The landscape of synthetic identity creation is evolving rapidly, driven by unprecedented advancements in AI tools that are both more powerful and widely accessible. While automation in identity fraud and its prevention isn’t new, today’s developments dramatically shift the paradigm. What strategies can we adopt to respond effectively?

Banks have allocated significant tools and resources to fight fraud, but these efforts have only achieved partial success. Despite their initiatives, fraud losses continue to climb, with synthetic identity fraud now emerging as the leading contributor. It has surpassed traditional forms of fraud like credit card fraud and identity theft. Notably, a 2023 TransUnion report identified synthetic identity fraud as the fastest-growing form of fraud worldwide.

Synthetic identity fraud is fundamentally a manipulation of data — blending fragments of genuine personal information with fabricated data to bypass systematic controls and alerts. The focus is shifting away from established schemes such as card fraud, account takeover, impersonation and application fraud involving fake identities and documentation. More sophisticated fraud models like authorized push payment schemes are surging, where legitimate customers initiate payments themselves. This approach simplifies the process of circumventing security measures, making detection and prevention increasingly challenging.

Four changes are at play here that open new doors to threat actors:

1. Synthetic identity quality now meets quantity. New generative AI tools dramatically ramp up both the quantity as well as the quality of synthetic identity creation — for example, using generative AI to fill in the gaps in identity creation by creating plausible supporting identity content, employment documentation, social media content, images and voices at mass scale.
2. Building and deploying synthetic IDs now takes minutes, not days. AI tools also deliver extreme speed. Viable synthetic identities may have taken several days or weeks to build in the past, requiring significant manual effort. They can now be built in minutes and deployed almost immediately.
3. “Off-the-shelf,” easy-to-use tools are widening the pool of bad actors. Readily available tools, once only hidden deep on the dark web, are now widely accessible through everyday social channels — whether those are generative AI tools focused on creating synthetic identities or code for malicious attacks. This is “de-skilling” synthetic identity fraud, making it a transactional process that many more bad actors can manage, with tools either specifically developed for this purpose or more generic GenAI tools put to that purpose.
4. Orchestration and coordination are on the rise globally. Large, organized groups of bad actors are harnessing these tools, increasingly at an international scale across borders, to create and manage hundreds if not thousands of identities.

So, how do industry leaders manage dynamic hidden threats?

The good news is that you likely have all the puzzle pieces you need for your systems to answer questions like “Is the person’s application I’m dealing with really the person I think they are?” or “Is this a legitimate transaction request from this long-standing customer?”

Banks hold vast amounts of data related to customers, devices, behaviors, transactions and networks. When combined, this data paints a comprehensive picture, incorporating elements like customer and account information, counterparty and transaction details, alert histories, watch lists and negative news screenings. These datasets form the foundation for robust fraud risk management and power analytical models designed to prevent, detect or investigate fraud.

However, many banks operate within a fragmented ecosystem of platforms, tools and models, often functioning in isolated silos. Separate operational teams may also focus on distinct fraud types, hindering seamless collaboration and slowing information sharing during investigations.

This siloed approach is insufficient to address the sophisticated challenges posed by advancing technology. To combat emerging threats, banks must adopt innovative learning processes and tools that offer a unified, advanced perspective on data. Tackling synthetic ID-driven fraud demands connecting internal and external datasets to enrich insights, enabling a deeper contextual understanding of customers, transactions and relationships.

Yet, the challenge is not solely about integrating these datasets — it’s about delivering critical insights at speed and scale. Accurate fraud detection and minimizing false positives must occur in real time to keep pace with faster payment systems and shrinking detection windows. Banks no longer have the luxury of extended decision-making timeframes as fraudsters exploit the rapid expansion of new payment rails.

The solution lies in constructing a contextual view of customers, counterparties and their interconnected relationships that goes beyond analyzing individual transactions. Incorporating context into data is pivotal. Achieving this requires a strong data foundation that merges internal and external datasets with intelligence about the relationships between entities — people, organizations and places — at scale, fostering a holistic understanding of risk.

This represents the next evolution of fraud risk management — a unified framework that spans fraud types, channels and products, leveraging advanced data and analytics. As fraud volumes increase and synthetic identities become more prevalent, banks can no longer rely on existing systems alone for accurate decision-making. A shift to powerful, cutting-edge technology is essential to address and prevent these risks effectively.