Traditional identity fraud has a victim: a real person whose credentials are stolen and misused. That person eventually notices something is wrong, files a complaint, and triggers a fraud investigation.
Synthetic identity fraud (SIF) has no such victim. It creates a new, fictitious person — assembled from fabricated or blended real data — and builds a legitimate-looking financial profile around them over months or years. There's no one to raise the alarm. The fraud only surfaces when the synthetic identity "busts out": maxing credit lines, disappearing, and leaving lenders holding the loss.
The entry point for every synthetic identity is a document. And the document layer is where the fraud is cheapest to stop.
The Federal Reserve Bank of Boston classifies synthetic identity fraud as "the fastest-growing financial crime in the United States" — a designation that reflects both its volume and the structural difficulty of catching it through traditional fraud controls.
How Synthetic Identity Fraud Works
A synthetic identity is built in stages:
Stage 1 — Identity construction: The fraudster creates a new identity. This may be entirely fabricated (made-up name, address, date of birth) or blended — using a real Social Security Number or Tax File Number (often belonging to a child, elderly person, or recent immigrant with thin credit files) combined with fabricated personal details.
Stage 2 — Document creation: The identity needs supporting documents to pass KYC. This is where document fraud enters. The fraudster produces:
- A fake or altered ID document bearing the synthetic identity's details
- A fabricated bank statement or payslip showing income for the synthetic person
- A utility bill or rental agreement for the synthetic address
Stage 3 — Credit building: The synthetic identity applies for credit — initially small amounts, secured credit cards, or buy-now-pay-later accounts. Some are approved; some are rejected. Approvals build a credit history for the fictitious person.
Stage 4 — Bust-out: After months or years of responsible credit behaviour, the synthetic identity maxes every available credit line simultaneously and disappears. The "person" was never real; no recovery is possible.
Traditional fraud detection is optimised to flag anomalous behaviour against a known identity baseline. Synthetic identities have no real baseline — their behaviour appears legitimate right up to the bust-out event. Behavioural fraud detection catches this late or not at all.
Why Stage 2 Is the Only Cost-Effective Intervention
Catching a synthetic identity at Stage 3 or 4 — after credit has been extended — is expensive. Recovery rates on bust-out fraud are near zero. The fraud loss is crystallised.
Catching it at Stage 1 is impossible — fabricated identity data can pass basic name-and-address checks against thin-file individuals with legitimate data.
Stage 2 — the document stage — is the intervention point. When the fraudster must present documents to support the synthetic identity, those documents have forensic weaknesses:
- Altered genuine documents have been modified to show the synthetic identity's details. The alterations are detectable through pixel forensics, font analysis, and metadata examination.
- Fully fabricated documents have never been issued by a genuine institution. Their metadata, structure, and statistical properties don't match genuine documents from the claimed issuer.
- AI-generated documents carry generation-model signatures in pixel noise and spatial frequency that distinguish them from genuine photographs.
Document forensics catches what identity data checks cannot: not "does this identity exist?" but "is this document genuine?"
The Forensic Checks That Break the SIF Document Stack
Identity Document Checks
A synthetic identity's ID document must be either:
- A genuine document with altered personal details (name, DOB, address)
- A fully fabricated document
For altered genuine documents: MRZ validation catches name/DOB changes that weren't reflected in the machine-readable zone. Photo zone integrity analysis catches face substitutions. Font metrics catch field-level alterations.
For fabricated documents: AI generation signatures, missing physical artefacts, and template mismatch against genuine issuer templates are primary signals.
Financial Document Checks
The supporting financial documents — payslips and bank statements — must show income for a person who doesn't exist. This creates exploitable inconsistencies:
- Employer verification: an employer ABN associated with the synthetic identity must be active and trading in the claimed industry. Non-existent or mismatched employers are immediately flagged.
- Bank statement metadata: a bank statement for a synthetic identity is either fabricated or altered from another person's genuine statement. Both are detectable.
- YTD and arithmetic consistency: fabricated income documents frequently fail gross-to-net arithmetic or year-to-date consistency checks.
Cross-Document Consistency
A synthetic identity's document package must be internally consistent across multiple documents. AI agents cross-check:
- Name spelling and format across all documents
- Address consistency between ID, bank statement, and utility bill
- Employment details between payslip and bank statement salary credits
- Date consistency across all documents
Individually, each document might pass. Cross-document inconsistencies — different middle name initial on the ID vs. the payslip, an address that appears on the utility bill but not the bank statement — are composite signals that pattern-match to SIF.
Building the Detection Layer
The practical implementation involves adding document forensics as a gate in the KYC onboarding flow:
Applicant submits identity + supporting documents
↓
Document forensics API (each document, ~3s each)
↓
Cross-document consistency check
↓
Verdict per document + composite risk score
↓
Clear → proceed to underwriting
Suspicious → enhanced due diligence
Likely tampered → decline + flag
This sits upstream of credit checks, income verification, and underwriting — stopping synthetic identities before they consume the cost of those downstream processes.
TamperCheck handles both the individual document forensics and the cross-document consistency layer via a single API, returning verdicts and composite risk signals for the full document package.
Add document forensics to your onboarding flow
Stop synthetic identities at the document stage — before they reach underwriting. $5 free to start.
Start free →What Synthetic Identity Fraud Looks Like in Practice
A real SIF case typically presents as an entirely plausible application. The applicant has a complete document package, consistent personal details, and a coherent narrative. Individual documents look professional.
The forensic tells are subtle:
- The payslip's PDF creator metadata identifies an online payslip generator
- The bank statement's running balance chain has a one-row discontinuity
- The name on the utility bill is spelled with a different capitalisation than the ID
- The ID's MRZ check digit doesn't validate against the displayed date of birth
None of these is obvious to a human reviewer. All of them are caught by automated forensic analysis in under 10 seconds total across the document package.
FAQ
How is synthetic identity fraud different from account takeover?
Account takeover involves compromising a genuine person's account using stolen credentials. Synthetic identity fraud creates a new, fictitious identity from scratch. The detection approaches are different: account takeover is detected through behavioural anomalies; synthetic identity fraud is best caught at the document verification stage.
Can synthetic identities use real people's details?
Yes — "blended" synthetic identities combine a real identifier (SSN, TFN) belonging to a thin-file individual with fabricated other details. This makes the identity harder to detect via data checks but doesn't affect document forensics, which analyses the document itself rather than the identity data.
Does AI make synthetic identity fraud harder or easier to detect?
AI makes SIF easier to execute (better document generation tools) and harder to detect visually. It also makes detection more effective: AI-powered forensics runs at scale and catches statistical anomalies that no human review process could match. The net effect depends on which side of the detection stack is better resourced.
Where can I learn more about the document fraud methods used in SIF?
Our complete guide — Document Tampering and Fraud: Everything You Need to Know — covers all three fraud categories (alteration, fabrication, misuse), the 10 forensic signals used to detect them, and the industries most exposed. For the specific deepfake angle, see Deepfake Document Fraud and KYC.
What regulatory guidance exists on synthetic identity fraud?
FinCEN (Financial Crimes Enforcement Network) and the Federal Reserve have both published guidance on SIF as an AML risk. In the UK, the FCA's financial crime guidance covers synthetic identity as an emerging fraud typology. In Australia, AUSTRAC's fraud guidance addresses it under identity crime. These regulatory frameworks all point to document verification as a primary control.