Synthetic identity fraud now accounts for a significant share of new-account fraud losses at US financial institutions. The attack pattern is precise: a real Social Security Number—often belonging to a child or someone with thin credit history—is combined with fabricated name, address, and contact details. The synthetic identity is then patient, building credit history over months before the bust-out.
Detection requires cross-institutional signal sharing that current compliance infrastructure was not designed to support.