Synthetic Identity Fraud: What It Is and How to Recognize It

Posted on by Isla Sibanda

As lending institutions and credit bureaus have grown savvier at recognizing digital fraud, cybercriminals have learned new tricks to subvert increasing levels of security. One of these schemes is known as synthetic identity fraud. This technique involves weaving together an identity that consists of stolen and fabricated personal information, which is much harder to detect.

In this article, we’ll examine why synthetic identity fraud is projected to cost $2.42B in credit product losses in 2023 and how to prevent synthetic identity fraud.

How synthetic identities operate

Synthetic identity is challenging because we’ve recently seen cybercriminals learn to play the long game. One way they initiate synthetic identity fraud is by stealing a social security number from a child. Children don’t typically establish credit until adulthood, which makes their social security number ripe for picking undetected. The criminals then attach fake information to that number, like a name, date of birth, or address, and begin applying for credit lines. They may even create social media accounts to add a bit more authenticity.

Once the first approval for credit comes in, the long game begins. The criminal may maintain the synthetic identity for months or even years. They make small purchases and pay them off, steadily increasing their credit availability. Once they’ve reached an amount worth stealing, they cash out and leave a mountain of debt behind.

Though filling out credit applications will slowly generate access to large amounts of credit, there are ways to get there quickly. After the synthetic identity is created, one option is to steal passwords to gain access to people with legitimate credit accounts. Once inside, they can add their fraudulent persona as an authorized user on those accounts and piggyback off someone else’s good credit score.

Another way to gain credit approval is by reporting fake data to credit bureaus. When applying for credit, it’s standard procedure for a business to check out the applicant’s credit report by running their information through a credit bureau. The credit bureau, in turn, passes on the wrong data to the lender, who approves the potentially fraudulent applicant. By furnishing false information to the credit bureaus, the synthetic identity can appear to be a stellar borrower, always paying on time and in full.

How to prevent synthetic identity fraud

Some businesses are reluctant to create more robust security measures for fear of alienating customers. In our age of instant gratification, prospective clients head over to the competitor if the onboarding process is even slightly complex. However, the growing revenue lost to credit fraud is evidence enough that a cursory credit check isn’t adequate to verify identification.

One way to spot the difference between a synthetic identity and a real one is to look for suspicious address or phone number changes—or lack thereof. Real people don’t (usually) keep the same address and phone number from birth until death.

Another technique is to look at the types of credit on their reports. You may spot fraud if only credit cards or personal loans are on an account. Real humans also generate credit through mortgages, student loans, and similar loans. Real people also get speeding tickets and incur hospital bills that require lending. The bottom line is that if the credit report looks too “clean” to be accurate, it likely is.

In addition to increasing the onboarding requirements by a deeper and more thorough examination of credit reports and social media accounts, businesses can use advanced, AI-driven monitoring software to detect potential warning signs.

For example, when an account that hasn’t been open for very long has sudden transaction spikes, it could be due to a synthetic identity scammer building up credit. Another noteworthy flag is requesting multiple lines of credit and maxing them out immediately after approval.

There is one final method that may prevent the number of synthetic identities from being created in the first place: alert customers to the ever-growing risk of synthetic identity fraud. Most Internet users are aware of cybercrime, and some even protect themselves by using third-party agencies to monitor their credit. However, it may not have occurred to them also to have their children’s social security numbers monitored.


Synthetic identity fraud is a growing concern among lenders and creditors. Since it’s a blend of factual and fabricated data, it can be harder to detect. However, the strategy can be prevented by using machine learning and similar software that can distinguish the difference between a fraudulent identity and genuine but inaccurate data, alongside implementing more stringent onboarding requirements. Learning to flag accounts that are exhibiting fraudulent behavior will help reduce synthetic identity cybercrime.

Isla Sibanda

Freelance Writer,


fraud identity theft identity management & governance security awareness

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs