What Is Synthetic Identity Fraud?

Synthetic identity fraud is what happens when criminals get creative. Instead of stealing your entire identity (traditional identity theft), they take pieces of real people's information and combine them with fabricated data to build an entirely new, fake person.

The formula is disturbingly simple:

• Real component: A legitimate Social Security number (often belonging to a child, elderly person, deceased individual, or someone who doesn't actively use credit)
• Fake components: Fabricated name, invented date of birth, newly created email address, rented or virtual mailing address

The result is a "Frankenstein identity" — a person who doesn't exist in the real world but does exist in the credit system. This synthetic person can open accounts, build credit history, and eventually extract maximum value before vanishing.

Data point: The Federal Reserve has called synthetic identity fraud "the fastest-growing type of financial crime in the United States." That's not hyperbole from a security vendor — that's the central bank.

The Scale: Up to $35 Billion and Growing

Here's what the data tells us about the scope of this problem — and the numbers have grown significantly since the earliest estimates:

• $23-$35 billion in estimated annual U.S. losses from synthetic identity fraud, according to recent industry research (BIIA, Federal Reserve, Auriemma Group). Earlier estimates of $6 billion have been revised sharply upward as detection and attribution improve
• Up to 80% of all new account fraud is now estimated to be driven by synthetic identities — making it the dominant form of credit application fraud
• U.S. lenders faced over $3.3 billion in exposure to synthetic identities tied specifically to new accounts in recent data
• Average "bust out" amount: $15,000 per synthetic identity at the point of maximum extraction
• Detection rate: Only about 15-20% of synthetic fraud is detected before the bust-out stage. The rest is written off as standard credit losses
• Fraud rates rose for 67% of financial institutions in 2025, with synthetic identities as a leading driver

Data point: Synthetic identities were found in 1 in 5 (21%) of first-party frauds detected in 2025 (Experian data). And only 25% of financial institutions feel confident in addressing synthetic identity fraud, while just 23% feel prepared for AI and deepfake fraud (Sumsub 2025 report).

That last statistic about the detection rate is particularly revealing. Most synthetic fraud is never identified as fraud at all — it's classified as a regular bad debt. This means even the $23-$35 billion figure likely underestimates the true scale.

For context, traditional identity theft generates about $12.5 billion in reported losses. Synthetic fraud at $23-$35 billion has already overtaken traditional identity theft as the dominant form of credit fraud by dollar value — most people just don't know it yet.

How Synthetic Fraud Works: Step by Step

Understanding the process reveals why this fraud is so hard to detect and so dangerous. Here's the typical lifecycle of a synthetic identity:

Stage 1: Identity Assembly (Months 1-3)

The criminal acquires a real SSN. Sources include:

• Data breaches: A record 3,332 data compromises occurred in 2025, with two-thirds involving Social Security numbers. Billions of SSNs are already in criminal databases from cumulative breaches including Equifax (147M), Anthem (80M), PowerSchool (71.9M), and countless smaller incidents
• Dark web marketplaces: SSNs sell for $1-$10 each. Children's SSNs command higher prices because they have no existing credit history to conflict with
• Randomized SSNs: Since 2011, the SSA issues SSNs randomly rather than geographically. This ironically makes it easier to create plausible fake identities because there's no longer a regional pattern to validate against

The criminal pairs the real SSN with a fabricated name, date of birth, and address. They create supporting infrastructure: an email address, a phone number, possibly a rented mailbox. AI tools now make it possible to generate convincing synthetic identities at scale, including deepfake photos and documents.

Stage 2: Credit File Creation (Months 3-6)

The criminal applies for credit. The first application gets denied — but this is the point. The denial triggers the creation of a new credit file at one or more bureaus. The credit system essentially creates a record for this person who has never existed.

This is the fundamental vulnerability: the credit system creates new files based on applications, not based on verified identity. The first denied application establishes the synthetic identity in the system.

Stage 3: Credit Building (Months 6-24)

Now the synthetic identity starts building credit, using the same techniques legitimate credit builders use:

• Becoming an authorized user on existing accounts (sometimes through accomplices, sometimes by purchasing "tradelines")
• Obtaining secured credit cards or store cards with low limits
• Making regular payments to build positive history
• Applying for progressively higher-limit products as the score improves

At this stage, the synthetic identity looks like a normal, responsible consumer. Credit scores can reach 700+ — well into the "good" range. Lenders have no reason to suspect anything is wrong.

Stage 4: The Bust-Out (Months 24-30)

Once credit limits are maximized, the criminal executes the "bust out":

• Max out every credit line
• Take cash advances where possible
• Make large purchases that can be resold
• Total extraction typically ranges from $15,000 to $100,000+ depending on the credit limits accumulated

Then the synthetic identity simply disappears. There's no real person to pursue. The debts are eventually written off as losses. And the criminal may have dozens of synthetic identities at various stages of the lifecycle simultaneously — now increasingly managed by AI automation.

Why It's Growing So Fast

Several converging factors are fueling the synthetic fraud explosion:

1. Massive SSN Availability

Cumulative data breaches have put billions of records — including SSNs — into criminal hands. In 2025 alone, 232.7 million victim notices were sent from confirmed breaches, plus approximately 16 billion records from 2 massive incidents with no known notifications. The raw material for synthetic fraud has never been more abundant or cheaper.

2. SSN Randomization (Since 2011)

When the Social Security Administration switched from geographically-based to randomized SSN assignment, it inadvertently eliminated a verification tool. Previously, an SSN could be cross-referenced against expected geographic patterns. Now, any number could plausibly belong to anyone anywhere.

3. Digital-First Lending

The shift to online lending means many credit applications never involve face-to-face verification. A synthetic identity only needs to pass automated checks, not convince a human loan officer.

4. AI and Automation

Criminals now use AI tools to create more convincing synthetic identities at scale: generating realistic profiles, deepfake photos for KYC verification, automating applications, and managing dozens of identities simultaneously. According to Sumsub's 2025 fraud trends report, AI-driven fraud is outpacing defensive AI — only 23% of financial institutions feel confident addressing AI and deepfake fraud.

5. Low Detection and Low Prosecution

Since there's no individual victim reporting the crime (the affected SSN holder often doesn't know), and since losses are typically written off as bad debt rather than identified as fraud, there's minimal law enforcement attention. The risk-reward ratio for criminals is extremely favorable.

6. Cross-Border Operations

Synthetic fraud rings increasingly operate from outside the United States, making prosecution even more difficult. The synthetic identities are built and exploited remotely using digital-only channels, with no physical presence required in the country.

Who Are the Victims?

Synthetic fraud creates two categories of victims, and understanding both is important:

Primary Victims: SSN Holders

The person whose real SSN is used in the synthetic identity. This is disproportionately:

• Children: Their SSNs are ideal because they have no existing credit history. The fraud often goes undetected until the child turns 18 and applies for credit. About 1 million children per year are affected by identity theft (Javelin Strategy & Research), and synthetic fraud is a growing share. Child identity theft goes undetected for an average of 4 years
• Elderly individuals: Less likely to actively monitor credit and more likely to dismiss discrepancies
• Deceased persons: Their SSNs remain active in the credit system for months or years after death
• Immigrants and new credit users: Limited credit history makes it easier for a synthetic identity to coexist without triggering conflicts
• Incarcerated individuals: Unable to monitor their credit during incarceration

Secondary Victims: Lenders and Society

Banks, credit card companies, and auto lenders absorb the direct financial losses. These losses are ultimately passed to consumers through higher interest rates and fees. The $23-$35 billion in annual synthetic fraud losses is not absorbed in a vacuum — it's distributed across the financial system, increasing the cost of credit for everyone.

Data point: 10-15% of auto loan defaults at subprime lenders may involve synthetic identities (Point Predictive data). This hidden fraud layer inflates default rates and contributes to higher interest rates for legitimate subprime borrowers.

The Hidden Impact on SSN Holders

Here's why synthetic fraud can surface years later to damage the real SSN holder:

• The synthetic identity's credit file may merge with the real person's file — creating a "mixed file" that's extremely difficult to untangle
• When the bust-out happens, collection agencies may trace the SSN back to the real person
• The real person may be denied credit, housing, or employment based on the synthetic identity's delinquencies
• Tax implications: if the synthetic identity generates reported income, the IRS may flag the real person's return

Check our guide on why your credit score dropped if you see unexplained changes — synthetic fraud is one of the harder-to-identify causes.

Why Traditional Monitoring Misses It

This is the part that makes synthetic fraud particularly insidious: traditional identity theft monitoring is designed to detect fraud against YOU, not fraud using pieces of you.

Standard credit monitoring alerts you when:

• A new account appears on YOUR credit report
• A hard inquiry appears on YOUR credit report
• YOUR address changes

With synthetic fraud, none of these triggers fire. The fraudulent accounts appear on the synthetic identity's credit report, not yours. The inquiries hit the synthetic file. The address changes affect the synthetic profile. Your credit report may look completely clean while your SSN is being used to build a fake identity elsewhere.

This is why the detection rate is only 15-20% before bust-out. The monitoring tools that millions of consumers rely on are architecturally blind to this threat.

Paid identity monitoring services (Aura, LifeLock, etc.) offer SSN surveillance that watches for your number appearing in new applications — this is closer to detecting synthetic use. But even these tools aren't foolproof, because the application is deliberately designed not to match your profile.

The Behavioral Biometrics Frontier

The most promising detection technology is behavioral biometrics, which analyzes how a person interacts with devices — typing patterns, mouse movements, navigation behavior. Research shows behavioral biometrics achieves 98.7% accuracy against synthetic fraud in controlled settings. Adoption is growing among major lenders but far from universal.

Warning Signs You May Be Affected

Since traditional monitoring often fails, watch for these less obvious signals:

1. Unfamiliar addresses on your credit report: Even if no fraudulent accounts appear, a stray address associated with your SSN could indicate synthetic identity creation
2. IRS notice about unreported income: If a synthetic identity generates income (employment) using your SSN, it creates a tax discrepancy
3. Social Security earnings discrepancy: Check your SSA earnings statement at ssa.gov — unfamiliar employers are a red flag
4. Unexpected collection calls about debts you don't recognize: If a synthetic identity busts out and the SSN is traced back to you
5. Difficulty opening accounts for your child: If someone tells you your child already has a credit file, that's almost certainly fraud
6. Credit denial with a clean-looking report: Mixed file issues from a synthetic identity can create inconsistencies that automated systems flag even when individual items look clean
7. Multiple credit files under your SSN: If a bureau tells you there are multiple files associated with your Social Security number, a synthetic identity likely exists alongside yours

If you notice any of these signs, follow the response protocol in our data breach recovery guide and specifically request an investigation for potential synthetic identity fraud.

How to Protect Yourself

Protecting against synthetic fraud requires some strategies beyond the standard identity theft playbook. Here's the data-informed approach:

1. Freeze Credit — Yours AND Your Children's

A credit freeze prevents the credit system from creating new files associated with your SSN. This is the single most effective prevention measure. For children, freeze their credit at all three bureaus — even if they have no credit history. This prevents a synthetic identity from being bootstrapped using their SSN.

2. Monitor Your SSN, Not Just Your Credit

Standard credit monitoring watches your credit file. For synthetic fraud, you need SSN-level surveillance that detects your number appearing in ANY application — even ones that create new files rather than hitting your existing file.

• Paid services with SSN surveillance (Aura, LifeLock, Identity Guard) offer this capability
• The SSA's my Social Security account shows employment history tied to your SSN
• IRS transcripts can reveal tax filings using your SSN

3. Monitor Your Children Proactively

Children are the primary targets. Beyond freezing their credit:

• Annually request a credit report check for each child (they should have no file)
• Consider a family plan with a service that monitors children's SSNs (Aura covers unlimited children for $37/month)
• Be cautious about where you share your child's SSN (schools, medical forms, activities)

4. Check Your SSA Earnings Statement

Your Social Security earnings statement (available at ssa.gov) shows all reported income tied to your SSN. If you see employers you've never worked for, it may indicate synthetic fraud or employment fraud using your SSN. Check annually.

5. Lock Down Your SSN at the Source

You can request an "e-Verify Self Lock" through the Department of Homeland Security's myE-Verify portal. This prevents your SSN from being used for employment verification — blocking one avenue of synthetic identity exploitation.

6. Request Your LexisNexis and NCTUE Reports

Beyond the big three bureaus, specialty data aggregators maintain files that may show synthetic fraud activity tied to your SSN. You're entitled to free annual reports from LexisNexis (consumer.risk.lexisnexis.com) and NCTUE (nctue.com).

7. Freeze at ChexSystems

Synthetic identities often open bank accounts as part of their credit-building process. Freezing your ChexSystems report (call 800-428-9623, free) prevents new bank accounts from being opened using your SSN. See our credit freeze guide for details.

For the complete identity protection stack, see our comprehensive credit protection guide and identity theft protection hub.

What the Industry Is Doing

The financial industry is slowly catching up to synthetic fraud. Here's where things stand:

SSA Electronic Consent-Based SSN Verification (eCBSV)

Launched in 2020, eCBSV allows lenders to verify that a name and date of birth match a given SSN in real-time through the Social Security Administration. This is the most promising anti-synthetic-fraud tool to date. Adoption is growing but not yet universal — as of 2026, major banks and card issuers are implementing it, but smaller lenders lag behind.

AI-Based Detection Models

Lenders are deploying machine learning models trained on known synthetic fraud patterns: inconsistent data elements, unusual credit building patterns, and behavioral signals. AI-driven fraud detection has helped businesses lower fraud instances by around 30%. However, criminals are also using AI, creating an escalating arms race.

Behavioral Biometrics

Analyzing how users interact with devices — typing speed, mouse movements, navigation patterns — can distinguish real humans from scripted fraud operations. Research shows 98.7% accuracy against synthetic fraud in controlled settings. This is the most promising consumer-facing detection technology on the horizon.

Consortium Data Sharing

Industry consortiums where lenders share fraud intelligence are becoming more common. When one lender identifies a suspicious pattern, the intelligence is shared across the network, making it harder for synthetic identities to exploit multiple institutions.

What Still Needs to Happen

Despite progress, significant gaps remain:

• eCBSV needs to be mandatory, not optional, for new account applications
• Credit bureaus need better mechanisms to prevent the creation of files based solely on applications
• Consumer-facing tools for detecting synthetic fraud tied to your SSN need significant improvement
• Law enforcement needs dedicated synthetic fraud task forces (currently, most cases go uninvestigated)
• Regulation needs to catch up — there's no specific federal statute addressing synthetic identity fraud as a distinct crime category

For broader context on credit score data and trends, check our credit scores hub.

Frequently Asked Questions

How is synthetic identity fraud different from regular identity theft?

Traditional identity theft involves someone impersonating YOU — using your name, SSN, and other details to open accounts as you. Synthetic fraud involves creating a BRAND NEW fake identity using your SSN combined with fabricated information. The fake person doesn't match you at all — different name, different birthday, different everything. Only the SSN is real. This is why traditional monitoring misses it — the fraudulent activity appears on a different person's credit file.

Can a credit freeze prevent synthetic identity fraud?

A freeze significantly reduces the risk by preventing new credit files from being created with your SSN. However, it's not 100% effective against synthetic fraud because the initial denied application that creates a credit file may still process in some cases. That said, a freeze is the strongest single preventive measure available and should be your first step. See our credit freeze guide for step-by-step instructions.

How would I know if my SSN is being used for synthetic fraud?

It's difficult to detect because the fraudulent activity doesn't appear on your credit report. Watch for: SSA earnings statements showing unfamiliar employment, IRS notices about unreported income, collection calls for unfamiliar debts, and your children having credit files when they shouldn't. SSN surveillance services (included in Aura, LifeLock, etc.) can also detect your number appearing in unfamiliar applications. Check our identity protection services review for options.

My child is too young for credit. Should I still worry?

Yes — children are the #1 target for synthetic fraud precisely because they have no credit history and no one is monitoring their SSN. Freeze your child's credit at all three bureaus and check annually for the existence of a credit file. If one exists, it's almost certainly fraud. About 1 million children per year are affected by identity-related fraud, and child identity theft goes undetected for an average of 4 years.

Can I be held responsible for debts from a synthetic identity using my SSN?

Legally, no — you're not responsible for debts you didn't incur. Practically, proving that can be a long and frustrating process. Collection agencies that trace the SSN back to you may attempt to collect. You'll need to file disputes with bureaus, potentially file a police report, and use the FTC's IdentityTheft.gov process to clear your record. The FTC Identity Theft Report gives you legal backing for these disputes.

Is synthetic fraud a problem outside the United States?

It's primarily a US problem due to the unique role of Social Security numbers as de facto universal identifiers and the structure of the US credit system, which creates files based on applications. Countries with national ID cards, centralized identity verification (like India's Aadhaar), or more restrictive credit file creation are less susceptible — though not immune as more of their lending moves online. The UK and Canada have seen growing synthetic fraud as their credit systems adopt more US-like digital application processes.

How is AI making synthetic fraud worse?

AI enables criminals to create more convincing synthetic identities at scale — including deepfake photos for identity verification, automated form filling across dozens of applications, and machine learning to optimize the credit-building process. According to industry data, fraud rates rose for 67% of financial institutions in 2025, with AI-powered synthetic fraud as a key driver. Only 25% of financial institutions feel confident in addressing this threat.