Business July 2, 2025

What is synthetic identity fraud? How it works and how to prevent it

profile picture Sofi Summers 8 min read
Synthetic identity fraud is committed by the theft of a real piece of persoanl information such as an SSN, and combined with false information to make up an entirely synthetic identity that often bypasses traditional checks

What is synthetic identity fraud?

Synthetic identities are fake identities, built by combining real and made-up information, earning them the nickname “Frankenstein IDs” due to their pieced-together nature.

Synthetic identity fraud is different to traditional identity fraud as it doesn’t involve an obvious, immediate consumer victim. These fake profiles are designed to mimic real customers, often slipping past traditional fraud detection systems because they don’t raise typical red flags. As a result, the primary victims of synthetic identity fraud are businesses and lenders, who bear the financial losses.

 

How synthetic identities are created and used

Fraudsters combine real data, such as a Social Security number (SSN), often stolen from vulnerable populations such as children, people experiencing homelessness or deceased individuals, and combine it with false names and addresses.

The identities are then grown over time by establishing credit histories and building positive credit profiles. Once creditworthiness is established, the fraudsters then max out loans and lines of credit, before disappearing into the night. This is known as ‘bust-out fraud’.

This lengthy process of securing access to increasing amounts of credit over a prolonged period is a hallmark of synthetic identity fraud.

 

The financial and reputational impact on businesses and consumers

For businesses targeted by synthetic identity fraud, the main impacts include:

  • Billions in financial losses annually: some estimates reach over $6 billion.
  • Increased operational costs: millions of hours are spent chasing non-existent individuals who have defaulted on the debts.
  • Misclassification of defaults: due to an absence of obvious signs of fraud, these defaults are often not recognised as criminal activity.

While businesses bear the immediate financial losses associated with synthetic identity fraud, it is not without a consumer victim. People whose SSNs are used to create synthetic identities can suffer long-term and often long-undetected damage to their credit histories.

For example, a child’s credit can be destroyed long before they ever need to access it. Victims often face a lengthy, time-consuming and stressful cleanup process to prove they are not responsible for the fraud.

 

How businesses can identify synthetic identities in their systems

Research by LexisNexis suggests that traditional fraud tools fail to detect 85% of synthetic identity fraud cases.

Some key red flags that may indicate a synthetic identity include:

  1. An unusually high volume of credit applications in a short time: These might be for small credit products like store cards, phone contracts or “buy now, pay later” plans. Fraudsters do this to try and quickly build credit.
  2. Missing signs of real-life activity: The individual doesn’t show up in places you’d expect a genuine person to. There’s no school or employment history, no voter registration records, no utility bills and no record of address changes.
  3. Shared contact details across multiple identities: Fraudsters often reuse the same email addresses or phone numbers when managing several fake profiles.
  4. Static personal information: Real users typically update their details over time. In contrast, for synthetic identities, details such as home addresses, emails or employment histories rarely change over time. 99% of synthetic identities remain unchanged over 2 years.

 

Detect and prevent synthetic identities in your onboarding process

To effectively spot synthetic identities during onboarding, businesses need to go beyond standard AML, KYC and CDD checks. Strengthening your fraud screening process with additional layers of verification can help uncover these hard-to-detect profiles before they gain access.

Move beyond basic credit checks

SSN and basic credit checks are no longer enough to verify identity, especially when it comes to detecting synthetic fraud. Fraudsters’ use of real, valid SSNs paired with fabricated personal details means that these combinations can pass basic checks and build legitimate-looking credit histories over time. Synthetic identities can often slip through this traditional, single-data point system of verification undetected.

Employ advanced document verification

Advanced document authenticity checks are designed to detect abnormalities or signs of tampering in the submitted identity documents, to help ensure you are dealing with a real identity document. Yoti’s identity verification service performs AI-led authenticity checks and, if required, you can also leverage our team of over 200 verification experts to manually assess documents.

Use biometric authentication to strengthen identity verification

It is important to ensure the person’s face matches the photo on their identity document. This can be done using a combination of face matching technology and expert human reviewers (such as Super Recognisers) for more complex cases.

For extra assurance, you should include liveness detection checks for anti-spoofing alongside protection against deepfakes and generative AI attacks.

Importantly, fraudsters are extremely reluctant to tie their real biometrics, such as their face or fingerprint, to fake profiles. This makes biometric verification a powerful tool – not only for detecting and preventing fraudulent attempts, but also as a strong deterrent against targeting your business in the first place.

Use database and third party checks

Verifying applicant data against trusted sources can help reveal common red flags in synthetic identity fraud. This includes screening for matches on financial crime and sanctions watchlists, as well as checking for death indicators or discrepancies in government-held records.

In the US, businesses can also use the Electronic Consent Based SSN Verification (eCBSV) system to confirm that an SSN, name and date of birth combination matches official Social Security Administration records.

Beyond this, participating in anonymised industry-wide data sharing can be highly effective in monitoring and tackling the problem at large. By pooling insights across organisations, businesses can identify suspicious behaviour patterns and anomalies that may not be visible in isolation. These broader intelligence networks are a powerful tool for keeping up with the evolving tactics used for synthetic identity fraud.

Perform network analysis

Look for signs of organic identity development that suggest you are dealing with a real person, such as a consistent digital footprint, social media presence or connections to other verified individuals. Synthetic identities often lack these signs and appear isolated or disconnected.

 

How consumers can protect themselves from synthetic identity fraud

While businesses bear the bulk of the financial burden, individuals can still suffer long-term damage from synthetic identity fraud. It is essential to take proactive steps to protect your personal information and remain vigilant for any suspicious activity.

  1. Be highly protective of your personal information: Treat sensitive data, such as your SSN, passport number or national ID, as high-value assets. Only share them with trusted organisations, and never in response to unsolicited emails, messages or phone calls.
  2. Monitor your credit reports regularly: Regularly check your credit records with major credit reference agencies (such as Experian, Equifax and Transunion) for any unusual activity or credit applications that weren’t made by you. Most agencies offer tools that send alerts when there are changes to your report, helping you react quickly to potential fraud.
  3. Report suspicious activity immediately: If you see any unfamiliar accounts, credit checks or correspondence that doesn’t make sense, act quickly. In the UK, report it to Action Fraud. In the US, contact the Federal Trade Commission. The sooner fraud is reported, the easier it is to limit the damage.
  4. Take extra steps to protect your children’s identities: Children’s identities are particularly valuable to fraudsters because they often remain unused for years, giving synthetic identities time to grow undetected. Some countries allow you to freeze a child’s credit file to prevent new accounts from being opened in their name. Check with your local credit agencies or government websites to see what options are available in your region.

Understanding the risks is your first line of defence. Take time to learn about identity theft and how to stay safe online, and follow trusted sources for guidance on the latest threats and best practices.

 

Closing the gaps in identity verification to tackle synthetic identity fraud

Synthetic identity fraud comes at a high cost to businesses. Its stealthy nature and reliance on fragmented or fabricated information make it challenging to detect using outdated verification processes.

To close the gaps, businesses must adopt a layered, intelligence-led approach. This means combining biometric checks, advanced document analysis and shared data insights to build a more comprehensive picture of identity that cannot be easily mimicked. At the same time, consumers need support and education to protect their personal information and recognise warning signs early.

Tackling synthetic identity fraud is a critical step toward building trust, reducing risk and staying one step ahead of sophisticated fraud.

To learn more about how Yoti can help you protect your business from synthetic identities and other sophisticated fraud, please get in touch.

Keep reading

Articles July 3, 2025

How accurate can facial age estimation get?

Facial age estimation using machine learning has advanced significantly in recent years. But, a common and fair question still arises: How accurate can it really be? Can a system look at your face and accurately guess your age, especially when humans often get it wrong? The short answer is that it’s very accurate – but not perfect. We explain why.   The myth of 100% accuracy It’s important to set realistic expectations. No facial age estimation model can achieve 100% accuracy across all ages.  Human aging is highly individual and shaped by many external factors, especially as we get

#age assurance#business
Matt Prendergast Matt Prendergast
6 min read
Woman presenting a 2d image trying to perform a presentation attack
Articles June 19, 2025

Why early detection is critical in stopping deepfake attacks

Digital identity and age verification are becoming integral parts of customer onboarding and access management, allowing customers to get up and running on your platform fast. However as customer verification tools become more advanced, so too are fraudsters seeking to spoof systems by impersonating someone, appearing older than they really are or passing as a real person when they’re not. Deepfake attacks, which can mimic a person’s face, voice or mannerisms, pose a serious threat to any business using biometric customer verification. In this blog, we explore why detecting deepfakes early is essential for maintaining trust, security and regulatory

#deepfake attacks#business
Elly Heath Elly Heath
6 min read
An image of a woman trying to buy a bottle of alcohol at a supermarket self-checkout terminal.
Articles June 17, 2025

"We need an army of Elliots" - why it’s bonkers we’re not using facial age estimation to sell alcohol

Let’s just get this out there: humans are not great at guessing ages. Don’t just take our word for it. Studies have proven this to be the case. Most of us reckon we can largely say if someone is under 25 using the Challenge 25 technique but when put to the test, the truth comes out: retailers do let some under 18s buy alcohol. Not always and not everyone, but some people are incorrectly estimated to be older than they really are. Let’s be honest, this is not ideal. Now, to be fair, not all humans are created equal.

#age assurance#business
Yoti Yoti
3 min read