By Chris Lewis, Director, Strategic Solutions & Analytics at Synectics Solutions
For years, synthetic identity fraud has largely been treated as an onboarding challenge. Can a false or manipulated identity pass KYC checks at the point of application? Can verification controls detect fabricated information before an account is opened, credit is extended or a policy is issued?
These questions still matter. But they no longer fully capture where synthetic identity exposure develops.
Analysis of National SIRA intelligence[i] shows that synthetic identities now account for 50% of all identity fraud recorded within the dataset. In some product lines, synthetic identity growth has accelerated by as much as 152% within a single year.
Scale was, and still is, a problem. But persistence is changing the shape of the threat.
With one in three synthetic identities now linked to repeat offending, and the volume of synthetic identities reused repeatedly surging 40% in just a year, longevity has become one of the defining characteristics of the risk.
Why accumulated credibility is a syntheticโs real advantage
Artificial intelligence is a major factor. AI-enabled tooling, public data exposure and fragmented onboarding systems have converged to lower the barriers to creating, testing and refining synthetic identities at scale.
Fraudsters no longer need a synthetic identity to succeed immediately. They can iterate continuously, making small adjustments, resubmitting applications and observing which combinations of data, behaviours and supporting documentation survive controls.
This experimentation increasingly unfolds across multiple organisations simultaneously. One product may be used to establish legitimacy. Another to build transactional history. A third to extract value.
In many cases, lower-friction products or sectors become proving grounds before activity progresses toward higher-yield targets such as lending, business banking or money muling.
These synthetic identities are later linked to high loss values. They also become increasingly durable: the irony of repeated non-detection making them more difficult to detect having accumulated credibility. As transaction history builds and product relationships deepen, the identity begins to inherit the same internal trust signals organisations use to assess legitimate customers. That distinction matters because traditional KYC frameworks were not designed for identities that evolve in this way.
The limits of point-in-time trust
Traditional KYC fundamentally operates as a point-in-time assessment. At onboarding, organisations evaluate whether an identity appears legitimate enough to establish a customer relationship. Supporting evidence is assessed, verification checks are completed and risk thresholds are applied based on the information visible at that moment.
But synthetic identity fraud increasingly succeeds through everything that happens afterwards.
Transaction history accumulates. Payment behaviour appears stable. Internal trust grows. The identity becomes progressively more difficult to distinguish from legitimate customers operating within the same portfolio.
The harder question is whether organisations can recognise synthetic behaviour once an identity already exists on book.
Fraudsters operate across ecosystems. Most controls still operate in silos.
One of the biggest challenges in answering that question is that synthetic identities rarely operate within a single institution alone.
Fraudsters move between sectors, products and organisations with relative fluidity, adapting according to where controls appear weakest or where credibility can be established most effectively.
Most defensive environments, however, remain vertically organised. Onboarding systems, transaction monitoring, fraud operations and product-level controls often operate independently, each observing only a partial segment of the wider identity journey.
The result is fragmented visibility. A synthetic identity declined in one organisation may appear entirely new in another. Behaviour treated as low-level anomaly within one product may already form part of a broader organised pattern visible elsewhere.
This can create a misleading sense of confidence. An organisation may believe its onboarding controls are functioning effectively because large volumes of suspicious applications are prevented at entry. At the same time, synthetic identities that successfully entered months earlier may continue operating quietly inside the portfolio.
Synthetic identities will not be beaten at the gate alone.
Verification technologies will continue to improve. AI-assisted document analysis will become more capable. Detection rates at onboarding will continue to improve. But synthetic identity fraud increasingly succeeds through persistence rather than immediacy.
As a result, the organisations most resilient to exposure are likely to be those most capable of recognising when credibility itself is being manufactured over time. That means being able to:
Think horizontally across the identity journey
Fraudsters already operate horizontally across sectors, products and organisations. Synthetic identities are tested, refined and matured wherever controls appear weakest.
Defence strategies need to become equally connected. Shared intelligence, broader ecosystem visibility and cross-sector insight all help organisations understand where identities or behaviours may already have surfaced elsewhere.
Monitor beyond onboarding
Synthetic identity fraud increasingly succeeds through everything that happens after onboarding.
Transaction behaviour, relationship growth and network associations all become part of the risk picture over time. That makes continuous monitoring and ongoing behavioural assessment just as important as the original KYC decision.
Verify with broader context
Stronger ID verification remains essential. But increasingly, the most effective approaches are those drawing intelligence from multiple authoritative data sources.
The ability to validate identities against richer, broader and more connected datasets helps organisations identify inconsistencies, synthetic patterns and manufactured legitimacy far earlier in the customer journey.
These capabilities are already achievable within existing fraud operations.
Continuous behavioural assessment, broader intelligence sharing and more context-rich identity verification can all be embedded into existing workflows without creating additional operational burden for fraud teams.
From SIRA user analysis, fraud investigations complete 31% faster where cross-sector intelligence is applied alongside an organisationโs own data. In some product lines, that figure rises as high as 75%.
KYC processes may not have been designed to handle the rise of synthetic identities in their current form. But synthetic identity fraud now adapts through persistence rather than immediacy, and the organisations most resilient to exposure are likely to be those most capable of recognising when credibility itself is being manufactured over time.
For many organisations, this is more evolution than wholesale transformation.
[i] All written statistics referenced in this article are taken from โ‘Signals: Intelligence Behind the Fraud Patterns that Matter’ (March 2026) and reflect directly observed analysis from the National SIRA dataset and associated research.
