How synthetic identity fraud is evolving, and how to fight it
Synthetic identity fraud is a common type of financial crime. In recent reports, 16% of merchants called it their most common source of fraud losses, on par with account takeovers and ahead of first-party fraud and incidence rates rose 153% from the previous survey.[1] However, despite its prevalence, this form of identity theft remains one of the most challenging crimes to detect. Why? Because of the “synthetic” piece of synthetic identity fraud.
Unlike with other forms of identity fraud, perpetrators are not stealing someone’s identity. Instead, they are making a new one entirely, potentially built piecemeal from a Social Security number and other details that have come out in a data breach or have been wholly generated. The lack of a consumer victim means there’s no one to report the theft, and therefore allows criminals to go undetected, and the charged-off balances are usually listed as a loss instead of fraud.
To get ahead of this trending form of fraud, you need to understand how synthetic identity fraud started, how it occurs, and how to prevent it.
What is synthetic identity fraud?
Synthetic identity fraud means a fraudster builds an identity to apply for a service like a bank account, credit card, or loan. Applying for these financial products requires a Social Security number. The fraudster will use a leaked number from a large-scale data breach and build a new digital identity around it.
Since there is no actual person associated with the synthetic ID, the damage to a real person’s credit — the owner of the stolen Social Security number — could go unknown for years.
Trends in the synthetic ID fraud field include taking advantage of a lifetime of building a credit score, or the theft of a child’s Social Security number that has never been used to apply for a financial product.[2]
Dealing with synthetic identity fraud means developing advanced payments fraud detection and prevention systems that use subtle signals in data to identify misuse. It’s important to ensure these systems and solutions don’t interfere with the customer experience for legitimate users.
Synthetic identity fraud trends to understand
Criminal fraud and misuse are evolving concepts. Being ready to cope with fraudsters means understanding how they operate. As they escalate their methods, using new tools like generative AI to make their fakes more convincing, you should be prepared to respond in kind.[3]
The following are five ideas to keep in mind about the state of synthetic ID fraud and are your best bet to fight back.
Tactics go beyond “Frankenstein identities”
The first synthetic identities were created by combining different aspects of identification information from multiple people. For example, a perpetrator would start with one person’s legitimate Social Security number, then add in someone else’s email address, another person’s cell phone number, and so on. Piece by piece, a new — and completely synthetic — identity is created.
These “Frankenstein identities” are still common, but new and improved ways to commit synthetic identity fraud have emerged. Because Social Security numbers are now issued randomly, identity fraud investigators can no longer use the previously significant numbers (like the area and group numbers) in a Social Security number to match with birthplace or age information.[4]
This leaves the door open for criminals to make up Social Security numbers to go with the synthetic identities they create. This form of synthetic identity fraud presents almost insurmountable obstacles for financial institutions to determine identity legitimacy.
Fraudsters are becoming more skilled
Perpetrators of synthetic identity fraud continue to refine their methods, making their schemes harder to detect and more costly to unravel. One of their latest tactics is to open multiple bank and credit card accounts under their fictitious identities. They start out using the accounts and even make timely payments. This allows them to begin to establish a credit history for the synthetic identity, leading to improved credit scores and incremental purchasing power.
After several months — even years — of doing this, a criminal can amass dozens of accounts with large credit limits. They then use their credit to buy products they can easily resell and max out their cash-advance limits before banks detect the problem. In some cases, offenders have even convinced creditors that their fake personas were victims of fraud, gotten their credit restored, and then defrauded the institution again.
Readily available data fuels synthetic identities
We live in a digital world, and the pace at which individuals and organizations create, store, and share data is extraordinary. This data overload enables synthetic identity fraud in two ways:
- The sheer amount of public personal data disseminated online in forums and social media makes it easy for criminals to gather the information they need to piece together fake personas.
- Techniques like phishing, smishing, and vishing[5] have enabled criminals to opportunistically solicit personally identifiable information from unsuspecting consumers. These actions are normally carried out under the guise of a trusted organization.
Data is so accessible that perpetrators can buy a person’s name, birth date, and Social Security number on the dark web for just a few dollars, especially when purchasing in bulk.[6] Individual pieces of personal data can cost even less and might be all a villain needs to build an identity.
Even facial identification isn’t safe
Cybercriminals work to outsmart the tools banks use to authenticate their customers. Fraudsters have become more sophisticated at creating emails and spoofed sites that look real even the most discerning customers. They have set up sophisticated phishing schemes to trick people into submitting large amounts of personal information.
These schemes are not only successful in obtaining usernames and passwords, but they’re often able to trick consumers into answering even more personal questions. These can then be used to take over the victim’s identity.
Data-based methods are an effective countermeasure
As synthetic identity theft continually evolves, so too must the fight against it. While criminals go to great lengths to make their fake identities seem like real, functioning individuals, they naturally concentrate their efforts on the companies and accounts they are attempting to scam.
The real power to unravel these schemes may be in combining link analysis techniques and consortium data to provide actionable intelligence to flag the transaction and mitigate the risk upfront.
An example of this method in action may be to discern that multiple institutions have accounts in different names but tied to the same address, phone number, or email address.
Tools to fight synthetic identity fraud
Accertify’s established relationships with the largest banks and eCommerce brands in the world enable us to have unparalleled insight into rich community data that we can use to detect synthetic identities at account origination and continually monitor, quarantine, and remove ones that may already exist in your portfolio.
Our machine learning capabilities and risk-decision engine use behavioral biometrics, device intelligence, and third-party data to provide a risk score and explainable reason codes that organizations can trust. Based on this score and the organization’s risk policies, the credit issuer can flag account openings and transactions to be challenged. All of this is done without impacting the customer experience.
That latter point is key. If your brand’s digital identity verification measures cause too much friction for your legitimate customers, you may lose business over the inconvenience. Digital identity verification methods powered by machine learning and artificial intelligence should behave subtly, sorting out fake information from real information in a largely invisible way.
Enhance your fraud prevention efforts with Accertify
As criminals become ever more sophisticated in their efforts, taking on generative AI and other advanced tools to step up their fraudulent activity, it’s up to your company to build a financial fraud detection and prevention ecosystem that’s up to the task.
The sooner you implement Accertify’s account protection solutions, the quicker you can harden your synthetic identity fraud detection methods, along with your defenses against more traditional identity theft and other financial crime methods.
Request a consultation to learn how Accertify Account Protection can help you move at the speed of right, while defending your institution against synthetic identity fraud and new account fraud.
[2] Federal Reserve Bank of Boston, 2025
[3] Federal Reserve Bank of Boston, 2025