Synthetic identity fraud: How to detect and prevent it

Synthetic identity fraud refers to real and fabricated information used to create fake identities that criminals use to open accounts and commit fraud. Unlike stolen identity fraud, where criminals impersonate real people, synthetic identities don't belong to anyone, making them harder to detect through traditional verification methods. 

Javelin's 2025 Identity Fraud Study reported that overall identity fraud losses reached nearly $27.2 billion in 2024, a 19% increase from the prior year. The financial services industry is particularly at risk, as fraudsters exploit gaps in digital identity verification systems during account opening and onboarding. Fraudsters are increasingly targeting other sectors as well, including real estate, property, and automotive transactions, underscoring the need for broader identity verification.

What is a synthetic identity?

A synthetic identity is a fake identity that combines real personal information, such as a Social Security number, with fraudulent or fabricated information, such as identity documents. Fraudsters create and use synthetic identities to pass identity verification checks for online platforms. These insidious identities are often used to create bank accounts or apply for loans.  

What is synthetic identity fraud?

Synthetic identity fraud occurs when criminals create new identities by combining real personal information, like stolen Social Security numbers, with fabricated data such as fake names, addresses, and birth dates. Fraudsters use these manufactured identities to open financial accounts, build credit histories, and eventually commit fraud at scale. The synthetic identity fraud definition centers on this blend of authentic and invented elements, which allows these fake profiles to pass initial screening checks and remain undetected for months or years.

There are several forms of synthetic identity fraud, including:

• Identity compilation: Some synthetic identities are created with both real and fake data. For example, a fraudster may use someone's Social Security number and date of birth, but a fake name and address. 

• Identity manipulation: Rather than using fake data, the fraudster may manipulate a document, such as adding a different name to a paycheck stub or a new birthday to a legitimate driver's license.

Why are synthetic identities becoming more common?

Several factors have contributed to the rise in synthetic identities and synthetic identity fraud. One factor is the increased amount of personally identifiable information (PII) data available on the dark web, which has made third-party synthetic ID theft easier. When fraudsters have access to more Social Security numbers, birthdates, and other information, there are simply more opportunities to combine and manipulate that data. 

Another factor contributing to the increase in synthetic fraud is the Social Security Administration's (SSA) decision to randomize Social Security number (SSN) assignments. Assignment of SSNs used to rely on a formula, which made it easier for anti-fraud algorithms to spot fake numbers. While the change was designed to help prevent fraud by making the numbers less predictable, it also made synthetic identity fraud detection more difficult. 

Additionally, generative AI tools allow criminals to automate the collection and assembly of PII into synthetic profiles at scale. What once required manual effort and technical expertise can now be executed in seconds, making it easier and faster to create convincing synthetic identities. As these tools continue to evolve, the cost and effort required to commit fraud decrease, and the volume and sophistication of attacks continue to rise.

How does synthetic identity theft occur?

Synthetic identity theft is a complex form of fraud that can occur in multiple ways. In general, fraudsters use these steps:

1. Gathers personal information: The fraudster begins by collecting names, dates of birth, Social Security numbers, addresses, and other data from data breaches, social media, and public records. 

2. Creates a synthetic identity: Once the fraudster has enough information, they combine real and fake data to create a synthetic identity.  

3. Builds a credit profile: Once the identity is created, the fraudster may spend months or years building a credit profile before taking action. 

After a fraudster has built a credit history, these bad actors pursue their goal—stealing money. They may take out a loan and then use the real and verifiable elements of their synthetic identity to claim identity fraud. Or they may take out a small line of credit, pay it back, then take out a larger loan and disappear without paying the debt. 

“Piggybacking” is a common tactic in which someone adds a synthetic identity to an established credit profile, often inheriting a positive credit history. Other tactics include using Social Security numbers from minors or deceased individuals, which are less likely to trigger alerts since these SSNs often have little or no existing credit activity.

Synthetic vs. stolen identity fraud

Synthetic identity fraud creates fabricated profiles using a mix of real and fake elements, while stolen identity fraud uses someone's complete, real identity. Synthetic identities prove harder to detect because they don't match existing records or trigger victim reports. One-third of Americans have been victims of identity fraud, yet synthetic fraud often remains unnoticed for months—even years—to traditional verification systems.

Synthetic identity fraud

Synthetic identity fraud represents a sophisticated threat where criminals blend legitimate data, typically a valid Social Security number from a child or elderly person, with fictional personal details to manufacture entirely new personas. Fraudsters cultivate these identities over time, opening accounts, making small purchases, and building credit scores before executing large-scale theft.

The Consequence

Financial services firms suffer the highest losses because synthetic identities appear legitimate during onboarding, passing basic checks while accumulating credit lines. The fraud becomes apparent only after criminals max out accounts and disappear – commonly known as bust out fraud – leaving institutions with unrecoverable losses and no real person to pursue. Fraud detection tools, like device fingerprinting, help identify patterns across these manufactured identities, but fraudsters continually adapt their methods to evade detection systems.

Stolen identity fraud

​​Stolen identity fraud happens when criminals obtain and use someone's complete personal information without permission to impersonate them for financial gain. Fraudsters acquire real credentials through phishing emails, data breaches, account takeover schemes, or physical theft of documents.

The Consequence

Fraudsters use these stolen details to open credit cards, take out loans, file fraudulent tax returns, or access existing accounts. According to FTC data, credit card account thefts increased by roughly 31% from Q3 2024 to Q2 2025. Victims typically discover the fraud through unexpected charges, credit report changes, or collection notices for debts they never incurred.

Financial institutions can detect stolen identity patterns more readily than synthetic fraud because the activity conflicts with the legitimate account holder's established behavior and location. Companies that implement comprehensive KYC (know your customer) protocols reduce their exposure by verifying that applicants match their claimed identities through multiple data sources and behavioral signals.

How big is the threat of synthetic identity fraud?

The impact of synthetic identity theft is hard to measure because it is often reported as charge-offs due to bad debt or other reasons. Synthetic identity fraud can also be hard to detect, and once it’s discovered, there’s no standardized process for recording or recovering losses. Some banks may record the loss as a credit loss, while others may account for the loss as third-party fraud.

According to TransUnion, U.S. lenders faced potential losses of $3.3 billion from synthetic identities across credit cards, auto loans, personal loans, and retail cards at the end of 2024. This is an all-time high since the company began tracking synthetic identity exposure in 2009. That figure represents a 3% increase from the end of 2023, signaling steady year-over-year growth.

Auto loans continue to account for the largest share of exposure, but the rate of synthetic activity in bankcard credit inquiries surpassed 1% at the end of 2024, the first time on record. In total, roughly 0.32% of attempted account openings now involve synthetic identities.

How do you detect synthetic identity fraud? 

Detecting synthetic identity fraud requires multi-layered verification that cross-references data from credit bureaus, government databases, and behavioral analytics. Traditional methods fail because synthetic identities don't match existing records, but also don't trigger obvious red flags.

Machine learning models analyze application patterns, identifying anomalies like unusually recent credit file creation, thin credit histories, or suspicious velocity of account openings across institutions. 

Neural networks excel at spotting subtle correlations that human reviewers miss, such as shared device identifiers, IP addresses, or email domains across supposedly unrelated applicants. Companies must verify phone numbers, email addresses, and physical addresses against multiple databases to confirm authenticity. Behavioral checks during onboarding reveal inconsistencies, like applicants who can't answer knowledge-based questions about their supposed credit history.

How can you prevent synthetic identity fraud?

As previously mentioned, financial institutions, fintech apps, and trading platforms are the most common victims of synthetic identity fraud. For these businesses, there are several ways to fight against it. 

Evaluate multiple sources of identification

Looking at multiple sources of data helps improve data accuracy. Plaid embraces a defense-in-depth fraud strategy for a layered, robust assessment of fraud risk. For example, organizations should verify customer information against reliable data sources, validate documentary legitimacy, and perform liveness checks.   

• Data source: Does the person know their personally identifiable information (PII)? Does it match an authoritative source?

• Documentary: Does the person physically possess an authentic government-issued ID document?

• Liveness: Can the person, using their mobile phone camera, follow a few instructions to prove they are a real person?

Additional identity verification measures can further reduce risk by confirming a user’s identity. Age estimation flags major discrepancies between a user’s stated age, their ID document photo, and the selfie they provide. DMV checks confirmthe driver’s license information against official DMV records. Likewise, facial de-duplication helps prevent repeat attacks by cataloging faces and detecting potential duplicates across selfies and document photos.

Leverage machine learning 

In addition to verifying identity through multiple methods, advanced identity verification systems run a variety of behind-the-scenes fraud checks to detect potential red flags.

Using sophisticated neural networks, these systems can:

• Apply Optical Character Recognition (OCR) to confirm that the information included in the data source verification matches the information on the government-issued document.

• Perform facial matching to confirm that the face captured during the liveness test matches the photos on the government-issued ID document. 

• Conduct selfie verification to confirm the person in the liveness check is real and not, for example, a printout of someone’s face. This is done by analyzing features like skin reflectivity, screen patterns, and signs of photo manipulation.

• Confirm that the person has active online accounts, such as a valid email address, phone number, and social media accounts. 

• Alert you to repeated ID verification attempts from a single IP address, device, and more.  

Leverage network fraud intelligence

Fraudsters hide across sessions, devices, and time. They diversify their attacks across different companies and industries. To get a true view of synthetic identity fraud, organizations need fraud intel beyond their four walls. Anti-fraud networks are a collaborative anti-fraud effort between multiple institutions, including banks, fintech apps, and other stakeholders. By leveraging network-only intelligence, members of the network can mitigate fraud more effectively. 

Beyond anti-fraud consortium networks, other financial networks based on behavior or device activity can provide another layer of fraud defense. Protect, Plaid's AI-powered fraud intelligence platform, is built on Plaid’s network, leveraging insights from a billion device connections across 7,000 apps and services. Having fraud-specific intelligence across a diverse range of companies and industries allows businesses to detect fraud across the entire user journey – from first interaction to transaction. 

Protect’s machine learning fraud model, the Plaid Trust Index, uncovers patterns between seemingly disparate events across digital finance. The Trust Index delivers a point-in-time risk of fraud score based on: 

• Network intelligence: Data aggregated across a billion device interactions, showing how users and devices behave across the financial ecosystem.

• Advanced Identity intelligence: Identity insights, including data consistency and verification behaviors.

• Bank account insight: Signals from linked accounts, such as account age, changes in contact info, or high-velocity usage patterns.

• Consortium feedback: Fraud reports shared across Plaid’s customer network, allowing risk signals to travel in real-time.

Watch the video below to learn how to leverage the power of the Plaid network to reduce fraud.

The future of synthetic identity fraud 

Synthetic identity fraud is likely to continue growing in the coming years. Bad actors have access to increasingly sophisticated technology and more data than ever, lowering the barrier to entry. 

To stay competitive and limit fraud risk, the financial industry must remain at the forefront of fraud prevention. This means leveraging tools like robust identity verification, artificial intelligence, machine learning, and network data and insights to quickly detect and defend against synthetic identity fraud attempts. 

Synthetic Identity Fraud: Frequently Asked Questions

Who is most at risk of synthetic identity fraud?

Children, elderly individuals, and people who rarely check their credit reports face the highest risk because fraudsters steal their Social Security numbers to build synthetic identities. Financial institutions and fintech apps also bear significant risk, absorbing losses when synthetic identities default on credit after months of cultivated legitimacy.

What are the warning signs of synthetic identity fraud?

Red flags include credit files with recent creation dates, limited account history despite claimed age, addresses linked to multiple unrelated identities, and phone numbers registered to different names. Inconsistent application data, such as mismatched email domains and stated employment, also signals potential synthetic identity fraud.

How can businesses detect synthetic identity fraud early?

Businesses detect synthetic identity fraud by implementing multi-source verification that validates Social Security numbers, addresses, phone numbers, and email accounts against authoritative databases. Machine learning models analyze application velocity, device characteristics, and behavioral patterns to flag suspicious accounts before approval. Real-time screening during onboarding, combined with ongoing transaction monitoring, catches fraud synthetic identities before they accumulate significant credit exposure.

Which type of fraud is harder to detect: synthetic or stolen identity fraud?

Synthetic identity fraud proves harder to detect because these manufactured identities don't belong to real victims who would report suspicious activity. Stolen identity fraud triggers alerts when behavior deviates from established patterns or when victims notice unauthorized transactions. Synthetic identities can operate undetected for years, gradually building credit histories that appear legitimate until the final bust-out phase.

Can both types of fraud be prevented completely?

Complete prevention remains impossible, but organizations dramatically reduce exposure through layered defenses combining identity verification, behavioral analytics, and continuous monitoring. The synthetic identity fraud definition itself suggests constant evolution as fraudsters adapt to new security measures. Companies minimize risk by implementing adaptive systems that learn from emerging fraud patterns and adjust detection criteria in real time.

What are the consequences of synthetic or stolen identity fraud?

Financial institutions absorb direct losses from charged-off accounts, legal costs, and regulatory penalties for inadequate fraud controls. Stolen identity fraud victims spend months recovering their credit, disputing fraudulent accounts, and restoring their financial reputations. Synthetic identity fraud damages the broader financial system by inflating charge-off rates and forcing institutions to tighten credit availability, which impacts legitimate borrowers seeking access to financial services.

Final Notes

Synthetic identity fraud and stolen identity fraud pose distinct but equally serious threats to financial institutions and their customers. 

Synthetic identity fraud combines real and fabricated information to create personas that evade traditional verification, while stolen identity fraud impersonates actual people. Both types demand sophisticated detection strategies that extend beyond basic checks. Organizations must deploy multi-layered verification, machine learning analytics, and behavioral monitoring to identify fraud patterns early.

Identity Verification (IDV) from Plaid enables fintech companies to authenticate users instantly while maintaining robust security against synthetic and stolen identity threats. IDV is available standalone or as a module under Plaid Protect, our real-time, modular, and scalable AI-powered fraud intelligence platform that assesses fraud risk in real time across all stages of the user journey, helping organizations prevent fraudulent access before losses occur.

Companies that stay proactive with these tools reduce fraud losses, accelerate legitimate customer onboarding, and build trust in their platforms. The fight against synthetic identity fraud requires constant vigilance as fraudsters refine their techniques, making adaptive security systems essential for long-term protection.