Synthetic Identity Fraud is the fastest growing type of identity theft that is affecting auto dealers. It’s a type of fraud in which a criminal uses fake information, sometimes combined with real (usually stolen) data, to create a fictitious identity. A Credit Profile Number (CPN) is essentially a synthetic social security number, which is often used to create a fake identity. These made-up identities are established for the sole purpose of deceiving creditors to borrow money and open accounts. 
 
Due to the new chip cards, fraudsters are no longer as successful at counterfeiting credit cards, so they have targeted fraudulent auto loans at a higher rate, which impact auto dealers. It can be easy for auto dealerships to fall prey to synthetic identity theft since much of the information criminals provide them with is legitimate. According to TransUnion, the outstanding balance on auto loans linked to suspected synthetic identity fraud more than tripled from 2012 to 2017.
 
How “Phantom Borrowers” Threaten the Auto Industry:
One of the reasons that more criminals are using the synthetic identity scam is because lenders have gotten better at protecting against traditional identity theft, which often involves using stolen data about real consumers. When bypassing actual consumers, scammers send fewer “red flags.”  
 
How a “Phantom Borrower” is Born:
 

• After a data breach, fraudsters purchase personal identifying information on the dark web. 

• Scammer applies for loan using fake identity.
• Query to credit-reporting firm reveals no borrowing history. Applicant likely gets rejected.
• Query results in a new 'credit file,' a precursor to a credit report. Suddenly, a new identity has been born.
• Scammer applies for more loans, expanding credit file, giving lenders perception that applicant is real. Most likely, fraudster will get approved with a low limit credit.
• The fraudster uses the card and pays the balance on time to establish a good credit history
• The fraudster uses its good history to get more credit cards and accounts – and eventually applies (and is approved) for an auto loan.

​

Synthetic identity fraud exploits a weakness in America’s consumer-credit system. Lenders often consider a loan applicant legitimate if the applicant has a credit report at one of the three credit bureaus. But a new “credit file”— essentially a precursor to a credit report—often gets created when someone simply applies, even if the loan gets denied. If one lender approves a loan for the fictitious individual, that information can make the file a full-fledged credit report.
 
TransUnion and Experian say it is difficult to distinguish between a “phantom borrower” and a real borrower who’s applying for credit for the first time and has identifying information that isn’t on file. 
 
The Real Cost of Synthetic ID Fraud to Dealers:
Synthetic identity fraud can cost a dealership greatly. Synthetic identity enables people who normally wouldn’t qualify for credit to purchase a car, which results in the dealership writing off the fraudulent amount and suffering operational expenses on the backend with the creditor. The balance of auto loans generated by suspected synthetic identities was more than $504 million in the fourth quarter of 2017.

In the event of a breach, the dealer’s “good” customers are also at risk since their information becomes prey to synthetic identity fraudsters. In fact, 33% of consumers lack confidence in the security of their personal and financial data when buying a vehicle at a dealership.  

What Auto Dealers Can Do to Reduce Their Risk:
Dealers need processes and programs that protect themselves and help keep their customers safe from the fraudsters that are waiting for opportunities to attack.Synthetic identity can cost a dealership thousands of dollars and numerous unrecoverable hours. Protecting your dealership from becoming a victim of synthetic identity fraud and/or breach requires strong security and recovery programs.

1. Implement Strong Security Processes
   The use of biometrics and cross-referenced background checks for identity verification can help stop synthetic identity thieves. Dealers should take extra precautions when applicants have limited credit history. With the growing risk of data breaches happening at auto dealerships, dealers need to seek greater breach recovery and response programs that will provide maximum protection when a breach event occurs. 
2. Provide Fully Managed ID Recovery 
   Give your dealership and employees the right tools and support to keep them safe from any formof ID theft or fraud. With major breaches such as Equifax, employees are at a growing risk of becoming victims of identity theft. Dealerships that implement fully managed recovery services provide their staff with an employee benefit that offers peace-of-mind and protection. A Fully Managed Recovery (FMR) program puts your employees’ first and will act on their behalf during the entire identity restoration process. 

Having greater cybersecurity preparedness needs to be the top priority for auto dealers.  This will help dealerships avoid becoming victims of synthetic identity fraud, as well as will create the basis for the ultimate response to any data breach or identity theft when it happens.  
 
 
 
 
 
 
Sources:
 
"The New ID Theft: Thousands of Credit Applicants Who Don’t Exist”WSJ, 6 March. 2018, https://www.wsj.com/articles/the-new-id-theft-thousands-of-credit-applicants-who-dont-exist-1520350404.
 
“Balance of auto loans linked to synthetic fraud soars” Automotive News, 7 May 2018, http://www.autonews.com/article/20180307/FINANCE_AND_INSURANCE/180309580/balance-of-auto-loans-linked-to-synthetic-fraud-soars
 
“Dealers vulnerable to hackers, survey warns” Automotive News, 20 June 2016 http://www.autonews.com/article/20160620/OEM06/306209973/dealers-vulnerable-to-hackers-survey-warns