Synthetic identity fraud: First-party synthetics and the new fraud playbook
Today we are talking about synthetic identity fraud and why it remains one of the hardest problems for financial institutions to spot early and stop consistently.
This episode is a recap of a Banking on Fraudology conversation with David Maimon, head of Fraud Insights at SentiLink and one of the people in this space who spends a lot of time looking directly at how fraudsters operate. That matters because synthetic identity fraud is one of those issues that sounds straightforward until you get into the mechanics. Then it gets messy fast.
At first glance, a synthetic identity can look like just another fake applicant problem. But when you dig in, it is much more complicated than that. Fraudsters are mixing real and fake information, building fake persona creation over time, and exploiting identity verification gaps that many institutions still struggle to close. In some cases, the profile looks thin but plausible. In others, it looks clean because the real person behind pieces of the file has no idea their information is being used.
And that matters.
Because synthetic identity fraud does not just create charge-offs. It creates confusion. It creates blind spots. It creates cases where the identity looks real enough to pass onboarding, build history, and become more expensive to challenge later. This episode also gets into first-party synthetic identities, third-party synthetic identities, dark web identity marketplaces, fake business synthetic fraud, and where AI-generated identity fraud does and does not actually change the game.
If you work in banking fraud prevention, onboarding, identity, or risk, this is one of those conversations that helps explain why the old approach of “verify the person and move on” is just not enough anymore.
What you’ll hear in this episode:
- What makes synthetic identity fraud different from other forms of identity abuse
- How first-party synthetic identities and third-party synthetic identities create different risks for financial institutions
- What dark web identity marketplaces reveal about how criminals source stolen data and build fake personas
- Why liveness check bypass and AI-generated identity fraud are getting attention, but still have real limitations
- How fraud analyst threat research and dark web fraud intelligence help teams stay closer to current tactics
You should listen to this episode if you:
- Work in banking fraud prevention, onboarding, identity risk, or financial institution fraud controls
- Want a clearer understanding of synthetic identity detection and synthetic account opening fraud
- Need better ways to detect synthetic identities before losses grow downstream
- Care about identity verification gaps, synthetic profile risk signals, and emerging synthetic fraud trends
- Believe fraud teams need to keep their hands dirty and stay close to how criminals actually operate
If you liked this episode, be sure to subscribe and review the podcast on iTunes, Spotify, YouTube, or wherever you listen to podcasts. It really helps with getting the word out.
Episode notes & key takeaways
Before we double click on the notes, I just want to say that my marketing team told me I need to structure these notes a certain way in order for people to find my podcast. The below is a bit of that.
Why synthetic identity fraud is still one of the hardest problems in banking
Let’s break this down.
Synthetic identity fraud is difficult because it does not always look fully fake and it does not always look fully stolen. It sits in that uncomfortable middle where pieces of the identity are real enough to pass, while other pieces are fabricated, manipulated, or stitched together in ways that make the profile appear legitimate over time.
That is the part teams should care about.
Because fraudsters do not need to create a perfect identity. They just need to create one that survives the first few checks. Once that happens, the institution may help strengthen the file without realizing it. An account gets opened. A tradeline gets established. A little history develops. And suddenly the synthetic profile looks more credible because the system itself helped make it look credible.
That usually does not end well.
This is one reason synthetic identity fraud keeps frustrating so many institutions. Traditional controls are often built to answer a simpler question: is this person real or fake? But synthetics are built to break that framing. They are designed to sit in the gray space between the two.
Here is why that matters operationally:
- Synthetic identity fraud exploits systems that expect identity risk to be either clearly legitimate or clearly fraudulent
- Synthetic account opening fraud often succeeds because the profile is plausible enough, not because it is perfect
- Identity verification gaps become more expensive once the synthetic identity starts building institutional history
- Banking fraud prevention gets harder when the institution itself unintentionally strengthens the synthetic file
How first-party and third-party synthetic identities differ
Here’s what’s actually happening.
One of the most useful parts of this conversation is David Maimon breaking down the difference between first-party synthetic identities and third-party synthetic identities. Because those are not interchangeable concepts, and the distinction matters.
Third-party synthetic identities are closer to what many fraud teams already picture. Fraudsters combine real and fake information to create a synthetic profile using someone else’s data in whole or in part. That might include a legitimate Social Security number, a fabricated name, a modified address history, or other stitched-together elements from stolen personal data markets.
First-party synthetic identities are different.
Those often involve a real person misrepresenting or reshaping parts of their own identity in a way that creates confusion about intent, ownership, and accountability. The profile may still be manipulated, but the relationship between the person and the identity is different. And that difference can make response decisions much more complicated.
Right.
Because once intent becomes harder to classify, so does the case.
- First-party synthetic identities create different investigation and ownership challenges than classic third-party cases
- Third-party synthetic identities often rely more directly on stolen personal data markets and identity manipulation
- Synthetic identity detection improves when teams separate these categories instead of treating all synthetics the same
- Prevent synthetic identity fraud more effectively by aligning controls to the type of synthetic behavior you are actually seeing
What dark web identity marketplaces tell us about the supply side
This is where things get interesting.
David gets into dark web identity marketplaces and the broader criminal economy around stolen data. And this is important because synthetic identity fraud does not happen in a vacuum. The building blocks are widely available. Names. Dates of birth. Social Security numbers. Fragments of identity history. Sometimes complete data sets. Sometimes enough partial data to create something usable.
That is a problem.
Because when fraudsters can shop for identity elements the way legitimate businesses shop for tools, synthetic fraud becomes easier to scale. It also becomes easier to customize. A fraudster does not necessarily need one full stolen identity. They may only need enough real data to anchor the fake persona creation around one credible element.
That is one reason dark web fraud intelligence matters so much. It helps teams understand not just the attack showing up at the front door, but the supply chain behind it. Where the data is coming from. How it is being bundled. What fraud tactics in financial institutions criminals are discussing openly. And which methods appear to be evolving faster than internal controls.
- Dark web identity marketplaces make synthetic profile construction easier and more scalable
- Stolen personal data markets give criminals the raw material needed for fake persona creation
- Dark web fraud intelligence helps teams understand how synthetic identities are being assembled in practice
- Fraud analyst threat research is stronger when it includes how bad actors source and test identity components
Why AI and liveness bypass matter, but are not the whole story
There is a lot of talk right now about AI-generated identity fraud and liveness check bypass. Some of that concern is justified. Some of it is getting ahead of itself.
David makes an important point here. AI can help fraudsters with certain parts of the process. It can help polish documents. It can help create synthetic-looking artifacts. It can help with presentation. It may even help pressure-test onboarding paths. But AI still cannot magically fabricate a full real-world history that holds up across every signal an institution may review.
And that matters.
Because sometimes teams hear “AI” and immediately assume every control is obsolete. That is not the right takeaway. The better takeaway is that AI may help fraudsters accelerate pieces of a synthetic scheme, but the underlying challenge still comes back to whether the institution understands the profile deeply enough to question the story being presented.
Liveness check bypass is part of that conversation too. Yes, there are attempts to use generative tools to get around identity checks. Yes, those attempts are getting more creative. But again, the full file still has to make sense. The profile still has to survive broader review if the institution is looking in the right places.
- AI-generated identity fraud can improve fraudster presentation, but it does not replace real history
- Liveness check bypass attempts matter most when institutions rely too heavily on one verification layer
- Synthetic profile risk signals still need to be evaluated across the full identity story, not one checkpoint
- Financial institution fraud controls should assume AI may enhance fraud attempts without assuming it explains everything
Why keeping your hands dirty still matters in fraud work
One of the strongest themes in this conversation is the idea that fraud teams need to keep their hands dirty. And honestly, that is exactly right.
Because synthetic identity fraud evolves too fast for teams to rely only on old playbooks, quarterly summaries, or sanitized vendor slides. You have to stay close to the tactics. Close to the dark web conversations. Close to the changes in how identities are being built and tested. Close to the signals analysts are seeing on the ground.
That is the work.
And it is also what separates reactive programs from adaptive ones. Institutions that keep learning tend to have a much better chance of spotting emerging synthetic fraud trends before those trends fully mature into major losses. Institutions that stop learning usually end up confusing stability with safety.
Those are not the same thing.
This episode is a good reminder that fraud strategy is not just about buying stronger controls. It is about building teams that stay curious, stay informed, and stay close enough to the real tactics to recognize when the environment has shifted.
- Fraud analyst threat research is most useful when it stays connected to current criminal behavior
- Emerging synthetic fraud trends are easier to catch when teams keep learning from the field
- Financial institution fraud controls work better when analysts understand how the fraud is actually built
- Synthetic identity fraud requires ongoing curiosity, not one-time policy updates
The big takeaway from this episode is pretty straightforward. Synthetic identity fraud remains one of the most complex problems facing financial institutions because it exploits gray areas in identity, intent, and verification. First-party synthetics, third-party synthetics, dark web identity marketplaces, and AI-assisted tactics all add complexity. But the teams that stay close to the real mechanics of the fraud will be in a much better position to detect it early and respond intelligently.
