6-minute read time
The latest edition of our Signals webinar series brought together counter-fraud experts Osman Khurshid (Synectics), Anna Phelps (Marshmallow), and Paul Boskma, (Mitek), to discuss how synthetic identities are becoming a more effective means of committing fraud. And crucially, what’s working well for the organisation’s tackling the problem differently.
These are the session’s key insights, lessons and anecdotes – straight from the speakers themselves.
“One of the biggest lessons for me has been that synthetic identities rarely stand out when viewed in isolation. Individually, they can look like completely legitimate customers with plausible details, established credit histories and no obvious reason for concern.
Where we've had success is looking beyond the individual application and focusing on connected signals and behavioural patterns. We recently investigated a synthetic identity fraud ring where customers appeared unrelated at first glance, but network analysis revealed repeated links between policies, drivers and identity details.
Looking across the network rather than at a single customer completely changed the picture.”
“Something that concerns me is the role insurance can unintentionally play in helping synthetic identities establish legitimacy.
Certain insurance journeys have lighter KYC requirements than other financial products. If a synthetic identity successfully obtains cover, it can begin building a footprint that appears increasingly legitimate elsewhere. The information created through that activity can contribute to a broader picture that makes the identity appear more credible to other organisations.
For organisations like Marshmallow, where many genuine customers are new to the UK and have limited credit histories, this creates a particularly difficult balancing act. The challenge isn't simply identifying thin-file customers. It's understanding whether you're dealing with a genuine customer who's new to the system or a synthetic identity that's beginning to build credibility.”
“One thing we've seen repeatedly is that fraudsters understand controls incredibly well. They aren't usually attacking the strongest part of the journey. They're looking for the areas that receive less scrutiny.
A good example is named drivers. In many cases they receive fewer checks than the main policyholder, making them an attractive route for synthetic identities. We found examples where those weaker controls were being exploited both to reduce premiums and to build legitimacy for identities that could later be used elsewhere.
It shows how important it is to understand where controls differ across customer journeys, because those are often the areas fraudsters target first.”
“One thing that's really stood out to me over the last couple of years is just how organised synthetic identity fraud has become.
Historically, you might see a synthetic identity created and then exploited fairly quickly. What we're seeing now is much more sophisticated. Different criminal groups are performing different roles. Some specialise in creating synthetic identities, some focus on building credibility and others use those identities for money muling, application fraud or wider financial crime.
We've seen examples where synthetic identities first appeared in insurance before later being linked to money mule activity elsewhere. Those weren't separate fraud problems. They were different stages of the same journey.”
“A common assumption is that synthetic identities reveal themselves quickly. Increasingly, that's not what we're seeing.
Many synthetic identities are deliberately building positive histories. They're making payments on time, maintaining accounts responsibly and earning access to better products, rates and customer journeys.
The danger is that organisations reward those behaviours, which is entirely logical. The challenge is recognising that good customer behaviour doesn't always mean low risk. That's one reason why onboarding controls alone are no longer enough.”
“Synthetic identities are becoming harder to identify at the point of application. The quality of supporting information is improving, the documentation is improving and AI is reducing the effort required to create convincing identities.
For that reason, organisations need to think beyond onboarding. The most effective strategies we're seeing combine onboarding controls with ongoing intelligence, monitoring and screening throughout the customer lifecycle.
Not every customer needs intensive review. But intelligence signals and cross-sector insights can identify risk earlier without adding friction for everyone.”
“One misconception I come across quite often is that synthetic identity is primarily a document problem.
The reality is that creating convincing identity documents has become much easier. AI has lowered the barrier to entry considerably. Fraudsters can generate realistic-looking identity evidence quickly and at scale.
Organisations need to think about how evidence is captured and whether it can be trusted. If manipulated information can be injected directly into onboarding journeys, detection becomes much harder further downstream.”
“Another misconception is that stronger controls automatically mean a worse customer experience.
Many of the most effective protections operate behind the scenes. Device intelligence, injection detection and biometric analysis can all help identify risk without forcing genuine customers through additional steps.
The goal should be building multiple layers of protection while keeping the experience as seamless as possible for legitimate users.”
“One of the most valuable techniques we see is looking for recurrence. A fraudster may create multiple identities, but they often reuse parts of the process. The same faces, document characteristics and onboarding behaviours tend to appear repeatedly.
When you start looking for those recurring signals across a broader population, you can uncover organised synthetic identity activity that would be impossible to identify by reviewing applications individually. That's where many organisations have an opportunity to strengthen detection.”