What You Need to Know About the Rise of Synthetic Identity and Entity Fraud in the Insurance Industry

Fraud in the insurance industry is evolving due to new technology and is more difficult to trace than ever before. According to a recent webinar hosted by Evadata, the latest threat is not coming from real individuals but from fabricated identities and businesses. With no clear culprit, synthetic identity and entity fraud often goes unnoticed until it is too late. In this article, we will cover definitions of new types of fraud, different forms of synthetic fraud, detection methods, and preventative measures any carrier can take.

 

Defining Synthetic Identity and Entity Fraud in the Insurance Space

 

Synthetic identity fraud:

Synthetic identity fraud (SIF) creates a fictitious person by combining real data like a Social Security Number (SSN) with fake information like a name, address, or date of birth (DOB). These made-up identities are created to open accounts, build credit, file claims, and eventually to extract payouts without a traceable source. Bad actors target the SSNs of individuals who are unlikely to notice or report fraudulent activity, such as children, the elderly, and the deceased.

 

Synthetic entity fraud:

Synthetic entity fraud, while similar, targets commercial insurance. Using a synthetic identity, fraudsters open businesses that exist only on paper to purchase insurance policies. These fake companies have websites, phone numbers, and even tax documents to appear legitimate, only to abandon the entity after the payout is collected. This form of synthetic fraud is less common.

 

Understanding the Four Levels of Synthetic Identity

A recent Evadata webinar was hosted by financial fraud expert Steve Lenderman, Head of Fraud Solutions, North America at Quantexa. According to Lenderman, there are four levels of synthetic profiles to be aware of that differ in levels of sophistication and frequency.

 

  1. Full synthetic:
  • Invalid SSN with a fake name and DOB that do not correspond to any known individual.
  • This synthetic identity is the hardest and most time consuming to create but inflicts the most damage.
  • Since SSN randomization took effect in 2011, this type of synthetic fraud has become easier to create.
  1. Partial synthetic:
  • Combination of a valid SSN, stolen from a real person, with a name and DOB that do not match any single individual.
  • This is the most common type of synthetic fraud and can be quickly executed.
  1. Manipulated profile:
  • SSN is invalid but name and DOB match the applicant’s real identity.
  • Generally used to erase or inflate credit history.
  1. Legitimate profile:
  • SSN, name, and DOB match applicant’s real identity.
  • The first form of synthetic identity to appear.
  • New identity used by fraudsters to apply for bank loans and insurance policies.

 

How it Works

Identity: Entity:
  • Either:
    • Select an unused or stolen SSN, OR;
    • Authenticate and add fake information such as name, DOB, and address.
    • Each option can be done in minutes with free online platforms.
  • Build credit and legitimacy through utility bills, rewards accounts, and social media.
  • Apply for insurance and file fraudulent claims (e.g. life insurance policies).

 
  • Register a fake business and address.
  • Register business with the Secretary of State.
  • Create online presence and legal documentation like tax returns and business licenses
    • Can be easily created with AI platforms.
  • Apply for commercial insurance and submit fake claims (e.g. staged injury under workers comp).

 

 

AI tools leveraged for synthetic fraud:

With the advancement of AI tools, the threat of synthetic identity and entity fraud is escalating. Generative Pre-trained Transformers (GPTs) are being used by bad actors to produce fraudulent content. While mainstream tools like ChatGPT and Microsoft CoPilot are designed with safety measures that ensure they cannot easily generate official documents, malicious GPTs such as FraudGPT and WormGPT pose a greater risk. FraudGPT, available through a Dark Web subscription, is advertised as an unrestricted variant of ChatGPT. It can generate content from incomplete inputs and specializes in undetectable malware, counterfeit documents, forged images, and more. Similarly, WormGPT is engineered specifically for harmful phishing and scamming activities, with fluency in foreign languages enabling hackers to operate across borders. These new tools make it critical for industry professionals to remain vigilant and recognize malicious AI use. Signs include overly flawless and exaggerated images, driver’s licenses with clean computer cut and paste edges, blurry images, or identical signatures across different applications.

 

Eight Red Flags to Watch For

Synthetic identity fraud is harmful because there are no real victims beyond the financial services provider. This makes it especially difficult to track and stop it from happening, as these accounts can be open for years. Detecting synthetic fraud is not easy, but several red flags can help to identify it.

  1. The customer has not filed a tax return with the IRS.
  2. No social media presence or familial connections.
  3. SSN issue date does not match DOB (after April 2007).
  4. No medical history or history of established healthcare.
  5. The identity data is associated with multiple people such as matching SSN, DOB, or other personally identifiable information.
  6. The identity data is not consistent across emails, phone numbers, and social media.
  7. The identity has established credit for a short period of time prior to the policy application.
  8. The claim is filed when the contestability period ends.

 


Five Data Driven Ways to Prevent Synthetic Identity Fraud

Synthetic fraud is harmful and costly to insurance carriers due to financial losses, investigations costs, and reputational hits. Illegal online platforms and AI technologies are making these schemes more frequent and convincing. Here are a few practices to put in place to combat synthetic identity fraud. Talk to your team today for adoption and rollout.

 

  1. Train teams

Bring together a team of data, credit, and fraud experts to discuss current capabilities and potential improvements. Help current underwriting and claims staff understand and identify potential signs of synthetic fraud.

  1. Define good data

Profile what makes a good customer for your company and use it to compare against new customers to detect anomalies early.

  1. Use alternative information

Do not rely solely on credit scores. Leverage additional data such as income data, rental payments, subscriptions, memberships, and social media to further investigate suspicious individuals.

  1. Collaborate with industry partners

Share new information on synthetic identities with industry groups like Evadata ACT to prevent others from being targeted. Click here to learn more about Evadata ACT.

 

 

 

Sources:

 

“The Use of Synthetic Identities & Entities to Commit Insurance Fraud Confirmation” July 24, 2024 – Evadata ACT Webinar

For Evadata source content, click here to request it.

 

JIFA: Synthetic Fraud: With Synthetic Fraud Already in Their Ecosystem, Insurers Need to Think More Like Banks

https://insurancefraud.org/publications/jifa-synthetic-fraud/

 

From Definition to Prevention: Understanding Synthetic ID Fraud

https://www.experian.com/blogs/insights/understanding-synthetic-id-fraud/

 

 

 

Results and Capabilities

About

Solutions

Resources

Events

© 2023. All Rights Reserved.