Synthetic identity fraud (SIF) has quietly become one of the most costly and fastest-growing types of financial crime in the UK. Unlike traditional identity theft, where real customer data is stolen and misused, synthetic fraud involves fabricating new identities using a blend of real and fake information, making it notoriously hard to detect.
According to Cifas, SIF now accounts for a growing proportion of defaults in personal lending, credit cards, and even Buy Now, Pay Later schemes. For fintechs, banks, and digital platforms, the challenge is clear: synthetic fraudsters are gaming onboarding processes and bypassing KYC checks designed for real people.
In this article, we’ll explain what synthetic identity fraud is, how it works, why it’s on the rise, and what UK businesses can do to stay ahead of it.
What is Synthetic Identity Fraud?
Synthetic identity fraud happens when a fraudster creates a fictitious identity by combining real data (like a National Insurance number) with fake or manipulated details (such as a fabricated name, date of birth, or email address).
Unlike stolen identity fraud, synthetic profiles often don’t belong to a real person, so there’s no immediate victim to report the crime. That gives fraudsters more time to establish credit histories, apply for financial products, and ultimately “bust out” by disappearing with borrowed funds.
Types of synthetic identities:
- Constructed identities: Entirely fake profiles created from scratch using no real individual.
- Manipulated identities: Real details (e.g. name or NI number) are subtly changed to create a near-duplicate that evades detection.
Example: A fraudster might use a real NI number from a dormant record and pair it with a new name, untraceable phone number, and recently set an email address to apply for a credit card at a digital bank.
Why Synthetic Fraud is Rising in the UK
Several trends have created fertile ground for synthetic identity fraud:
- Digital-first onboarding: Many fintechs and challenger banks prioritise fast sign-up flows, often relying on automated KYC solutions with limited depth.
- Data breaches: Decades of compromised personal data (e.g. from electoral rolls, NHS records, and email leaks) provide raw materials for building synthetic profiles.
- Shift away from account takeovers: As Strong Customer Authentication (SCA) and 3D Secure reduce the effectiveness of credential-stuffing and phishing, fraudsters pivot to synthetic profiles that bypass existing defences.
- Post-COVID automation surge: Businesses accelerated digitisation of their identity and credit checks without fully updating fraud detection models.
- New credit products: BNPL, instant loans, and digital overdrafts offer lower-friction access to credit, an attractive vector for synthetic profiles to exploit.
How Synthetic Identity Fraud Works
Here’s how a typical synthetic identity attack unfolds:
- Identity construction: The fraudster pieces together a profile, often using a real NI number with fabricated name, date of birth, and address.
- Opening accounts: The synthetic identity passes through lightweight KYC or document checks, especially in high-volume digital platforms.
- Building credibility: Over time, the fraudster uses the synthetic account responsibly, such as making small payments, passing soft credit checks, and even opening savings accounts.
- Accessing credit: Once trust is established, the profile applies for higher credit limits or personal loans.
- Bust-out: The fraudster withdraws as much money as possible or makes purchases and vanishes while leaving no real person to track down.
This staged approach can span weeks or even years. In some cases, fraud rings manage hundreds of synthetic profiles simultaneously across multiple institutions.
Real-World Impact on UK Businesses
| Impact Area | Why It Matters |
| Loan losses | Synthetics often default with no repayment path, leading to direct write-offs. |
| Chargebacks | Synthetic identities can be used to make purchases that trigger first-party fraud or disputes. |
| Onboarding risk | Fraudulent applicants get through KYC, exposing your systems to repeat attacks. |
| Compliance exposure | The FCA expects effective fraud prevention under financial crime regulations. |
| Brand reputation | High-profile fraud cases can damage customer trust in your sign-up and approval processes. |
Even firms with strong AML frameworks can miss synthetics if their fraud detection models focus only on traditional identity theft or stolen credentials.
Typical Signs of a Synthetic Identity
Spotting a synthetic profile isn’t always straightforward, however there are red flags to watch for:
- Thin credit files or unusual profiles: A sudden jump in credit activity with no long-standing credit history.
- Mismatch in personal details: Inconsistencies between name, date of birth, and address history.
- Shared addresses: Dozens of applicants tied to a single delivery address or mobile number.
- Suspicious device fingerprints: Repeat device use across multiple identities.
- Failed biometric checks: Unsuccessful facial recognition or ID document mismatch during onboarding.
Detection and Prevention Strategies
Synthetic identity fraud can’t be stopped by one tool alone. It requires a layered, intelligence-led defence:
Use Fraud Consortiums and Shared Databases
No single business can spot every synthetic identity on its own. That’s why participating in industry-wide data sharing initiatives is essential. In the UK, platforms like Cifas, National SIRA, and Synectics Solutions allow members to cross-reference new applicant data against known fraud markers. These networks may reveal synthetic rings operating across lenders, retailers, and fintech platforms.
Set Up Velocity and Pattern Rules
Synthetic profiles often follow unusual behavioural patterns, especially when managed in bulk by fraud rings. By setting up velocity rules (how fast actions occur) and pattern triggers (how often they occur), you can detect and block suspicious activity early. For example:
- Multiple applications from the same IP or device in a short timeframe
- Rapid changes to personal details (e.g. address, phone number)
- A sudden spike in credit-seeking behaviour after a dormant period
Leverage Machine Learning
Traditional rule-based systems flag known bad behaviour, but struggle with new or evolving fraud tactics. Machine learning models, trained on millions of customer profiles, can uncover hidden connections and detect fraud based on pattern recognition rather than preset rules. ML can identify synthetic identity clusters that appear unrelated on the surface, but share underlying features like device use, timing, or behavioural anomalies. This makes them a crucial tool in any serious fraud prevention stack.
Manually Review High-Risk Outliers
While automation helps scale fraud detection, some synthetic profiles will always slip through the cracks. That’s why it’s important to build in human review capacity for flagged accounts.
Analysts can assess context, cross-reference data, and make informed decisions on edge cases, particularly for accounts showing unusual growth, inconsistent documentation, or failed biometric checks. Manual reviews not only reduce false positives, but help improve your machine learning model by providing high-quality feedback.
UK Regulatory Expectations
The UK’s regulatory landscape is increasingly focused on proactive fraud detection, even when no immediate victim comes forward. Here’s what you need to know:
- FCA’s SYSC rules (6.1.1R) require firms to establish effective systems and controls to counter financial crime, including emerging threats like synthetic identities.
- Suspicious Activity Reports (SARs) should be submitted when you suspect synthetic activity, even if no loss has occurred yet.
- KYC and AML compliance must go beyond checkbox checks, regulators expect meaningful attempts to detect identity manipulation.
- Challenger banks and fintechs have already come under scrutiny from the FCA for poor onboarding and fraud controls.
- Industry guidance (e.g. JMLSG) is evolving, and firms are expected to stay up to date as SIF becomes more prominent in regulatory reviews.
Conclusion
Synthetic identity fraud is growing rapidly in both scale and sophistication. It’s no longer just a fringe issue affecting lenders, it’s a systemic threat across UK fintech, e-commerce, and financial services.
But with a proactive, layered approach, UK businesses can stay ahead of this fast-moving threat. Reviewing your onboarding flows, enriching your identity checks, and investing in advanced fraud detection tools are essential.
