What Credit Card Scammers Are Actually Doing

When Playing by the Rules Looks Suspicious

I was curious and wanted to learn more about how these criminal pricks actually swipe our credit card numbers, and how credit card fraud is so prolific throughout the industry. And, sometimes doing the normal or right thing with your credit cards can make you look like a criminal. I had been traveling, and while in Chicago, my credit card called me because I used my card in another city and at a liquor store. Two things that didn’t follow my pattern of typical usage. So I thought I’d share some of what I found, and help us understand how some of this works, and most importantly how to help protect ourselves.

I’ve also heard from plenty of folks who tried to pay down their credit card balance early, add a family member as an authorized user, or make a mid-cycle payment to keep their utilization low, only to have their bank freeze the account or flag it for fraud. Meanwhile, the actual scammers are running circles around the system, racking up billions in fraudulent charges. Yeah… f’n billions!

So why does this happen? Why does paying your bill early raise those red flags while actual fraud often flies under the radar for months? The answer is way more interesting (and kinda disturbing) than you might think. After digging into how credit card fraud actually works, I realized that the tactics criminals use to game the system look eerily similar to things regular people do every day. And that’s exactly the problem.

Let’s pull back the curtain on how this whole mess works.

Synthetic Identity Fraud Explained

First, we need to talk about synthetic identity fraud. This isn’t your old-school, grandma’s stolen credit card situation. This is next-level stuff.

Synthetic identity fraud is when scammers create completely fake people from scratch. Yeah ya know the Synths from Alien 🙂 Fake people!

Anyway, they’re not stealing your identity exactly, they’re building a Frankenstein identity using bits of real data mixed with made-up information. Think of it as creating a financial zombie that walks around looking legit enough to fool the system.

This is what makes this scary. These fake identities don’t have real victims who notice something’s wrong and report it. There’s no actual person checking their credit report and seeing fraudulent accounts. The actual “person” doesn’t exist, so nobody’s complaining. The bank just writes it off as a credit loss when the fake person eventually ghosts on their debt.

This, also, isn’t some small-time operation. According to TransUnion, U.S. lenders faced approximately $3.3 billion in exposure to suspected synthetic identities by mid-2024. That number represents auto loans, credit cards, retail credit cards, and unsecured personal loans tied to people who literally don’t exist.

How Fraudsters Create Fake People

So how do these criminals actually pull this off? It’s disturbingly simple once you understand the process.

Getting a Social Security Number

Prior to June 2011, Social Security numbers followed a predictable pattern based on geography and timing. Even though they’re randomized now (the Social Security Administration implemented SSN randomization on June 25, 2011), there’s still an algorithm involved, and people who know what they’re doing can work the system.

Scammers typically target Social Security numbers that don’t get used much. Kids and elderly people are prime targets because their credit files see little activity. True story. My Social Security number was used by my mom’s boyfriend to open credit cards when I was just an infant! What a dink! This is why freezing your children’s credit files isn’t just being paranoid anymore, it’s totally smart parenting.

And here’s what is really frustrating, we know all of our data is already out there anyway. The 2017 Equifax breach alone exposed sensitive information for 147 million Americans. Using Social Security numbers, birth dates, and even your mother’s maiden name for verification is basically worthless now. That horse left the barn a long time ago lol.

The Store Credit Card Strategy

Once scammers have their synthetic identity assembled, they need to bring it to life. Toss the lever to charge the Frankenstein identity with electricity! This is where it can get kinda clever.

The fraudsters walk into a retail store, maybe Target or Best Buy, and apply for a store credit card at checkout. The employees aren’t really trained to spot fraud, they’re basically incentivized to get as many applications as possible. So they happily run the application.

The scammer probably gets denied. But that application just created a credit file. Now this fake person exists in the system.

They repeat this process at a few different stores over several weeks. Each rejection adds more and more data to the credit file. Eventually, some issuer approves them for a tiny limit, let’s say $500. That bank figures their risk is minimal with such a small limit, but they just gave birth to a financial phantom baby.

The Authorized User Acceleration Trick

It can also get really crazy, and why having too many authorized users on your cards can trigger those fraud alerts.

These fake identities don’t immediately max out their first card. That would be too obvious. So, Instead they play the long game. They pay to become authorized users on existing real accounts. There are these sketchy credit repair services that act as brokers for this, connecting account holders who want to make a few bucks with fraudsters who want to boost their synthetic identity’s credit score.

When these authorized user accounts report to the credit bureaus, the fake person’s FICO score jumps. Every 10 to 21 days (depending on reporting speed), scores can jump 30 to 60 points. After six months of this, a completely fabricated person can have a 750 credit score.

This is why you can see fraud accounts with 70 or more authorized users! Are you kidding me! Real people are selling authorized user spots, and criminals are buying them to age their synthetic identities. Banks are finally catching on to this one and now consider having 10 or more authorized users on your cards a potential fraud flag.

Why Your Normal Behavior Looks Shady

Now that you understand how this kinda fraud works, let’s talk about why your legitimate financial moves sometimes trigger alarms.

Mid-Cycle Payments Get Flagged

There’s a scam out here called payment kiting. It goes something like this, someone with a $10,000 credit limit buys $10,000 worth of stuff, then sends in a $20,000 payment from a checking account with only $50 in it. Suddenly they have $20,000 of available credit to spend before that payment bounces a few days later. Wow! This is why I think blockchain technology will be better for the transfer of funds in the future.

This is why banks will sometimes flag mid-cycle payments or payments that exceed your current balance. You might be trying to keep your credit utilization low before your statement closes (which is actually smart financial behavior), but to the bank’s fraud detection system, you look like someone running a kiting scheme.

Too Many Authorized Users Raises Eyebrows

Want to help your kid build credit by adding them as an authorized user? Totally normal and I’ve done this! Added your spouse too? Makes sense. As we mentioned above, if you’ve got six or seven authorized users on your cards, the bank’s algorithm starts wondering if you’re selling authorized user spots to fraudsters.

Large Balance Transfers or Payoffs

Paying off a large balance in one shot? Financially responsible. But to a fraud detection system, it could look like you’re cycling money between accounts to manipulate available credit before disappearing with the goods. I’ve ran into this, and you may have to call the credit card company and they verify who you are before funds can be transferred for the payoff.

The Staggering Scale of This Problem

Let’s talk some numbers, because they’re pretty mind-blowing.

Big banks are hit hardest because it’s just easier for fraud to hide among millions of customers. Synthetic identity fraud now represents approximately 30% of all identity fraud cases and is considered the fastest-growing form of financial crime! That $3.3 billion figure I mentioned earlier? It’s up 3% from previous periods and continues climbing.

Every year, about 6 million new credit files get created with little to no history. There are roughly 20 million real and valid identities with overlapping Social Security numbers floating around the system. And because there’s no real victim to report the fraud or be contacted by the collection companies, most of this gets treated as routine credit losses and charged off.

The Rewards Game

These synthetic identities aren’t just using credit cards to buy stuff. They’re also gaming rewards programs too. Open a high-rewards card, run up charges, collect the points or cash back, then vanish. The bank eats the loss, and the fraudster walks away with rewards they converted to gift cards or other valuables. Just wow!

Merchant Rings and Fake Businesses

Some fraud operations cut out the retail middleman entirely. They set up merchant accounts (which is surprisingly easy for small businesses), run fake charges through the system, and kick money back to the cardholder minus merchant fees. Or they just create completely fictitious merchants just to process fraudulent transactions. They have balls!

The Credit Dispute Loophole

Credit repair services sometimes help preserve synthetic identities by abusing the dispute process. If you dispute an item on your credit report, the creditor has up to 30 days to investigate and respond. If they miss that deadline, the negative item gets removed, even if it was legitimate.

Fraudsters will dispute the same items repeatedly, hoping the institution fails to respond in time. Eventually, negative marks fall off, and the synthetic identity stays clean.

How to Protect Yourself

Alright, enough doom and gloom. Let’s talk about what you can actually do.

Freeze Your Kids’ Credit Files

Seriously, do this today. It’s free and takes maybe 20 minutes per child. Contact all three credit bureaus (Equifax, Experian, and TransUnion) and request a credit freeze for your children. This prevents anyone from opening new credit in their name.

Monitor Your Own Credit Regularly

Check your credit reports at least annually from all three bureaus. Look for accounts you didn’t open, inquiries you didn’t authorize, or authorized users you didn’t add. You can get free credit reports at AnnualCreditReport.com.

Be Strategic with Authorized Users

Adding family members as authorized users is fine, but keep it reasonable. If you’re adding more than a handful of people, or if you’re being approached by credit repair services offering to pay you to add authorized users, hard pass. I know people that have done this and make sure any service that offers this is legit!

Communicate with Your Bank

If you’re planning to make unusual payments or transactions, it can help to give your bank a heads up. Yeah, it’s annoying to have to explain your own money moves, but a quick call can save you the headache of a frozen account.

Use Strong, Unique Passwords

Since data breaches are inevitable, at least make it harder for criminals to access your accounts. Use a password manager and enable two-factor authentication everywhere you can. EVERYWHERE!

Review Statements Religiously

Don’t just check your balance, actually read through your transactions. Fraud doesn’t always look like a $5,000 charge at a jewelry store. Sometimes it’s small test charges that criminals use to verify the card works before they go bigger.

Be Skeptical of Credit Repair Services

Legitimate credit repair is mostly about disputing actual errors on your report. If someone’s promising to boost your score by hundreds of points through authorized user schemes or other questionable tactics, they’re likely operating in a gray area that could come back to bite you.

It’s Not You, It’s the System

Look, it can be frustrating that doing normal, responsible things with your credit can sometimes trigger fraud alerts. But understanding why this happens at least takes some of the sting out of it. They are doing this for your protection.

The credit card industry is fighting a multi-billion dollar battle against increasingly sophisticated fraud. These bad actors are high-tech, organized crime rings. The credit card companies are using algorithms and pattern matching to catch bad actors, and sometimes legitimate customers get caught in the crossfire.

The best thing you can do is stay informed, protect your data as much as possible, monitor your accounts regularly, and don’t take it personally when your bank flags something. Just calmly explain the situation, verify your identity, and move on.

And, freeze those kids’ credit files before someone else decides to build a financial future on your child’s Social Security number, like me!

Stay sharp out there. Horns up.