In the digital ecosystem, identity has become a currency of exchange. Banking, e-commerce and insurance companies rely on its reliability to open accounts, grant credit or authorise transactions. However, a growing threat is undermining this trust: synthetic identities.
What is a synthetic identity?
Unlike traditional identity theft, where the fraudster steals an entire real identity, a synthetic identity is a hybrid combination. It combines authentic data (in the United States, this is the social security number, while elsewhere it is usually the national identity document, date of birth and postal address) with invented information (usually contact details). This combination creates a seemingly coherent profile, especially when only the so-called authentic data is verified/analysed (as in a banking KYC process, for example).
As a result, traditional systems, which are often calibrated to validate an identity by digitising traditional practices (‘your papers, please’), miss the mark.
Why institutions are vulnerable ?
Fraudsters exploit the trust placed in partially accurate data. In the United States, with a valid official ID or minimal credit history, synthetic identities pass the initial verification stages. The fraudster can then ‘mature’ their identity: open a bank account, take out small loans, make regular payments… until they obtain a solid credit rating. This patience pays off: once credibility is established, the fraudster takes out a larger loan and then disappears. This is known as ‘bust-out fraud’.
The cost is considerable: across the Atlantic, synthetic identity fraud already accounts for several billion dollars in losses each year, according to estimates by major firms. In Europe, the figures are beginning to follow the same trend, particularly with the rise of 100% digital processes.
The limitations of traditional approaches
Traditional controls – document verification, historical scoring, ad hoc analysis of events or transactions – struggle to detect these hybrid profiles. Weak signals (email username, telephone number attributes, presence of ‘digital footprints’) can only be detected through rare expertise. Furthermore, current regulations focus almost exclusively on KYC compliance. However, control and fraud prevention are two distinct things. The former encompasses all the characteristics/steps that allow access to a service… but because all of this is exposed, it also makes it possible to understand and therefore circumvent the measures.
Towards a new approach to detection
Faced with this threat, companies must change their paradigm. The future lies in solutions capable of:
- Going beyond ‘declarative’ data by being able to add additional information.
- Cross-reference dynamic signals (browsing behaviour, machine fingerprint, location) with static identity attributes.
- Detect relational inconsistencies between different identities: shared telephone numbers, recycled addresses, accounts linked to the same device.
- Use artificial intelligence to analyse massive volumes of data/information in real time and identify patterns invisible to the human eye.
These approaches transform detection: moving from simple documentary/contextual validation to a holistic and behavioural view of the user.
A strategic challenge for digital players
Synthetic identities are not a marginal phenomenon: they directly threaten profitability, regulatory compliance and customer trust. For banks, e-merchants and insurers, investing in advanced prevention technologies is no longer an option: it is a condition for survival in the digital economy.
Português 
English (UK) 
Français 
Español 
Italiano 
Nederlands 
Română