Synthetic Identity Fraud
Definition
Synthetic identity fraud combines a real SSN with fabricated personal data to create a fictitious consumer identity used to bust out credit lines.
Synthetic identity fraud is a scheme in which a fraudster constructs a fictitious consumer identity by combining a real Social Security Number — typically one belonging to a child, elderly person, or recent immigrant with little credit history — with fabricated name, date of birth, and address data. The manufactured identity is then used to open credit accounts across lenders, spend a period building apparent creditworthiness, and ultimately execute a bust-out: maxing all available credit and disappearing. Because no single real person was fully impersonated, traditional identity verification and credit bureau checks often fail to flag the account as fraudulent during the construction phase.
Synthetic identity fraud is distinct from traditional identity theft. In standard identity theft, a fraudster impersonates a real, living person who will eventually notice the fraud and dispute it. In the synthetic variant, the constructed identity has no aware victim to raise an alarm — the SSN owner typically has no credit file of their own and no awareness that their number is being used.
Construction and Credit-Building Phase
After creating the synthetic identity, the fraudster opens a secured credit card or becomes an authorised user on a legitimate account to begin generating credit history. Over months or years, they make on-time payments, request credit limit increases, and cultivate a file that resembles a creditworthy thin-file consumer. This patience is the defining feature of the scheme: the construction phase can last 12–24 months before any bust-out occurs.
During construction, the account often passes KYC checks because the SSN validates as issued by the Social Security Administration and the fabricated identity is internally consistent. Bureau-based identity verification has limited ability to distinguish a synthetic file from a genuine thin-file consumer.
The Bust-Out
The bust-out occurs when the fraudster simultaneously draws maximum credit across all accounts opened under the synthetic identity, then abandons it. Losses are distributed across multiple lenders, making recovery difficult. Merchants who extended credit, BNPL terms, or goods on delayed payment terms absorb the direct loss; acquirers see elevated chargeback and dispute rates on the downstream transaction flow.
Operator Detection Signals
Payment operators can surface synthetic identity risk through behavioural signals that aggregate-level credit bureau checks miss:
Velocity and pattern mismatches: A synthetic identity may show a polished credit file but have a device fingerprint or IP cluster shared with other identities on the platform — a strong signal of a fraud ring operating multiple synthetic files simultaneously.
Address and phone clustering: Synthetic identities in the same ring often share utility address or phone number attributes that individual bureau checks do not catch but cross-account graph analysis will surface.
Email age and tenure signals: Newly created email accounts associated with established-looking credit profiles are a reliable mismatch indicator. Risk-scoring models that incorporate email age, phone tenure, and device history alongside bureau data outperform bureau-only KYC for detecting synthetic files at onboarding.
Related terms
Account Takeover (ATO)
Account takeover (ATO) is a fraud attack in which a bad actor gains unauthorised...
Chargeback
A chargeback is a forced reversal of a payment card transaction initiated by a c...
Friendly Fraud
Friendly fraud occurs when a cardholder makes a legitimate purchase, receives th...
Know Your Business (KYB)
Know Your Business (KYB) is the process of verifying the identity, ownership str...
Know Your Customer (KYC)
Know Your Customer (KYC) is the process of verifying the identity of individual ...