Identity theft is becoming an increasingly serious problem in auto lending, with fraud rates surpassing those seen in credit card applications.
According to data from SentiLink, fraudulent auto loans accounted for 3.3% of all applications in the first half of 2025, spiking to 5.5% in May during a coordinated attack on select lenders. By comparison, the identity theft rate for credit card applications was 2.7%.
The report identified several common warning signs of fraudulent auto loans. The most frequent red flag involved issues with the applicant’s phone, such as unusual geographic patterns—when the area code or other phone information does not match the applicant’s other data. Additional concerns include mismatched email data, suspicious email domains, and risky carriers.
Synthetic Fraud Is Less of a Threat
Synthetic fraud—where fabricated identities are used—has been less of a concern for auto lenders than applications that misuse real personally identifiable information (PII). Instances of Synthetic fraud fell to 0.8% in the first half of this year. Since many auto loans are completed in person, using a wholly synthetic identity typically requires at least a forged driver’s license; more commonly, an applicant will present their own license together with a stolen Social Security number.
“Auto loans are vulnerable to fraud because they involve large dollar amounts and multiple points of contact between the buyer, dealer, and lender,” said Jennifer Pitt, Senior Analyst of Fraud Management at Javelin Strategy & Research. “Though identity verification at the dealer level is often the first line of defense, the process often relies on manual reviews that lack real-time verification. Those gaps give fraudsters using stolen identities just enough time to get approved before the lender reviews the file. Auto financing still depends on human review, which is often not sufficient to spot sophisticated fraud.”
How the Game Is Played
One Miami auto-theft and fraud ring carried out coordinated attacks using stolen identities, according to SentiLink. Mules purchased vehicles using false information on loan applications. Some dealership employees were complicit, and the buyers laundered titles through corrupt contacts at the DMV. The ringleaders then exported the cars or funneled them through luxury rental fronts.
Another tactic: the identities used in an attack had been previously used in applications with credit-builder companies to create a transaction history for the criminals’ stolen or fabricated PII, making the applications appear legitimate on first review.
