AI Is Writing Better Fraud Than Compliance Teams Can Detect: Synthetic Identities and the Underwriting Gap
Synthetic identity fraud now accounts for 11% of all fraud globally — an eightfold increase over 2024. In Asia-Pacific, there was a 142% YoY surge. Generative AI can now manufacture identities that don't merely pass traditional verification — they outperform many legitimate applicants on the very metrics underwriting models were designed to trust. The gap between how fraud operates and how underwriting was designed is the single largest unpriced risk on many balance sheets.
FinSaAIstra Intelligence | Fraud and Identity Series | April 2026
The Quiet Inversion
For decades, underwriting models have operated on a foundational assumption: the identity behind an application is real. Credit scores, repayment histories, and bureau records were treated as proxies for trustworthiness.
That assumption is now being systematically exploited. Generative AI has handed organised fraud networks the ability to manufacture identities that do not merely pass traditional verification — they outperform many legitimate applicants on the very metrics that underwriting models were designed to trust.
This is not a volume problem alone. It is a structural one.
The Scale Is No Longer Theoretical
- 11% of all fraud globally is now synthetic identity fraud — an eightfold increase over 2024 (LexisNexis 2025 Cybercrime Report)
- 142% YoY surge in synthetic personal data attacks in Asia-Pacific — third-largest fraud category (Sumsub Identity Fraud Report 2025–2026)
- $23 billion in projected annual losses from synthetic identity fraud by 2030 (Deloitte)
- 62% of banks now identify digital onboarding as the highest-risk point for synthetic identity exposure
The detection gap makes these figures worse: because synthetic identities are not stolen from a real person, there is typically no victim filing a complaint. The fraud can remain invisible inside a portfolio for months or years before it surfaces as a charge-off — often misclassified as credit risk rather than fraud.
How the Manufacturing Process Works
Phase 1 — Data harvesting: fragments of genuine personal information from breached databases are combined with fabricated details. National identity numbers belonging to children or elderly individuals with dormant credit files are particularly vulnerable.
Phase 2 — Credit cultivation: the synthetic persona is introduced through low-risk channels (secured credit cards, authorised user additions) and builds a transaction history and credit profile that appears entirely legitimate over months.
Phase 3 — The bust-out: once sufficient credit access is accumulated across multiple accounts, the fraudster maximises exposure and disappears. The institution holds losses that its models evaluated as performing credit at origination.
Generative AI has compressed and scaled every stage. AI tools now produce realistic identity documents with authentic visual markers, generate social media histories lending credibility, and create deepfake imagery capable of passing biometric verification. Fraud-as-a-Service ecosystems make these toolkits commercially available.
AI fraud agents — autonomous systems combining GenAI with behavioural mimicry — can now execute end-to-end verification attempts without human intervention, adapting in real time to the friction they encounter.
The Underwriting Blind Spot
Traditional credit decisioning was engineered to assess repayment probability, not to verify whether an applicant is a real human being. This creates a dangerous paradox: the more successfully a synthetic identity cultivates its credit profile, the better it scores on the very models lenders rely upon.
Equifax’s Synthetic ID 3.0 data illustrates this starkly: among SuperPrime accounts flagged with high synthetic risk, the 90-plus day delinquency rate was 7.9% — compared to 0.3% for lower-risk accounts. The identity looked impeccable. The underlying risk was extreme.
The Response Architecture
Layered identity intelligence at origination — static document verification is insufficient. Layer device telemetry, behavioural biometrics, and identity graph analysis into onboarding. The question is not just whether documents are authentic, but whether the digital footprint behind the applicant is consistent with a real human life.
Continuous identity monitoring post-origination — one-time verification at account opening is inadequate against identities designed for long-duration cultivation. Periodic re-assessment of identity signals, particularly for accounts with atypical credit-building patterns, must become standard portfolio management practice.
Cross-institutional signal sharing — synthetic identities operate across multiple lenders simultaneously. No single institution can observe this in isolation. Bureau-level and industry-level collaboration frameworks for sharing synthetic risk indicators are essential.
Synthetic risk scoring overlaid on credit models — traditional credit scores need to be supplemented with synthetic identity risk overlays. The Equifax data demonstrates that layering these signals produces a materially more accurate risk picture.
The Strategic Reframe
The fraud is not failing. It is succeeding precisely because the underlying systems were designed for a world in which identity was hard to fabricate. That world no longer exists.
The institutions that move first will not just reduce fraud losses. They will build a structural advantage in credit quality that compounds over time. Those that wait will discover the gap through their charge-off reports — and by then, the synthetic identities will have already moved on.
Sources: LexisNexis 2025 Cybercrime Report; Sumsub Identity Fraud Report 2025–2026; Deloitte; Equifax Synthetic ID 3.0; PwC 2026 Fraud Trends.