by Andy Renshaw
5 minutes • Fraud & Scams • January 21, 2025
Synthetic ID Fraud: Everything You Need to Know
Synthetic identity fraud goes beyond conventional identity theft. It creates an entirely new, seemingly legitimate identity, making it even more challenging to detect and prevent. Losses from synthetic ID fraud are projected to reach $23 billion by 2030, with banks and real people facing the fallout.
But this may be just the tip of the synthetic ID fraud iceberg. When combined with another type of fraud—account opening fraud—the potential losses increase even further.
Key Takeaways
- Fraudsters build synthetic identities using a combination of real and fictional information to create a new persona.
- Manipulation and manufacturing tactics: Fraudsters either adjust (or manipulate) an existing identity or build (or manufacture) a new one using various pieces of real and fake information.
- Criminals have three methods of legitimizing a synthetic identity: piggybacking, profit, or pollination.
- Red flags for synthetic ID fraud include thin credit histories, suspicious government identification patterns, recently activated phones, and more.
- For banks, synthetic ID fraud is particularly troubling when paired with new account fraud
What is Synthetic ID Fraud?
Synthetic identity fraud is a fake identity that combines real and fake information to commit fraud.
Here’s an example of how it works:
- Real Identity: Your actual name, birthdate, and social security number.
- Identity theft: Someone steals your real identity and uses it.
- Synthetic identity: A fraudster makes up a new identity by using your social security number with a fake name and birthday.
This makes it harder to detect because it’s not linked to a real person. Criminals use this fake identity to open credit cards or take out loans and then disappear without paying.
Large volumes of personally identifiable information (PII) records have been exposed through data breaches over the past few years, making it easier than ever for fraudsters to create synthetic identities.
How Can Banks Prevent New Account Fraud?
An abundance of compromised data available on the dark web provides criminals plenty of opportunities to commit new account fraud […]
Synthetic ID Fraud in Two Steps
Fraudsters use two key methods to commit synthetic ID fraud: manipulation and manufacturing.
Manipulation
Fraudsters can tweak a real person’s PII to build their fake identity. For example, they may change a customer’s name from “Robert” to “Bob,” change a birthday, or add a hyphen to their last name. These subtle changes give the appearance that the fake identity is legitimate and is hard to detect.
Manufacturing
Sometimes, fraudsters use different identifiers from multiple people by combining one person’s social security number or government ID with another person’s address and another person’s date of birth, and so on. Sometimes, they’ll also throw fake information into the mix or create a fake social media account to give the appearance of legitimacy.
The 3Ps of Synthetic Identity: Piggybacking, Profits, Pollination
Fraudsters’ first priority after building a synthetic identity is to legitimize the identity. From there, they seek to use the synthetic identity to turn a profit. Here are three ways they do that.
Piggybacking
Piggybacking prepares the fraudster for profit. They “piggyback” onto a legitimate user’s bank account or credit card. If they can add themselves as an authorized user (sometimes as a money mule), they can sit back and patiently watch as their credit history for their fake profile improves.
Profits
Having created an account and piggybacked their way to a strong credit score, fraudsters are ready to profit. The easiest way to do this is to use their strong credit scores to open credit cards and apply for loans they do not intend to repay. They can use fake identities to maximize profit and cash out when they have the opportunity, a tactic sometimes called a “bust-out.” Banks often write off their exploits as credit losses.
Pollination
Fraudsters want to maximize the value of their synthetic IDs. One of the most effective ways to do this is through a process known as “pollination.”
Fraudsters can use one fake identity to build legitimacy for other fake identities in rotation. Using this approach, fraudsters can build an arsenal of fake identities for various scams at any time—or sell them to illicit parties—to widen their opportunities for profit.
10 Synthetic Identity Fraud Red Flags to Watch Out For
Red Flag
Explanation
Why It Matters
1. Suspicious Government ID Patterns
Provided government ID number does not match age or date of birth.
An ID was recently issued, yet the applicant claims a long-established credit history.
Government ID numbers are often the backbone of synthetic identity fraud. Discrepancies suggest the number is fabricated or improperly obtained.
2. Thin or Non-existent Credit History
Applicant shows almost no credit or payment history despite claiming high-income or established background.
Synthetic identities often start with “clean” credit files or files with minimal data, raising questions about authenticity.
3. Mismatch in Key Details
Address, phone number, or email doesn’t align with other known databases.
Multiple addresses associated with a single government ID.
Con artists piece together data points from various sources, leading to inconsistencies in typical ID verification checks.
4. Multiple Recent Applications
Applicant repeatedly tries to open several new accounts or lines of credit in a short time.
Fraudsters “bust-out” quickly once an identity is established, maximizing available credit before disappearing.
5. Unusual Document Characteristics
Government IDs appear digitally altered or lack standard security features.
Inconsistent fonts, layouts, or holograms.
Fake documents are often less sophisticated or have formatting issues that don’t match official records.
6. Discrepancies in Personal Data
Date of birth conflicts with government ID issuance data or credit file records.
Name variations that don’t align.
Synthetic profiles often use partially correct data mixed with false details, leading to identity data conflicts.
7. Repetitive Contact Information
Same phone number or email address used across multiple unrelated accounts.
Synthetic identities sometimes share contact points to ease management by fraud rings.
8. Recently Activated or Prepaid Phone Numbers
Phone number appears to have just been activated or belongs to a prepaid line with little account history.
Fraudsters favor easily disposable phone numbers, which are difficult to trace and not tied to a physical address.
9. Rapid Credit Utilization
Customer quickly maxes out new credit lines without typical usage patterns (e.g., small purchases and gradual increases).
Synthetic IDs aim to draw out as much credit as possible, as soon as possible, before detection triggers.
10. Inconsistent Income or Employment Claims
Unusual job titles, inconsistent salaries, or employer names that don’t match established business databases.
Fraudsters may fabricate employment details to appear more credible when applying for credit lines or larger loans.
Synthetic ID Fraud + Account Opening Fraud: A Dangerous Pairing
Synthetic ID fraud isn’t the last stage in a fraudster’s journey. It’s the first step fraudsters take in a longer game: opening legitimate bank accounts using manufactured information. An estimated 95% of synthetic identities go undetected during a bank’s customer onboarding process.
Once a fraudster opens a bank account, they are in a position to commit a host of other crimes, ranging from bust-out fraud to money laundering.
Banks face a critical dilemma as they seek to stop account opening fraud powered by synthetic identities. First, they must stop criminals from successfully opening accounts with their organization. Second, they must not let their security interfere with or delay the experience of legitimate customers.
3 Tips for Banks to Stop Synthetic ID Fraud
Synthetic ID fraud poses a significant challenge to both banks and consumers. Banks need to look closely to find the synthetic identities hiding among legitimate customers. Here’s how do it:
Re-think Your Financial Institution’s Burden of Proof
Fraudsters are counting on banks to make onboarding and application processes seamless. That’s why it’s time to consider making it more challenging for applicants to provide proof of their identities and income by adding an acceptable layer of friction to the process.
Banks can implement additional security layers to slow the process down. This makes more lucrative transactions a burden for fraudsters but keeps the majority of operations seamless and friction-free for their trustworthy customers.
Look at Data Horizontally and Vertically
A loan application might look legitimate at first glance. However, looking only at the information provided to you is a horizontal view of the applicant’s data. It pays to take another, vertical view of the applicant by reviewing additional data sources.
Checking various sources can reveal whether the applicant’s name has been used in a different account or if the applicant’s phone number is associated with another person who lives in another part of the country. If the information is detected across multiple identities or accounts, a fraudster may be attempting to pollinate their fake identity.
Watch for Anomalies in the Data
Keep a close eye on behavior shifts for things that don’t add up. For example, there’s nothing suspicious about an individual with good credit from a specific zip code applying for a loan. But if the volume of applicants from the same location has suddenly shot up in the past year from a few hundred to several thousand, that’s a sign that something is wrong.
Checking the data thoroughly can also determine if multiple applications with different names originate from the same location or use the same electronic device. Control reporting can help banks monitor their application rates to see whether they are being attacked by comparing activity to typical default rates.
Synthetic ID fraud is more than just a financial crime. It’s a threat that undermines trust, fuels criminal enterprises, and puts billions of dollars at risk. It’s essential for banks to go beyond traditional verification processes by embracing advanced analytics and machine learning to protect themselves from financial fakes.
All expertise and insights are from human Feedzians, but we may leverage AI to enhance phrasing or efficiency. Welcome to the future.