TRANSUNION
06/29/2025
Blog
What is Synthetic Identity Fraud?
Synthetic identity fraud occurs when real and fake information are combined to create a new, fictitious identity with dishonest or criminal intent. For example, they might use a real Social Security number (often belonging to a child, elderly person or deceased person) and pair it with a fake name, date of birth and address. This synthetic identity is then used to open accounts of financial value, such as credit cards, loans, mobile phone subscriptions or retail credit, or seek government benefits. In some instances, they immediately steal available funds; however, they often build a positive credit history over time and eventually “bust out” by maxing out credit lines and disappearing without a trace.
What’s the difference between synthetic identity fraud and traditional identity theft?
Unlike traditional identity theft, synthetic identity fraud doesn’t rely on stealing a real person’s identity. Instead, it involves creating a new, fictitious identity that appears legitimate to most systems. There’s often no clear victim to report this type of fraud, making it harder to detect and even more difficult to prosecute. In addition, organizations may not recognize synthetic identity fraud for what it is, often miscategorizing and logging it as bad debt.
What’s the cost of synthetic identity fraud?
Synthetic identity fraud is especially dangerous because it can go unnoticed for months or even years, only surfacing when accounts go delinquent. According to a recent TransUnion® analysis, synthetic identity fraud loss exposure grew 3% to $3.3 billion for US lenders for open accounts of credit cards, retail cards, auto and personal loans at the end of 2024. Industries most vulnerable include financial services, telecom, healthcare and government agencies — facing various risks, such as:
- Financial losses: Banks, lenders and FinTechs often end up writing off large amounts as bad debt
- Operational strain: Investigating write-offs and fraud cases consumes time and resources
- Regulatory pressure: Failure to detect fraud can lead to know-your-customer (KYC) and anti-money laundering (AML) compliance violations and fines
How does synthetic identity fraud happen?
While individual fraudsters use synthetic identities, criminal fraud rings often organize to perpetrate synthetic identity fraud. Here’s how they typically pull off a synthetic attack:
- Data acquisition: Obtain real personal data from data breaches, purchase data on the dark web or scam consumers into giving up personal data
- Identity creation: Blend real and fake data to form a new identity
- Credit file establishment: Apply for credit — often low-value credit cards, or they become an authorized user on a credit account in good standing
- Credit building: Spend small amounts and pay the minimum balance on time to begin building a positive credit history
- Bust-out fraud: Max-out available credit and stop paying balances
The steps fraudsters take to create a creditworthy entity are always changing. They may use bots, fake documents, social media accounts and even social engineering to make these identities seem real.
Organized crime rings are especially innovative. Using generative AI, they can use multiple techniques simultaneously at scale, trying to get hundreds of credit applications or other transactions accepted. Because even credit rejections can add an identity to a credit bureau’s file, it’s important the criminal attempt as many credit applications as possible.
Why it’s hard to detect synthetic identities
Synthetic identities are designed to look real — often passing traditional identity verification checks and not raising red flags in fraud detection or credit systems. Synthetic identity schemes can play out over months or years as sophisticated fraudsters patiently build new identities, emulating the behaviors of genuine consumers who are new to credit or new to the country.
These long cons often end in a “bust out.” For example, on one day, a fraudster drives away in a newly financed car and maxes out multiple lines of credit. Then, all activity initiated by that synthetic ID stops. Eventually, many lenders or other affected businesses involved will categorize the losses as charge-offs due to non-payment — rather than synthetic identity fraud.
How synthetic identities are legitimized by various industries
While we typically think of lenders as the most exposed to synthetic identities, criminals use various types of organizations to establish and legitimize these identities. The best synthetic identities are those that look like real people doing real things. By no means exhaustive, here are some industries commonly targeted by criminals to make synthetics real.
Industry | Method | How it happens |
Financial services | Add a new identity as an authorized user to an existing credit line | Organizations often don’t do the same level of due diligence when adding a new authorized user because the primary user is responsible for the debt. However, the new user is reported to credit bureaus — establishing or adding to a synthetic identity’s credit record. |
| Apply for a secured credit card | Consumers with poor/brief credit histories can often get approved for a line of credit by securing it with a cash deposit. Because the credit is secured, some banks don’t rigorously underwrite applicants. The credit history is submitted to the bureaus, giving synthetic identities a potential foothold. |
Real estate | Apply for a rental property | A legitimate address helps establish one or more synthetic identities. Also, fraudsters can use the property as a base and abandon it — usually with months of rent unpaid — after the identity has been used to cash in on loans, cards, checking accounts, etc. |
Telecommunications | Get a mobile phone subscription | New identities are relatively easy to get accepted by many mobile plan carriers. Mobile devices help establish an identity’s activity history, while fraudsters also use the phone to sidestep security measures like SMS one-time passwords. |
Social media | Create a social media account | Financial institutions sometimes check social media activity as part of fraud assessments, so sophisticated criminals set up social media profiles and nurture them for months or years before deploying the synthetic ID. |
Government | Create a complicit data furnisher | Fraudsters set up business entities to help legitimize synthetic identities. |
Ecommerce | Create a fake business profile | Ecommerce platforms often don’t perform rigorous identity verification checks for new sellers. Criminals can use synthetic identities to become a seller. They may use their profiles to steal money for items they never ship, or simply legitimize identities to support other criminal activity. |
How organizations can combat synthetic identity fraud
The best way to protect against synthetic identities is to proactively spot them early. Recognizing and rejecting a synthetic identity at new account opening will prevent it from establishing a foothold toward legitimacy and opening the door to fraud.
Getting a clear picture of identity to effectively fight synthetic identity fraud requires a multilayered approach that includes:
- Synthetic fraud models: Automated analysis of customer data using machine learning to detect synthetic identities while reducing false positive rates
- Identity verification: Compares user-provided information to authoritative sources to help ensure a user is legitimate and they are who they claim to be
- Document verification: Enables remote verification of official documents like passports, driver’s licenses or ID cards using various techniques, such as optical character recognition (OCR), hologram detection and live-person comparison
Synthetic identity fraud is the future of fraud: Get ready
As organizations continue to optimize digitization to deliver more speed and convenience to consumers, their digital risk exposure grows. In 2024, 6.5% of all new account transactions were suspected digital fraud, according to TransUnion’s H1 2025 Update: The State of Omnichannel Fraud Report. Digital risk will also rise as criminals employ more sophisticated generative AI, bots and programmatic attacks at scale. To mitigate the threat of large-scale synthetic identity attacks, organization need more sophisticated identity verification solutions that rely on better and more diverse datasets of linked identity elements that connect people’s online and offline identities.
Learn more about combating the rising impacts of synthetic fraud by leveraging actionable intelligence on your accounts and prospects. Check out TransUnion TruValidateTM.
Enhance your fraud prevention strategies. Read our latest Executive Guide: Combating Synthetic Identity Fraud to learn how.
Executive Guide to Combating Synthetic Identity Fraud
Information for Good®.
Connect with us
