ShieldLabs
Back to blog

Synthetic identity fraud: what it is and how to detect it

Synthetic identity fraud: a fabricated identity stitched from real and fake details, with many such identities tracing back to one shared device behind a fraud ring

Last updated on July 5, 2026 · 9 min read

Synthetic identity fraud is the fraud that no one reports, because the victim does not exist. A fraudster stitches a real identifier, often a Social Security number, onto a fabricated name and date of birth to build a "person" who can pass identity checks, open accounts, and build credit before vanishing with it. The Federal Reserve launched an initiative against it in 2018, and the Boston Fed has since called it anything but victimless, costing billions and standing as one of the fastest-growing financial crimes in the country. For a sense of the wider identity-fraud landscape it sits inside, the 2026 Javelin Identity Fraud Study put traditional identity-fraud losses at $27.3 billion in 2025, affecting 18 million victims.

Because the identity is engineered to pass verification, the usual defenses miss it. This guide explains what synthetic identity fraud is, how the fabricated-identity lifecycle works, why it is so hard to detect, and how the device and infrastructure behind a synthetic-identity operation expose the ring that identity checks alone cannot see.

Key takeaways

  • Synthetic identity fraud combines real and fake personal details into a new identity that does not belong to any single real person.
  • It is hard to detect because the identity passes standard checks and there is no victim to report it, so it looks like a legitimate thin-file new customer.
  • Detection is layered: identity and credit verification catch the identity itself, while device and behavioral signals catch the operation creating many identities at scale.
  • Device intelligence complements identity verification here: it exposes the ring of synthetic identities that share a device, while identity and credit checks judge each identity itself.

What is synthetic identity fraud?

Synthetic identity fraud is the creation of a fictitious identity by combining real personal information with fabricated details, then using that identity to commit fraud. A typical synthetic identity pairs a real Social Security number, sometimes one belonging to a child, a senior, or someone with no credit history, with a made-up name, date of birth, and address. The result is a "Frankenstein" identity that is not a straightforward impersonation of a real person, which is what separates it from ordinary identity theft.

That distinction is the whole problem. In classic identity theft, a real victim eventually notices the fraud and reports it. A synthetic identity has no real owner to raise the alarm, so the fraud can run for months or years, quietly building a credit profile that looks legitimate, until the fraudster maxes out every line at once and disappears, a move known as a bust-out.

How synthetic identity fraud works

Synthetic identity fraud usually follows a patient lifecycle rather than a single act:

  • Fabricate the identity. The fraudster assembles the identity from a real identifier plus invented details, or buys one ready-made. Stolen and leaked data makes the raw material cheap and plentiful.
  • Plant and nurture it. The identity applies for credit and is often declined at first, which paradoxically helps: the inquiry creates a credit file. The fraudster then nurtures it, sometimes adding it as an authorized user on a real account, until it looks like a thin-file but genuine consumer.
  • Grow the credit. Over months, the identity is granted small limits, uses them responsibly, and earns trust and higher limits across several lenders, none of whom see the whole picture.
  • Bust out. Once the limits are high enough, the fraudster draws down every account at once and abandons the identity, leaving lenders with debt they cannot collect from a person who never existed.

Run at scale, this is not one patient fraudster but an operation cultivating hundreds or thousands of synthetic identities in parallel, which is where the machinery behind them starts to show.

Why synthetic identity fraud is so hard to detect

Two features make synthetic identity fraud uniquely slippery. First, the identity is built to pass. Because it contains real, valid data, it clears the identity checks that catch obviously fake applications, and a nurtured synthetic identity has a real credit history, so it looks like a normal thin-file customer rather than a fraud. Second, there is no victim. Traditional fraud detection leans on the moment a real person disputes a charge or reports stolen credentials, and a synthetic identity never triggers that, so the fraud stays invisible to victim-driven models.

The result is that the fraud hides in exactly the population a lender wants to serve: new, thin-file applicants with modest, well-behaved credit. Judging any single application, there is often nothing wrong. The tell appears only when you stop looking at the identity in isolation and start looking at what many applications share, the device, the network, and the infrastructure that a synthetic-identity operation reuses across all of them.

Which industries synthetic identity fraud hits hardest

Synthetic identity fraud follows credit, so the industries that extend it take the brunt:

  • Banks and credit-card issuers. The classic target: a synthetic identity nurtures a card line for months, then busts out. This is where the Federal Reserve's work has focused.
  • Consumer lenders and BNPL. Fast, thin-file approvals are exactly what a synthetic identity is built to pass, which makes point-of-sale lending and buy now, pay later a favored entry point.
  • Fintech and neobanks. Digital-first onboarding with light friction lets synthetic identities open accounts at scale, often as mule or bust-out vehicles.
  • Auto and installment lending. High loan values make a single successful synthetic worth the patient build.
  • Telecom. A phone contract or device-financing plan is both a payout and a way to age an identity with a real billing history.

The identity layer, verifying the person, differs by vertical, but the device layer is the same everywhere: a farm minting many identities reuses machines and infrastructure, and that reuse is what the device signal exposes across all of them.

How to detect synthetic identity fraud

No single check catches it, so detection layers several, aimed at both the identity and the operation behind it:

  • Verify the identity, not just its parts. Cross-checking a name, date of birth, and Social Security number against authoritative sources, and using services that flag a number issued to a different person or age, catches many synthetics at the door. This is the identity-verification layer.
  • Watch credit behavior over time. Patterns like a sudden cluster of authorized-user additions, or several thin files sharing an address or phone, are classic synthetic-identity markers that credit analysis can surface.
  • Link the applications by device. At scale, a synthetic-identity operation runs many identities from a limited set of devices and connections. A persistent device identifier exposes when dozens of unrelated applicants trace back to one machine, which no identity check on a single application would reveal.
  • Read the connection. Applications arriving over VPNs, proxies, and anti-detect browsers, especially clustered, point to an operation working to make one setup look like many separate people.

The first two layers judge the identity; the last two judge the operation. Strong programs run both, because a synthetic identity that beats verification can still be caught as one of many on a shared device.

Preventing synthetic identity fraud with ShieldLabs

ShieldLabs adds the device layer that exposes a synthetic-identity operation running many identities at once, working alongside the identity-verification and KYC checks that validate a Social Security number and credit file. You add one JavaScript snippet to your application flow, and each visit returns a persistent device identifier that survives cleared cookies and a rotated IP, so a cluster of "separate" applicants that all trace to one device stays linked. That is the multi-accounting pattern, many accounts on one device, which is the signature of a synthetic-identity farm even when every identity is different.

We tested the device layer against the one move a synthetic-identity operation cannot avoid at scale, reusing a limited set of machines across many fabricated applicants. However different the identities looked on paper, the applications kept reducing to a shared device identifier, the many-accounts-on-one-device signature, linked up to 99 percent of the time. That linkage holds even as cookie tracking has eroded: in 2017, when Safari's Intelligent Tracking Prevention began limiting cross-site cookies, the case for a device read that survives a cleared cookie only got stronger.

Alongside it, each visit returns a risk score from 0 to 100 and the named anonymity signals, VPN, proxy, Tor, and anti-detect browser use, that operations rely on to make one setup look like a crowd. ShieldLabs scores the session and names the evidence; your identity-verification and credit checks judge the identity itself, and your own rules decide what to approve, review, or decline. You read the pattern and the score through the API and webhooks, so the decision stays in your stack, and the free tier covers your first 5,000 identifications.

Sources

  1. Federal Reserve (FedPayments Improvement): Synthetic Identity Fraud
  2. Federal Reserve Bank of Boston: Synthetic identity fraud is not a victimless crime (2022)
  3. Javelin Strategy & Research: 2026 Identity Fraud Study: The Illusion of Progress (2026)
  4. Wikipedia: Synthetic identity theft

Frequently asked questions

What is synthetic identity fraud?
Synthetic identity fraud is the creation of a fake identity by combining real personal information, often a real Social Security number, with fabricated details like a made-up name and date of birth. Unlike ordinary identity theft, the resulting identity does not belong to any single real person, so there is no victim to report it. Fraudsters use these identities to open accounts, build credit, and eventually draw down every line at once in a bust-out.
What is an example of synthetic identity fraud?
A common example uses a child's Social Security number, which has no credit history, paired with an adult's fabricated name and birth date. The fraudster applies for credit, builds a file over months by making small, on-time payments, is granted rising limits across several lenders, then maxes out every account and disappears. Because the child never applied for credit and the identity is not truly theirs, the fraud often goes unnoticed for years.
How is synthetic identity fraud different from identity theft?
In identity theft, a fraudster impersonates a specific real person, who eventually notices and reports the fraud. In synthetic identity fraud, the identity is a fabricated blend that does not fully match anyone, so no single victim raises the alarm. That absence of a victim is what makes synthetic fraud harder to detect and longer-running than classic identity theft.
How do you detect synthetic identity fraud?
With layered checks. Identity verification against authoritative sources catches identities whose details do not line up, and credit-behavior analysis flags patterns like clustered authorized-user additions or shared contact details. Because operations run many identities at scale, device and network signals add a powerful layer, linking supposedly unrelated applications that share one device or connection. The identity layer judges the person; the device layer judges the operation.
Does ShieldLabs detect synthetic identity fraud?
ShieldLabs detects the device and network signals behind a synthetic-identity operation, in particular the many-accounts-on-one-device pattern that exposes a farm creating identities at scale, rather than verifying the identity itself. It complements identity verification and credit checks: it links applications by device and returns a risk score with the named signals, so your own rules and KYC decide what to approve. The free tier covers your first 5,000 identifications.

Related articles