Synthetic Identity Fraud: The $20 Billion Ghost in the Machine That Most Banks Cannot See

Synthetic identity fraud — the creation of fictitious identities by combining real and fabricated personal information — is widely regarded as the fastest-growing and most financially damaging form of financial fraud globally. Unlike traditional identity theft, where a real person is victimised and can raise a complaint, synthetic identities have no real victim. There is no one to report the fraud. There is no one to file a complaint. The fraud can operate undetected for years, accumulating credit and creating apparent legitimacy before the final bust-out event in which all available credit is drawn and the identity is abandoned.

The anatomy of synthetic identity fraud has evolved significantly. First-generation synthetic identities used entirely fabricated personal data. Modern variants are far more sophisticated: they typically anchor to a valid Social Security Number (in the US) or national identifier, combine it with fabricated name and date of birth combinations, and systematically build credit histories across multiple financial institutions. The result is a persona that passes standard KYC and credit checks with remarkable reliability.

In Asian financial markets, the typology manifests differently but with equivalent impact: synthetic identities constructed using a combination of data from stolen national identity card databases, fabricated employment and income information, and purchased utility bill records. The digital onboarding journey — designed for efficiency and customer convenience — has inadvertently created optimal conditions for synthetic identity penetration.

Regulatory, Enforcement, and Market Context

The Federal Reserve Bank of Boston has published extensive research on synthetic identity fraud in the US financial system, documenting its systemic nature and the structural limitations of credit bureau-based verification in detecting it. FATF typologies work has identified synthetic identity creation as a key enabler of money laundering, noting that synthetic personas can be constructed specifically for the purpose of establishing accounts for layering and integration of illicit funds.

MAS has highlighted synthetic identity risk in its guidance on digital onboarding controls, noting that the use of digitally submitted documents without physical verification creates material exposure to fabricated identity packages. HKMA’s AML/CFT guidelines similarly address the risk of fictitious or altered identity documentation in digital account opening flows. Sumsub has documented an increase in organised synthetic identity factory operations — groups that create and manage large portfolios of synthetic personas at scale for financial fraud purposes.

Regulation Asia has covered several supervisory interventions in the Asia-Pacific region where digital banks and neobanks were found to have significant concentrations of synthetic identity accounts — in some cases representing over 5% of the total account portfolio — as a result of inadequate controls at the digital onboarding stage. These findings have prompted urgent regulatory attention to eKYC control standards across the region.

What the Data Is Showing

The Federal Reserve estimates synthetic identity fraud costs US financial institutions approximately $20 billion annually — making it the single largest category of financial fraud by dollar value. Globally, the McKinsey Center for Advanced Financial Services has estimated total synthetic identity fraud losses at over $40 billion per year across banking, insurance, and lending. Detection rates remain extremely low: industry estimates suggest fewer than 1 in 8 synthetic identity accounts is ever identified as fraudulent.

Sumsub’s 2024 data shows a 180% increase in detected synthetic identity fraud attempts across its Asia-Pacific client base compared to 2022. The average synthetic identity is active for 26 months before discovery — a dwell time that allows substantial credit exposure to accumulate across multiple institutions simultaneously. Cross-industry data sharing initiatives are beginning to surface these patterns, but participation remains inconsistent.

Implications for Financial Institutions

Detection of synthetic identity fraud requires a fundamentally different approach to KYC verification — one that validates not just whether an identity document appears genuine, but whether the identity itself has a coherent and authentic history. This includes cross-referencing submitted identity data against multiple independent datasets, checking for velocity anomalies in how often similar data combinations appear across the applicant population, and deploying behavioural analytics that flag the characteristic patterns of synthetic identity construction.

The portfolio management dimension is equally important. Synthetic identity accounts already embedded within a financial institution require detection through ongoing monitoring — not just at onboarding. Indicators include unusually consistent and perfect repayment behaviour prior to bust-out, absence of organic customer service interactions, account dormancy punctuated by sudden high utilisation, and device or IP address linkages shared with other accounts. Machine learning models trained on confirmed synthetic identity cases significantly outperform rule-based detection in this context.

Conclusion

Synthetic identity fraud is structurally invisible to the controls most financial institutions have deployed. Its growth is being actively accelerated by the expansion of digital onboarding, the proliferation of stolen identity data, and the emergence of AI tools capable of generating convincing synthetic personas at industrial scale. Addressing it requires a combination of detection innovation, cross-industry data sharing, and a fundamental rethink of what identity verification is actually designed to achieve.

Suggested Next Steps

• Commission a portfolio-level synthetic identity assessment using graph analytics to identify shared device, address, and beneficiary linkages across customer accounts.

• Upgrade identity verification at onboarding to include multi-source data triangulation — validating identity coherence across independent databases, not just document authenticity.

• Deploy machine learning models trained on confirmed synthetic identity cases to monitor the existing portfolio for bust-out precursor signals and anomalous account behaviour.

• Participate in cross-industry synthetic identity data sharing consortia to build a richer picture of identity construction patterns that span multiple financial institutions.

Sources: Federal Reserve Bank of Boston Synthetic Identity Fraud Research (2023); FATF Typologies on Synthetic Identity (2024); MAS Digital Onboarding Controls Guidance (2024); HKMA AML/CFT Guidelines (2024); Sumsub Identity Fraud Report (2024); McKinsey Center for Advanced Financial Services (2023); Regulation Asia digital bank supervision reporting (2025–2026).

TrustSphere helps financial institutions design and deploy intelligent fraud and financial crime detection solutions. Visit www.trustsphere.ai