Plastic People, Plastic Cards: Synthetic Identities Plague Finance & Lending Sector
Summary
After a pandemic lull, synthetic-identity fraud is rising again and hitting lenders hard — especially auto lenders. TransUnion estimates the cost to US lenders climbed to about $3.3 billion in 2024 (up from $1.9 billion in 2020). Fraudsters are building richer fake profiles using breached data, sometimes even creating faux business identities, and then “nurturing” those accounts with on-time payments to build credit before weaponising them.
Detection is becoming harder because criminals now leverage the same cloud and AI tooling as defenders. Still, defenders have effective signals — such as family links, driving records and ongoing behaviour — and firms emphasise adaptive risk models, richer data sources and continuous monitoring to tilt the balance back in their favour.
Key Points
- TransUnion estimates synthetic-identity losses to US lenders reached $3.3bn in 2024, up markedly since 2020.
- Auto lending is a primary target; synthetic IDs account for up to ~1% of transactions depending on product type.
- Fraudsters combine breached personal data to craft convincing synthetic consumer and business identities.
- Common tactic: “nurture” accounts with legitimate payments to build credit history before exploiting them.
- 39% of synthetic identities lack listed relatives — a strong detection signal per TransUnion.
- Fraud actors now use cloud and AI tools similar to defenders, escalating the arms race.
- Effective defence requires richer data, adaptive risk models, ongoing monitoring and behavioural signals.
- Business-identity fraud (fabricated or piggybacked companies) is growing as more financial services move online.
Context and relevance
This is a clear, current risk for banks, auto lenders, fintechs and credit bureaus. The rise reflects two trends: larger pools of breached personal data that criminals can stitch together, and broader access to automation and AI that makes synthetic profiles more realistic. For risk, fraud and product teams, the piece underlines why single-point checks are no longer enough — continuous, multi-source verification and behavioural monitoring are becoming essential.
Why should I read this?
Short answer: if you touch lending, credit risk or payments, this affects your bottom line. The article is a quick, useful snapshot of why synthetic IDs are back, how crooks are getting cleverer (and slower — they play the long con), and what practical signals and approaches actually help stop them. We read it so you don’t have to — but you should.
