A consumer reviews their credit card statement, notices a fraudulent charge, and initiates a dispute. Ideally, the issuer or merchant would have flagged the transaction before it reached this stage—but in reality, consumers have long played a critical role in identifying and addressing fraud.
That safeguard—and many other traditional fraud defenses—breaks down when synthetic identities are involved. Since cybercriminals combine fragments of legitimate data to create entirely new identities, there is often no real victim to detect and report the fraud.
This insular layer has made synthetic identity fraud especially attractive. Roughly one in 10 fraud attempts now involves synthetic data, contributing to the continued rise in global fraud activity.
As serious as this threat has become, it is just one tool in an increasingly sophisticated arsenal. The emergence of more convincing deepfakes and the ability of AI agents to scale fraud campaigns have rendered many conventional identity verification methods less effective.
As a result, financial institutions must rethink their approach to identity verification, moving beyond static, short-sighted models. A layered identity verification strategy not only strengthens fraud prevention but also helps build greater trust with customers.
A Matter of Time
Synthetic identities, in many ways, exemplify modern fraud. They are fueled by a digital environment where unprecedented amounts of personal data are accessible—from public records and social media activity to information exposed through breaches and theft.
Given rapid technological advancement, it was only a matter of time before cybercriminals could convincingly piece together these disparate data points.
“It’s a growing threat,” said Suzanne Sando, Lead Fraud Analyst at Javelin Strategy & Research. “The tricky part about synthetic identity fraud is, if you’re looking at a typical new account fraud situation, a victim’s information is being used to create a new account in their name. If they have security phrases on their account, they’ll know that someone’s trying to create an account.”
“With synthetic identity fraud, there is this unknown aspect because you’re Frankensteining together an identity with some real information from consumers and some fabricated information,” she said. “You might have a social security number from one person, a bunch of other aspects of the identity from another person, and then the rest of it is fake. It’s really difficult to track.”
Compounding the challenge, synthetic identities can persist undetected for extended periods. In some cases, criminals patiently build credit histories over time, enabling larger financial gains later.
Adding to the impact, advances in artificial intelligence have made creating synthetic identities faster and easier.
“Just like with any other fraud type and scam type that’s happening right now, AI is making everything 10 times worse, it’s amplifying what’s happening,” Sando said. “With synthetic identity fraud, the speed with which fraudsters can use AI to create everything that they need for an entire profile of a consumer is frightening. They’re faking everything—the documents that they need, physical biometrics, they can even fake the behaviors.”
“They’re just able to do everything so much faster,” she said. “The concern is whether financial institutions keep up with that speed.”
Not a One-and-Done
Faced with adversaries who can rapidly adapt and refine their tactics, many financial institutions are struggling to keep pace. Addressing these threats requires a fundamental shift in how identity is verified.
Traditionally, financial institutions verify identity at onboarding, protect accounts with passwords or knowledge‑based authentication, and investigate suspicious activity after it occurs. While effective in the past, this event-based approach is increasingly inadequate.
When cybercriminals can present convincing data, leverage compromised credentials, and mimic legitimate behavior, one-time checks become easy to bypass.
“Successful identity verification is not what I would consider a one-and-done situation,” Sando said. “This isn’t something where you can verify somebody’s identity once in onboarding when you’re getting everything set up and then assume everything is good to go forever. Financial institutions know that, but the implementation and consistent continuous checks are missing the boat.”
Even multi‑factor authentication, in its current form, often adds friction without reducing fraud risk.
While these controls still have value, the core issue lies in relying on a single snapshot in time to validate identity. In reality, legitimate customer profiles are constantly evolving as individuals move, open accounts, and change behaviors.
“Continuous verification over the lifecycle of an account and transaction is important because you are able to determine that a device changed, the behaviors have drastically changed from what Suzanne normally does, or there is a riskier transaction taking place—Suzanne has never paid someone $10,000 before, so maybe we should look into this,” Sando said.
“If you’re not doing those continuous checks—making sure that everything else matches, that’s where we’re falling flat,” she said. “You have to continuously verify that not only is this who they say they are, but it’s their device, their card, and it’s typical of what they would normally be doing.”
The Layered Identity Verification Approach
A more effective approach is layered identity verification—one that continuously evaluates multiple signals, including identity data, biometrics, behavioral patterns, device interactions, contextual indicators, and shared threat intelligence.
This model not only considers a broader set of factors but also reassesses them throughout the customer lifecycle. Rather than relying on any single data point, it builds confidence through cumulative evidence that can adapt as new risks emerge.
Within this framework, authoritative data plays a critical role. Acting as an independent validation layer, it can confirm or challenge other signals, reducing reliance on any single method that could be compromised.
Its importance is particularly evident in combatting synthetic identity fraud, where subtle inconsistencies may otherwise go undetected.
“Data is a huge piece that doesn’t get used enough,” Sando said. “We have so much data of our own out there—and that which is being collected by our financial institution and by other organizations—that I feel isn’t necessarily being used to the best of its capability. It’s collected and it just kind of sits there. It’s not being used for analyzing a questionable transaction.”
“When you use the data that’s available to you and you are piecing together a full picture of this consumer profile, your ability to say this is a good customer versus this is a fraudster is that much more accurate and precise,” she said.
The Balance Between Risk and Experience
The benefits of a layered approach are substantial. For organizations, it allows for stronger risk management and earlier, more effective fraud detection—reducing large-scale impacts. For customers, it supports faster onboarding and a smoother experience for low‑risk users.
“The goal is for good customers to not feel friction as they move through the account and transaction workflow, but for the fraudsters to absolutely feel the friction,” Sando said. “If you have figured that out, that is how you know you have found a good balance between identifying and managing risk and preserving the customer experience.”
While synthetic identities are not the only threat facing financial institutions, they highlight the growing sophistication of modern fraud. The ability to manufacture identities underscores the need for continuous, adaptive verification strategies.
Solutions like those offered by Data Zoo can help strengthen security, enhance customer experiences, and equip institutions with the tools needed to stay ahead of evolving fraud threats.
“It’s recognizing that the old approach is not the right answer,” Sando said. “Fraudsters are taking AI and adapting it for their own purposes a lot faster and they’re more agile than financial institutions are. FIs will always be on the defense with fraud until we get to this point where we start collaborating, sharing important network and data signals, and monitoring a customer and a transaction throughout the whole flow.”
“Until we get to the point where we accept that what we’ve always done isn’t working, that we have to make investments in the technology that can assist us, and that we have to use AI to our own advantage, we’ll always be on defense,” she said.