How synthetic identities are becoming a global fraud engine

This week we’re focused on…

Synthetic identities. Because they’re not a niche threat anymore; they’re a fraud economy. 

Lend us your imagination for a moment, and picture a fraud analyst staring at an application that looks perfect. It has clean documentation, a credible biometric match, and a stable credit file. Everything checks out. 

Except the person doesn’t exist. 

Synthetic identities have jumped from a fringe technique into a global business model, and the numbers tell the story. According to Experian’s 2025 Global Fraud Snapshot, 51% of consumers in Brazil say they’ve been victims of fraud (up from 42% in 2024) and 54% of those victims lost money. And trust is eroding elsewhere: only 22% of US consumers and 37% of UK consumers feel confident that businesses can correctly identify them online.

Consumers want security – 86% of Brazilian and over 80% of UK and US consumers prioritise safety over convenience – but they increasingly doubt brands can deliver it. And that gap is exactly where synthetic ID fraud thrives.

New strategies in synthetic ID fraud 

Instead of just manipulating documents, threat actors are assembling entire identities. 

Today’s synthetic profiles combine stolen data, AI-generated artefacts, realistic behaviour patterns, and deepfake-style biometrics.

TransUnion’s 2025 analysis puts real weight behind the shift: lenders now face USD $3.3 billion in exposure tied directly to synthetic identities. And regulators are starting to sound the alarm. A Boston Fed analysis published in April 2025, for example, warns that GenAI is increasing the speed, scale and effectiveness of synthetic-identity fraud, with losses estimated at $35 billion in 2023 – and continuing to grow through 2024-25.

Experian’s research reinforces the macro trend. Across EMEA and APAC, 55% of businesses expect fraud losses to rise in the coming year. Importantly, the threat is no longer isolated to specific markets or industries; synthetic identities are becoming the default attack method wherever onboarding is digital and incentives are high.

GenAI has changed the economics of fraud

Threat actors behave like startups: iterate fast, automate everything, and scale what works. GenAI supercharges that model.

From the defender’s perspective, the pressure is visible. Experian’s latest report on identity fraud in the US shows that nearly 60% of US businesses saw higher fraud losses in 2025. It’s no coincidence that the same study found over a third of organisations are already using AI to fight fraud – because they know attackers are doing the same.

Investment patterns show similar urgency. In the US, 38% of businesses are now putting more emphasis on investing in GenAI for identity authentication. In the UK, it’s 41%. And across EMEA/APAC, 71% of organisations agree that AI and ML-based fraud systems will be critical to keep pace with evolving threats.

Fraud is speeding up – and teams without AI-augmented defences are falling behind. 

Onboarding has become the battleground

The research shows that synthetic identities succeed where onboarding is fast, low-friction and poorly validated. Friction is still a business killer (40% of US and nearly 30% of UK consumers say they’ve considered abandoning onboarding due to poor experience, according to Experian) but cutting friction without strengthening identity controls is a gift to attackers.

There’s a trust crisis brewing too. Only 27% of UK and 32% of US consumers can name a brand that clearly explains how it uses their personal data. At the same time, 73% of EMEA/APAC businesses say orchestration (intelligently sequencing identity checks to balance user experience and risk) is now essential to keeping onboarding safe.

Biometrics remain popular: physical biometrics are trusted by 78% of UK and 76% of US consumers, with adoption hitting 72% in Brazil. But synthetic identities and deepfake media are forcing a shift from simple biometrics to biometrics with liveness, randomness and behavioural cues.

What should CISOs and cybersecurity practitioners take from this? 

The data shows one obvious path: you can’t treat identity as a point-in-time check. It has to be continuous, contextual and shared across teams.

Fraud and AML are already converging; 65% of EMEA/APAC and 60% of UK businesses are integrating their fraud and AML workflows. Because synthetic identities routinely slip through the gaps between siloed controls.

Three practical moves stand out:

• Adopt multi-layer identity proofing: biometrics + liveness + device intelligence + behavioural analytics. No single tactic is enough anymore.
• Shift to continuous identity assurance: trust should update dynamically, not just at onboarding.
• Align fraud, AML and security: they’re seeing different parts of the same problem.

Synthetic identity fraud has become a global, AI-accelerated economy – and the organisations that act early will be the ones that stay insurable, trusted and resilient in 2026.