name. This type of PII is regularly available on the darknet from data breaches at organizations like credit bureaus and tax prep firms.
Creating a synthetic identity just requires an attacker to apply twice and with two different lenders. The first application will fail due to lack of credit history, but the record-check itself will start a credit file with a credit reporting agency. Then, the attacker’s second credit card application with a different issuer will typically succeed due to the existence of a credit file.
Synthetic identities are often granted low lines of credit, typically $100-$500, due to the lack of credit history. Fraudsters may make small purchases and pay them off each month, establishing positive credit history and earning period limit increases. Once the credit limit is high enough, the fraudster will cash out, leaving the lender with thousands of dollars in losses.