Synthetic Identity Fraud: The Ghost in the Machine
Synthetic identity fraud is the fastest-growing financial crime. Learn how criminals combine real and fake data to create "ghost" identities and how to detect them.
Jean-Vincent QUILICHINI
The Perfect Crime?
Imagine a criminal who doesn't steal your identity but creates a new one using parts of yours. Synthetic identity fraud involves combining real information (like a Social Security number) with fake details (name, address) to create a "Frankenstein" identity.
How It Works
- Creation: The fraudster pairs a stolen SSN (often from a child or deceased person) with a fake name.
- Cultivation: They apply for credit. The application is rejected, but it creates a credit file.
- Validation: They add the synthetic identity as an authorized user on a legitimate account (piggybacking) to build a credit score.
- Bust-Out: Once the credit limit is high, they max out cards and loans, then vanish.
Detection Challenges
Because the identity is partially real, traditional KYC (Know Your Customer) checks often fail. The "person" looks real on paper.
Fighting Back with Data
- Behavioral Biometrics: Analyzing how the user interacts with the form (typing speed, mouse movements).
- Email Risk Scoring: Synthetic identities often use new or disposable emails. Checking email reputation is a key defense.
- IP Geolocation: Does the applicant's IP address match their stated address? Our IP Scanner can verify location consistency.
Related Reading
Related articles
May 7, 2026Non-Human Identity Security: API Keys, Service Accounts, and Workload Credentials in 2026Non-human identities now outnumber users in most environments. Learn how API keys, service accounts, CI tokens, and workload credentials become attack paths and how to govern them.
May 4, 2026Cloud Control Plane Attacks: Why Identity Is the New Kill ChainCloud breaches increasingly target the control plane: identities, tokens, policies, APIs, and automation. Learn how attackers move from one credential to full cloud control.
Apr 4, 2026SIM Swapping and Telecom Fraud: When Your Phone Number Is the Weakest FactorAttackers who control your mobile number can bypass SMS-based 2FA and reset passwords. Learn how SIM swap fraud works and how to reduce reliance on SMS one-time codes.
Protect Your Infrastructure
Check any IP or domain against our threat intelligence database with 500M+ records.
Try the IP / Domain Checker