Chapter 15. Identity Theft and Synthetic Identities

Do you know who I am?

Elvis Presley¹

There’s an entertaining sketch by British comedians David Mitchell and Robert Webb in which a consumer is called by their bank and informed that money has been taken from their account by a fraudster who has stolen their identity. The consumer is unimpressed by the term identity theft, which he identifies (correctly, in this case) as the bank’s attempt to get out of reimbursing the money that has been lost. He still has his identity, he points out. It’s the money that’s gone.

Most banks, of course, are punctilious about reimbursing customers in cases of successful account takeover (ATO), which is what is really being described here. But the confusion reflected in the sketch about what identity theft really is should be addressed. This chapter focuses on identity theft and the closely related phenomenon of synthetic identities as those occasions on which fraudsters use a consumer’s identifying details to commit an attack whose success impacts a person’s identity rather than just their credit card or bank account. There is no universally accepted definition of identity theft or synthetic identity in this context—a problem that the US Federal Reserve is trying to solve. But there is general agreement about its key features, and we draw on these to form a working definition to use in this book.