Attack Type · Synthetic Identity

Synthetic Identity Fraud Detection

Synthetic identity fraud — where fraudsters blend real and fabricated data to create new identities — is the fastest-growing form of financial fraud in the US. Fraudhalo catches it at origination before the exposure builds.

Detection Signals

Synthetic identity markers at origination.

Synthetic identities are designed to look legitimate at surface level. Fraudhalo detects them through cross-field consistency analysis and identity graph edge patterns that real identities don't produce.

name_ssn_match
Name-SSN correlation score
Cross-reference of name components against SSN issuance records and known identity data. Synthetic identities often pair real SSNs with fabricated names, creating detectable inconsistencies.
thin_file_indicator
Thin credit file flag
New credit file with no established tradelines, combined with immediate high-value application. Synthetic identities are "built up" over time — thin files at origination are a risk signal.
addr_velocity
Address velocity and consistency
Multiple identity applications using the same address within a short window, or addresses inconsistent with stated employment or income level.
identity_graph_edges
Identity graph inconsistencies
SSN linked to multiple names, addresses, or phone numbers across the identity graph. Real people rarely share SSNs across distinct identity clusters.

BNPL Relevance

Why synthetic ID fraud is especially costly in BNPL origination.

BNPL providers extend short-term credit at origination with minimal friction by design. That friction reduction is also the attack surface. A synthetic identity can apply for a BNPL facility, make several small purchases to build repayment history, then max out the credit line and disappear — a bust-out pattern that often takes 60-90 days to manifest in loss data.

Fraudhalo's synthetic identity detection operates at the application event, not at chargeoff. By scoring the origination request against identity graph signals and thin-file patterns, BNPL providers can reject synthetic applicants before extending any credit.

"Synthetic identity is now our number one loss driver, and it's almost invisible until 90 days after origination. Getting a detection signal at application-time rather than at chargeoff changes the entire economics of the problem."

Head of Risk Engineering — BNPL provider

Ready to protect your transaction layer?

Join our pilot cohort. We are working with payment processors, neobanks, and BNPL providers processing more than 50,000 transactions per day.

Request a Pilot