Identity Theft Protection18 min read0 views

Synthetic Identity Fraud: The Growing Threat You Need to Know About

Synthetic identity fraud costs lenders over 6 billion dollars annually and is the fastest-growing type of financial crime. Learn how criminals combine real and fabricated data to create entirely new identities, why it is nearly impossible to detect, and how to protect yourself from becoming an unwitting ingredient.

Zainab Mohammed

Zainab Mohammed

Digital Safety Educator · June 11, 2026

Synthetic Identity Fraud: The Growing Threat You Need to Know About

Key Takeaways

  • Synthetic identity fraud uses a real Social Security number combined with fabricated name, date of birth, and address data to create a completely new identity that does not belong to any real person — making it vastly harder to detect than traditional identity theft
  • Children, elderly individuals, incarcerated people, and recent immigrants are the most common SSN donors because their numbers are rarely monitored and fraud can go undetected for years
  • Criminals invest months or years building credit on synthetic identities — opening small accounts, making payments on time, and gradually increasing credit limits before executing a bust-out where they max everything and vanish
  • You cannot freeze a synthetic identity because it does not exist under your name at the credit bureaus — the only defense is monitoring whether your SSN is being used under a different name
  • The SSA now offers electronic SSN verification (eCBSV) to help lenders detect mismatched SSN-name-DOB combinations, but adoption remains incomplete across the financial industry

Traditional identity theft is straightforward: someone steals your information and pretends to be you. But synthetic identity fraud is something different — and far more insidious. Instead of stealing a complete identity, criminals take a single real element (usually a Social Security number) and combine it with fabricated names, birth dates, and addresses to build an entirely new person from scratch.

This fabricated person does not exist. They have no real face, no real address history, no real employment. But they can open bank accounts, get credit cards, take out loans, and build years of credit history. When the criminal finally decides to cash out — maxing every credit line simultaneously and vanishing — there is no real victim to send the collection notice to. The SSN owner often has no idea their number was used.

Synthetic identity fraud is now the fastest-growing type of financial crime in the United States, costing lenders an estimated 6 billion dollars annually. Here is how it works, why it is so difficult to stop, and what you can do to protect yourself.

How Synthetic Identities Are Built

Creating a synthetic identity is a multi-step process that can take months or even years before the criminal sees a return. Understanding the process helps you recognize why traditional fraud detection fails against it.

Step 1: Acquire a Real SSN

The foundation of every synthetic identity is a real Social Security number. Criminals obtain these through:

  • Data breaches: Billions of SSNs have been exposed in breaches over the past decade. SSNs from breaches that exposed names, DOBs, and SSNs are particularly valuable, but even SSNs alone are useful for synthetic fraud
  • Dark web marketplaces: SSNs sell for 1 to 5 dollars on dark web markets. Children's SSNs command higher prices because they have no existing credit history to conflict with
  • Targeted theft: Some criminals specifically target populations whose SSNs are least likely to be monitored

The ideal SSN for synthetic fraud belongs to someone who will not be applying for credit anytime soon:

  • Children under 18: Their SSNs have no credit file, and fraud can go undetected for over a decade
  • Elderly individuals: Especially those in long-term care facilities who are not opening new accounts
  • Incarcerated individuals: Cannot monitor their credit while serving sentences
  • Recent immigrants: May not understand the US credit system or know they should monitor their SSN
  • Deceased individuals: Though the SSA Death Master File catches some of these, there are delays

Step 2: Construct the Fabricated Identity

The criminal pairs the real SSN with entirely made-up personal information:

  • A fictitious name that does not match the SSN owner
  • A fabricated date of birth (usually making the synthetic identity 25-45 years old, regardless of the real SSN holder's age)
  • A real physical address (often a rented mailbox, vacant property, or an address where the criminal can receive mail)
  • A burner phone number and dedicated email address

This combination is the key to why synthetic fraud evades detection. When a lender checks the SSN, it does not match any existing credit file exactly — the name and DOB are different from the real SSN holder's profile. The credit bureau creates a new, thin credit file for this apparently new consumer.

Step 3: Build Credit Systematically

The criminal now begins a patient credit-building campaign:

  1. Apply and get denied: The first credit application is almost always denied because the synthetic identity has no credit history. But the application itself creates a credit inquiry, which establishes the synthetic identity's credit file at the bureau
  2. Secured cards and authorized user piggybacking: The criminal opens a secured credit card (putting down a small deposit) or buys authorized user tradeline access on someone else's established account
  3. Small accounts with perfect payment history: Over 6 to 18 months, the criminal makes every payment on time, keeps utilization low, and gradually requests credit line increases
  4. Cross-bureau establishment: By applying at creditors that report to different bureaus, the criminal builds profiles at Equifax, Experian, and TransUnion
  5. Escalation: With 12-24 months of clean history, the synthetic identity now qualifies for unsecured credit cards, personal loans, and even auto loans with credit limits that can reach tens of thousands of dollars
Anatomy of a Synthetic Identity REAL ELEMENT SSN From breach, dark web, or targeted theft Stolen: 1-5 each + FABRICATED ELEMENTS Fake Name Fake DOB Rented Address Burner Phone Disposable Email None match the real SSN owner = SYNTHETIC IDENTITY ? New credit file No real person Undetectable by traditional monitoring Potential value: 50K+ Traditional credit monitoring only watches YOUR name — synthetic fraud creates a separate file under a DIFFERENT name using your SSN
A synthetic identity combines one real element with fabricated data. Since the resulting identity does not match the SSN owner, traditional monitoring misses it entirely.

Step 4: The Bust-Out

After months or years of building the synthetic identity's credit, the criminal executes the bust-out:

  1. Request credit line increases on all accounts simultaneously
  2. Open new accounts at as many lenders as possible in a compressed timeframe
  3. Max out every credit line — cash advances, purchases, balance transfers
  4. Convert everything possible to cash or cryptocurrency
  5. Abandon the identity entirely

A well-cultivated synthetic identity can generate 50,000 to 200,000 dollars or more in a single bust-out. Some organized fraud rings run dozens of synthetic identities simultaneously, each at different stages of the credit-building lifecycle.

Why Traditional Fraud Detection Fails

Synthetic identity fraud exploits several fundamental gaps in the financial system:

  • Credit bureau file creation: When a credit application arrives with an SSN that matches no existing file, the bureaus create a new file rather than flagging the mismatch. This is by design — new consumers need to start credit files. But it also means synthetic identities get files created automatically
  • No real-time SSN-name verification: Until recently, lenders had no way to verify that an SSN actually belongs to the name on the application in real time. The SSA's eCBSV system now offers this, but adoption is not universal
  • No victim to complain: In traditional identity theft, the real person notices unauthorized accounts and raises an alarm. With synthetic fraud, the fabricated person does not exist, so no one complains until the creditor takes a loss
  • Good payment behavior: During the credit-building phase, the synthetic identity behaves like a model consumer — on-time payments, low utilization, gradual growth. This is the opposite of what fraud detection systems look for
  • Classification as credit loss: When a synthetic identity defaults, lenders often classify it as a regular charge-off rather than fraud. The Federal Reserve estimates that up to 20 percent of charge-off losses at some institutions may actually be synthetic identity fraud that was never identified as such

How This Affects Real People

Even though the synthetic identity uses a different name, the real SSN owner can still suffer consequences:

  • Mixed credit files: Credit bureau data sometimes merges information from the synthetic identity into the real person's credit file, causing unexplained addresses, accounts, or inquiries to appear on your credit report
  • SSA earnings confusion: If the synthetic identity is used for employment, the earnings get reported to the IRS under the real SSN, potentially triggering tax issues or affecting Social Security benefits calculations
  • Application denials: When the real SSN owner applies for credit, the existing synthetic file (especially post-bust-out debts) can create confusion or outright denial
  • Law enforcement complications: In rare cases, criminal activity conducted under the synthetic identity can create records associated with the real SSN

Children are especially vulnerable. A child whose SSN was used in a synthetic identity at age 3 may not discover the problem until they apply for their first student loan at 18 — by which time 15 years of fraudulent activity may be attached to their number.

The CPN Scam: Building Synthetic Identities in Plain Sight

Credit Privacy Numbers (CPNs) are marketed online as legitimate alternatives to your SSN for credit applications. In reality, CPNs are one of the primary tools used to facilitate synthetic identity fraud:

  • CPNs are typically stolen SSNs (often from children, elderly, or deceased individuals) repackaged and sold as "legal" credit numbers
  • Using a CPN on a credit application is federal fraud — you are misrepresenting your identity to a financial institution
  • Companies selling CPNs often include "credit building" packages that are essentially synthetic identity fraud playbooks
  • Some CPNs are actually ITINs (Individual Taxpayer Identification Numbers) that have been repurposed, which adds immigration fraud to the list of crimes

There is no legal alternative to your SSN for credit applications. Anyone selling CPNs is selling stolen numbers and coaching you through a federal crime. The FTC and Department of Justice have prosecuted both CPN sellers and buyers.

Protecting Yourself from Becoming an Unwitting Ingredient

Since synthetic fraud uses your SSN under a different name, your traditional defenses (credit monitoring, fraud alerts, credit freezes) are only partially effective. Here is what actually helps:

Monitor Your SSN Directly

  • Check your SSA Statement annually: Go to ssa.gov/myaccount and review your earnings record. If employers you have never worked for appear, your SSN is being used for employment under a different name
  • Use SSN-level monitoring: Some identity theft protection services monitor your SSN across multiple name-DOB combinations, not just your name. This is the most direct way to detect synthetic fraud. Aura, LifeLock, and Identity Guard all offer some form of this
  • IRS Identity Protection PIN: Even though synthetic identities typically do not file taxes under your name, getting an IP PIN prevents any surprises

Protect Children's SSNs

  • Freeze children's credit: All three bureaus allow you to freeze a minor's credit file. If no file exists, the freeze creates a protected file that prevents new accounts
  • Check annually: Each year, check whether your child has a credit file at the three bureaus. Children should not have credit files unless something is wrong
  • Guard the SSN card: Schools, sports leagues, and after-school programs do not need your child's SSN. Provide it only to medical providers, government agencies, and financial institutions

Respond to Mixed File Indicators

If you see any of these on your credit report, your SSN may be involved in a synthetic identity:

  • Addresses where you have never lived
  • Name variations you do not recognize (not just misspellings)
  • Employer names you have never worked for
  • Hard credit inquiries you did not initiate
  • Accounts you do not recognize (even if they show as "closed" or "paid")

File a dispute with the credit bureau for any information that does not belong to you. Include a note requesting that the bureau verify the SSN-name-DOB combination for each disputed item.

Defense Layers Against Synthetic Identity Fraud LAYER 1: STANDARD ~ Credit freeze (all 5) ~ Credit monitoring ~ Fraud alerts Partial — only protects YOUR name LAYER 2: SSN-LEVEL SSA earnings check SSN-name monitoring IRS IP PIN Catches cross-name SSN misuse LAYER 3: PROACTIVE Child credit freeze Minimize SSN sharing Mixed-file disputes Prevents SSN from being used Increasing effectiveness against synthetic fraud →
Standard credit protections only cover your named identity. Layers 2 and 3 specifically target the cross-name SSN misuse that makes synthetic fraud possible.

How the Industry Is Fighting Back

The financial industry and government agencies are developing new tools to combat synthetic identity fraud:

  • eCBSV (electronic Consent-Based SSN Verification): Launched by the SSA, this system allows lenders to verify that an SSN, name, and date of birth all match the SSA's records in real time. This directly targets the core vulnerability synthetic fraud exploits. However, adoption requires consumer consent and lender integration, both of which are still scaling
  • AI and machine learning models: Some lenders are deploying models that analyze credit-building patterns for synthetic identity indicators — rapid credit-building from a thin file, specific application patterns, address clustering across seemingly unrelated identities
  • Cross-institutional data sharing: Consortiums of lenders are sharing synthetic identity indicators to catch fraud rings operating across multiple institutions. The Early Warning Services network and similar initiatives flag suspicious patterns that individual lenders cannot see in isolation
  • SSN randomization: Since 2011, the SSA has issued SSNs randomly rather than based on geography and group numbers. This makes it harder (but not impossible) for criminals to guess valid SSN ranges for specific demographics

The Bottom Line

Synthetic identity fraud is a fundamentally different threat than traditional identity theft, and it requires different defenses. You cannot protect yourself by monitoring only your own credit report under your own name — you need to monitor whether your SSN is being used under any name. Freeze your children's credit proactively, check your SSA earnings statement for phantom employers, and consider an identity theft protection service that specifically monitors for SSN-name mismatches. The industry is building better defenses, but until SSN verification becomes universal, your vigilance is your primary protection.

Frequently Asked Questions

Traditional identity theft uses your complete real identity — your name, SSN, date of birth, and address — to impersonate you. You typically discover it quickly through unauthorized charges, new accounts, or collection notices. Synthetic identity fraud takes only one element (usually your SSN) and combines it with fabricated information to create an entirely new person. Since the resulting identity does not match your name or address, fraud alerts and credit monitoring under your name will not catch it. You may never discover the fraud unless you check whether your SSN is being used under a different name.

Zainab Mohammed

Zainab Mohammed

Digital Safety Educator

Personal Cybersecurity

Zainab is a digital safety educator dedicated to making cybersecurity accessible to everyday users. She specializes in personal security, mobile device protection, and online privacy, translating complex technical concepts into clear, actionable guidance that non-technical readers can immediately apply. Her writing empowers individuals to take control of their digital safety without needing a security background.

You Might Also Like

Free Newsletter

Stay Ahead of Cyber Threats

Get weekly cybersecurity insights and practical tips. No spam, just actionable advice to keep you safe.