What Is Synthetic Identity Fraud and How Can Banks Detect It?

Synthetic identity fraud crossed the $35 billion loss threshold in 2023, according to the Federal Reserve Bank of Boston, making it a category that compliance officers can no longer treat as a niche risk. Unlike account takeover fraud, where a real victim eventually notices, synthetic fraud operates in silence. A fabricated identity quietly builds creditworthiness for months, then drains every available credit line before the bank realises the customer never existed. This article breaks down how synthetic identities are engineered, why standard Know Your Customer (KYC) onboarding often misses them, and what layered detection looks like in practice.

What is synthetic identity fraud?

Synthetic identity fraud is distinct from traditional identity theft in one critical respect. There is no single victim who reports the crime, which means the fraud can persist for years before a bank detects it. Understanding the structure of a synthetic identity explains why conventional fraud models, built to detect account takeover or impersonation, consistently miss it.

How it differs from traditional identity theft

With traditional identity theft, a fraudster steals an existing person’s complete identity and impersonates them. The real person eventually discovers the fraud through a credit bureau alert, a bank notification, or a collections call. With synthetic identity fraud, the fabricated persona has no real owner to raise the alarm. The “victim” is non-existent, so the fraud only surfaces when the perpetrator chooses to disappear. Financial institutions also tend to classify synthetic identity losses as credit write-offs rather than confirmed fraud, which means the scale of the problem is almost certainly underreported across the banking sector.

How synthetic identity fraud works

Synthetic identity fraud follows a deliberate, multi-stage lifecycle. Fraudsters do not rush to cash out. They invest months or years building the synthetic identity’s credit history to maximise the eventual payout. The Deloitte Center for Financial Services identifies synthetic identity fraud as the fastest-growing financial crime in the United States, driven in part by how effectively fraudsters exploit onboarding-only verification processes. Examining the full lifecycle of synthetic identity construction reveals why a single KYC checkpoint at onboarding is structurally insufficient.

Building the synthetic persona

A fraudster begins by obtaining a real SSN, often belonging to a child, an elderly person, or someone with a thin credit file, and pairing it with a fabricated name, date of birth, and address. The combined profile is submitted to lenders for small credit products. Initial rejections still create a credit bureau entry for the synthetic identity, which becomes the foundation for the next application. Over time, the fraudster adds authorised-user status on legitimate accounts to accelerate credit score growth.

The bust-out phase

Once credit limits are high enough, the fraudster executes a bust-out attack by maxing out every available credit line simultaneously and then disappearing. The Deloitte Center for Financial Services estimates the average payoff from a single bust-out at between $81,000 and $98,000. The slow build means banks often flag these accounts as credit defaults rather than fraud, which delays detection of the broader pattern.

Why are banks particularly exposed to synthetic identity fraud?

Banks carry the highest exposure to synthetic identity fraud for two structural reasons. The Bank Secrecy Act (BSA) and KYC requirements set a compliance baseline for customer onboarding, but that baseline was designed to verify the identity of a real person, not to detect a well-constructed fiction. Generative artificial intelligence (AI) has further compounded the problem by dramatically lowering the skill and time required to fabricate convincing supporting documents.

The KYC onboarding gap

Standard KYC onboarding verifies that the presented identity exists and that the documents supporting it appear genuine. It does not verify that the assembled identity belongs to a real, living person. A synthetic identity built from a real SSN paired with fabricated details can pass document-only checks because the SSN itself is legitimate. The gap sits between “the document is authentic” and “the person is real,” and it is exactly where synthetic identities survive initial screening.

AI is lowering the barrier to entry

Generative AI tools now allow fraudsters to create photorealistic identity documents, deepfake selfies, and fabricated utility bills at scale. What once required specialist skills and significant resources now takes minutes. Understanding how deepfake techniques bypass standard biometric controls illustrates why document-only verification is structurally insufficient against the current generation of synthetic fraud. The Financial Action Task Force (FATF) Customer Due Diligence guidance explicitly identifies digital identity verification as a risk area requiring multi-factor validation, precisely because document-only checks no longer provide sufficient assurance against sophisticated fabrication.

How banks can detect synthetic identity fraud

Detecting synthetic identity fraud requires moving beyond document-only onboarding checks. The Deloitte Center for Financial Services projects that synthetic identity fraud will generate at least $23 billion in annual losses by 2030. Catching synthetic identities before they reach the bust-out phase requires stacking four detection layers, each addressing a different gap in the fraud lifecycle.

Document verification with forensic AI

Document verification powered by artificial intelligence goes beyond reading the text on an identity document. Forensic checks validate security features, detect digital manipulation, and cross-reference document templates against known-good specimens from a global library. A synthetic identity built around a genuine SSN often fails at this stage because the supporting documents carry forensic markers that a trained AI model identifies. Joining document forensics with biometric checks closes the gap between “document is real” and “person is real.”

Biometric liveness detection

Face verification with real-time liveness detection binds the onboarding session to a physically present person. Active liveness checks prompt subtle gestures to confirm presence. Passive liveness analyses depth, texture, and frequency-domain signals in the background without disrupting the user experience. Both methods catch presentation attacks, including deepfake video feeds and 3D masks, that fraudsters now use to bypass camera-based checks. Biometric binding between the live face and the verified document creates a connection that a synthetic identity cannot produce.

AML screening

AML screening cross-references applicants against global sanctions lists, politically exposed persons (PEPs) databases, and adverse media sources at the point of application and throughout the customer lifecycle. Synthetic identities are sometimes assembled around SSNs that carry prior credit fraud flags or belong to deceased individuals. Those signals surface during watchlist checks that a document-only onboarding flow would never reach.

Behavioural monitoring

Post-onboarding monitoring tracks signals that synthetic identities generate even after passing initial checks. Rapid credit utilisation across multiple products, unusual repayment patterns during the nurturing phase, and navigation behaviours inconsistent with a genuine customer profile all flag accounts for review. Detecting the bust-out before it completes requires joining post-onboarding transaction signals with the original identity verification record.

How Shufti helps banks detect synthetic identities

Synthetic identities are designed to defeat single-layer onboarding checks. Banks that run document verification alone miss the fraudster who submits a real SSN with forged supporting documents. Banks that run biometric liveness without document forensics miss the identity where the document is fabricated but the selfie passes a basic check. Catching synthetic identities requires these layers to run together and cross-validate each other’s outputs.

Shufti’s fraud prevention platform combines document forensics, biometric liveness detection, and AML screening in a single integration. Document and face verification results cross-inform each other, so a document that passes forensic checks but fails biometric binding is escalated for review rather than approved on a partial pass. AML screening then validates that the assembled identity does not carry pre-existing fraud signals in sanctions or adverse media databases.

For banks dealing with the credit-nurturing lifecycle of synthetic fraud, layered verification covering both onboarding and post-onboarding signals closes the structural gap that document-only KYC leaves open. Shufti’s combined approach means synthetic identities are challenged at the point of application, not discovered months later when the damage is already done.

Synthetic identity fraud survives onboarding because banks verify documents and faces in isolation rather than treating them as a combined signal. Shufti’s fraud prevention platform runs document forensics, biometric liveness, and AML screening as a unified pipeline, so synthetic identities are flagged at the point of application and not months later when they attempt to cash out. Request a demo to see how the layered detection flow works on your onboarding volumes.