See the patterns shaping the next wave of financial crime
Signals exposes how fraud unfolds across organisations and sectors, revealing new insight into cross-sector behaviour, synthetic identities and the long-term impact of identity compromise.
Inside the report:
- 52% of organised fraud shows early warning signals
- At least 1 in 5 fraudsters are multi-sector repeat offenders
- Up to 66% of victim IDs are reused, most for 90+ days
- Where fraud leaders should focus next
Intelligence from National SIRA - a consortium of 180+ financial services organisations, including Tier 1 banks and major insurers.
Get your copy of the 2026 report now
Today’s signals for tomorrow’s strategies
Fraud doesn’t respect boundaries. It moves across products, sectors and institutions, making it increasingly difficult for individual organisations to see the full picture.
Drawing on National SIRA intelligence, Signals interprets the critical fraud patterns impacting financial services to give fraud leaders:
-
Greater insight into how fraud risk is evolving across the UK ecosystem
-
Evidence to support strategic and investment decisions
-
Stronger cross-functional alignment between fraud, compliance and customer teams
-
Confidence for earlier and proportionate intervention
.png?width=1372&height=1372&name=Signals%20page%20mockups%20(5).png "Signals page mockups (5)")
Who should download the report?
If your role involves detecting, preventing or understanding fraud, the Signals report provides insights grounded in real fraud behaviour.
Fraud Strategy Leaders
Understand how fraud journeys move beyond the view of a single sector or organisation, and what this means for fraud strategy.
Fraud & Financial Crime Analysts
Explore emerging patterns in synthetic identities, repeat fraud behaviour and evolving criminal tactics.
Identity & Onboarding Specialists
Gain insight into identity compromise, document fraud and the long-term risks associated with identity misuse and misclassification.
Fraud Intelligence & Analytics Teams
Discover fraud patterns derived from the UK’s largest fraud intelligence database that only become visible when activity is analysed across organisations and sectors.
Inside the 2026 report
The chapter snapshots below provide an overview of the key themes explored in Signals: Intelligence Behind the Fraud Patterns that Matter.
Cross-sector fraud journeys now extend much further
Early warning signals of major fraud
Synthetic identities beyond onboarding
Strategic deployment of fake documents
The identity afterlife
Cross-sector fraud journeys now extend much further
Fraud rarely happens in isolation
Fraud journeys rarely begin where losses ultimately appear. Today’s organised fraudsters operate across sectors, products and organisations simultaneously, building credibility in one environment before extracting value in another. In fact, 22% of fraud encountered by an organisation has already been seen elsewhere, highlighting how much activity sits beyond the view of any single institution.
This chapter explores how fraud now unfolds across the wider ecosystem. It shows why movement across sectors matters more than isolated events, how repeat offenders build credibility across multiple providers, and why organisations that recognise these patterns early resolve cases faster and reduce repeat exposure.
Early warning signals of major fraud
Escalation is often visible long before impact is realised
Serious fraud rarely appears without warning. Analysis of National SIRA intelligence shows that 44% of serious fraud is preceded by identifiable early warning signals, often months before a crime is confirmed. On average, suspicious activity begins 108 days before confirmed fraud.
This chapter examines how fraud increasingly develops within existing customer relationships rather than purely at onboarding. It explores the growing challenge of interpreting early signals confidently, responding proportionately and intervening before risk escalates into regulatory exposure, financial loss or organised criminal activity.
Synthetic identities beyond onboarding
Synthetic identity fraud is often treated as an application problem
Synthetic identity fraud is evolving rapidly, moving beyond isolated application attempts into persistent fraud infrastructure. The report reveals that synthetic IDs linked to repeat offending have surged by 40% in one year, and one in three synthetic identities is now linked to repeat fraud.
This chapter explores how synthetic identities are created, tested and reused across multiple organisations. As AI tools and stolen data make synthetic identity construction easier, these engineered identities increasingly pass onboarding checks, build credibility and enable repeat offending across financial products.
Strategic deployment of fake documents
AI is amplifying deployment strategy, not inventing new tactics
Document fraud is evolving from simple forgery into a strategic component of modern fraud journeys. Across high-risk financial products, document fraud has risen by up to 26%, while fabricated claims in some sectors have surged even further.
This chapter examines how fraudsters now deliberately exploit verification processes, sometimes even failing initial controls on purpose to trigger fallback checks that rely on documents. As AI-generated documents become easier to produce, understanding where documentation appears within a fraud pathway is becoming as important as detecting forgery itself.
The identity afterlife
When identity data is compromised, the impact rarely ends with a single fraud event
Identity fraud no longer ends when an incident is resolved. Once compromised, identities can circulate across sectors and organisations for months. The report shows that up to two-thirds of compromised identities are reused across the financial ecosystem, often long after the first misuse is detected.
This chapter explores the concept of the “identity afterlife” - the persistent lifecycle risk created when stolen identities continue to be exploited across products and institutions. It examines the regulatory, operational and customer implications of identity reuse, and why organisations must begin treating identity risk as a governance responsibility across the entire lifecycle.
Frequently asked questions
If you’d like to learn more about the themes explored in the Signals report, this FAQ explains key fraud concepts including cross-sector fraud, synthetic identities and identity compromise. As well as a short overview of National SIRA, Synectics’ fraud intelligence consortium.
01.
What is the Signals report?
Signals is a new annual fraud intelligence report from Synectics Solutions that analyses emerging fraud behaviours across multiple sectors.
The report draws on cross-sector fraud intelligence to identify patterns in how fraudsters use identities and behaviours across organisations. It highlights key trends shaping modern fraud prevention, including synthetic identity fraud, cross-sector fraud journeys and the long-term impact of identity compromise.
02.
What is cross-sector fraud?
Cross-sector fraud occurs when criminals move between different industries, such as banking, telecoms, insurance and fintech, using the same identities, behaviours or devices.
Fraudsters test identities in one organisation before exploiting them elsewhere. This means individual organisations often only see one part of the fraud journey, while the broader pattern remains hidden across sectors.
03.
What is synthetic identity fraud?
Synthetic identity fraud occurs when criminals create a new identity by combining real and fabricated personal information.
A synthetic identity might include a genuine identifier, such as a national insurance number, combined with a fabricated name, address or date of birth. These identities can pass standard verification checks and may build financial histories before being used in fraud.
Synthetic identities are increasingly viewed as a long-term fraud risk, rather than just an onboarding threat.
04.
What does “identity afterlife” mean in fraud?
The identity afterlife refers to what happens after an individual’s identity has been compromised.
When identity information is exposed through data breaches, phishing or other attacks, it can continue circulating within criminal networks. This means victims may experience repeated fraud attempts across organisations over time, long after the initial incident.
Understanding identity persistence is becoming increasingly important for organisations preventing and detecting identity fraud.
05.
What is the National SIRA consortium?
The National SIRA consortium is a cross-sector fraud intelligence network that enables organisations to share and analyse fraud data collaboratively.
By combining intelligence from 180+ organisations across multiple sectors, the consortium helps organisations identify patterns of fraud that would not be visible within a single institution’s data. This approach supports earlier detection of fraud behaviours and improves the ability to identify repeat offending.
Insights from cross-sector intelligence networks contribute to understanding the broader fraud ecosystem and have prevented £9 billion of fraud losses in the last 5 years.
06.
Who should read the Signals report?
The Signals report is designed for professionals working in fraud prevention, financial crime, fraud analytics, identity security and risk management.
Typical readers include fraud strategy leaders, fraud analysts, financial crime specialists and professionals responsible for protecting organisations from identity fraud.
Explore five areas of new research for Financial Services fraud leaders
See where fraud exposure is building, how it's moving and where your fraud team should focus next.