Identity theft remains a popular way for cybercriminals to ruin credit scores. But to steal even more and evade detection, a growing number of crooks are resorting to what’s called “synthetic identity fraud,” which involves creating fake personas to dupe lending agencies. “This is growing. It’s got big numbers tied to $20 billion-plus (in losses), and we’re not really seeing a drop in it,” said Michael Timoney, VP of Secure Payments at the Federal Reserve Bank of Boston. “Due to the pandemic, the numbers have gotten even higher.” At the RSA conference in San Francisco, Timoney outlined how the threat exploits a major hole in the US financial system: Many companies don’t always vet a customer’s identity when they apply for a credit card or a loan. Timoney described synthetic identity fraud as using a combination of personally identifiable information to fabricate an entirely new person. “It’s different from traditional identity theft because if someone stole my identity they would be acting in my name,” he said. “I would go into my bank account and see my money is gone or I’d try to log into my account, but I’d be locked out.” As a result, a victim can identify the fraud reasonably quickly. However, synthetic identity fraud involves generating a new and unique persona, although details such as the Social Security number and address might have been stolen from a real person. “Because of data breaches, there is so much information out there for sale,” he said. In other cases, the crooks will alter or make up the Social Security number and address data entirely with the hopes the companies won’t catch on. “Once you apply for credit with your brand-new identity, there is no credit file out there for you, but one gets created immediately. So right off the bat, you now have a credit file associated with this synthetic. So, it sort of validates the identity. Now you got an identity, and it has a credit record,” he added.  The fraudster will then work to build up the credit rating for the fake persona with the goal of securing bigger loans or credit card limits and then bailing without ever paying the lending agency. “The fraudster will pay their balances, ask for more credit,” he added. “Then they get to the point where ‘Okay enough is enough, I’m going to take the money and run.’” According to Timoney, the fraudsters have also been using fake personas to apply for unemployment benefits and to secure loans from the Paycheck Protection Program, which started during the pandemic to help businesses pay their workers.