by Jack Robertson
Synthetic identity fraud has become one of the most pressing threats in financial services, with UK losses exceeding £300 million in 2024. Unlike traditional identity theft, which reuses identities, synthetic fraud creates entirely fabricated personas that can operate undetected for months or years before striking.
Cifas, a non-profit fraud prevention organisation, recorded 421,000 cases filed to the national fraud database in 2024—a 13% increase, representing the highest number on record. Identity fraud accounted for 59% of cases, with synthetic fraud increasing 60% year-over-year to nearly a third of cases.
Synthetic identity fraud represents a fundamental departure from traditional fraud patterns. Instead of stealing existing identities, criminals create new personas by combining genuine data, such as national insurance numbers, with fabricated names and addresses. This creates what industry experts term “Frankenstein identities” that appear legitimate enough to bypass conventional know your customer (KYC) and anti-money laundering (AML) checks.
The sophistication of these attacks has been dramatically amplified by artificial intelligence (AI). Kat Cloud, head of government relations at Sumsub, says synthetic document fraud attempts have surged nearly 300%, with AI-generated passports and IDs increasingly convincing enough to bypass basic checks. “That’s just one layer: full-blown synthetic identities, built from stolen data and AI visuals, are flooding platforms,” she adds. This technological arms race has fundamentally altered the fraud landscape. Sara West, commercial director at ID-Pal, observes: “In this new post-AI world, we need to just look at the rise in synthetic identities and deepfake injection attacks to understand a business can be compliant, yet remain vulnerable to fraud.”
Ultimately, fraud prevention hinges on a simple truth: has the individual proven that they are the true owner of this identity?
The payment ecosystem’s structural weaknesses create opportunities that sophisticated fraudsters readily exploit. Barbara Logoteta, head of regulatory compliance at Banking Circle, identifies critical blind spots: “These include fragmented data, i.e. many players in the market still rely on traditional identity proofs and databases and limited cross-border intelligence sharing, which hinders timely detection of AI-enabled threats across payment ecosystems.”
What makes synthetic fraud particularly dangerous is its patient nature. These fabricated identities often behave as model customers, methodically building credit histories and maintaining accounts in good standing for extended periods. This behaviour establishes legitimacy before executing what the industry terms a “bust-out”—defaulting on loans or maxing out credit before disappearing.
Addressing this deceptive patience, Logoteta explains the defensive approach required: “The key defence remains robust onboarding—fraud often succeeds because of weak checks at account creation. Additionally, introducing AI to simulate behavioural traits can help detect anomalies, and a tailored transaction monitoring program can stop fraud before bigger issues occur.”
UK payment institutions are responding with increasingly sophisticated detection methods, though adoption across the sector remains frustratingly uneven. A Frasers Group spokesperson says AI is enabling fraudsters to generate fabricated synthetic identities at scale, outpacing traditional fraud solutions. “Tools that analyse additional correlated metadata” can help flag high-risk transactions, they add, “as the synthetic data points can be tested against those that are real.”
However, this technological evolution faces significant implementation barriers. The same spokesperson warns: “The vulnerability in the eco-system is the slow rate of adoption of these new technologies.”
Logoteta adds that static, rules-based verification is no longer effective. “As AI-generated synthetic identities become more sophisticated, traditional verification methods are no longer sufficient. AI-driven detection tools and behavioural analytics are proving the most effective in detecting anomalies early.”
The regulatory landscape is shifting to address these emerging threats, though current frameworks struggle with synthetic fraud’s sophisticated methodologies. The Economic Crime and Corporate Transparency Act 2023 introduces a new ‘Failure to Prevent Fraud’ offence from September 2025, fundamentally changing institutional liability.
West says the new offence will force firms to show they have taken reasonable steps to prevent fraud: “In a world where attack vectors evolve daily, firms need the agility of a risk-based approach. With the UK’s new ‘Failure to Prevent Fraud’ offence, businesses must prove they’ve acted—flexible, riskbased systems not only meet regulatory expectations but also strengthen defences.”
By pooling intelligence, aligning verification standards, and sharing prevention outcomes, we can make fraud riskier and less profitable.
Justin Clements, director of public relations & media relations at Chargebacks911, says the new offence will force significant operational changes across the sector: Fraud prevention can no longer be treated as a “tick-box exercise”, he warns, with liability requiring proactive measures— particularly in chargeback management, where synthetic identities often slip through.
Clements adds that avoiding fines and penalties will demand stronger safeguards. He expects “an increase in multi-factor identity verification in transactions, tighter merchant onboarding for banks, and closer monitoring of dispute patterns,” making prevention a stakeholder-wide issue rather than just a compliance task tied to payment processing.
The international nature of payments creates additional vulnerabilities that synthetic fraudsters systematically exploit. Clements highlights this structural weakness: “Transactions are universal, but regulation is fragmented, and fraudsters thrive on fragmentation—different rules in different countries are opportunities for cyber criminals to exploit gaps.”
This fragmentation demands comprehensive defensive strategies that extend far beyond traditional onboarding procedures. As one UK Finance expert argues, “fraud detection can’t stop at the application stage. Many synthetic profiles behave like genuine customers for months or years before executing an attack.”
West says fragmented global regulations leave exploitable gaps for fraudsters, making public-private partnerships essential to prevention, as seen with Cifas. She adds that while new technologies are valuable, they must not bypass AML obligations. “Ultimately, fraud prevention hinges on a simple truth: has the individual proven that they are the true owner of this identity?”
The velocity of AI-enabled fraud presents particular operational challenges for UK institutions, demanding real-time responses to rapidly evolving threats. Clements explains the urgency: “AI-enabled fraud moves much, much faster than traditional fraud, and this means bigger impacts at higher rates for businesses of any size. Our role when working with regulators is to help create adaptable frameworks that address fraud at scale.”
Real-time intelligence becomes crucial in this accelerated environment. He says sharing real-time transaction and dispute data can help spot unusual behaviour and build living rule sets that evolve with emerging threats. “The goal is to create a living framework of rule sets—one that keeps pace with emerging threats instead of reacting after the damage is done,” he explains.
Cloud adds that firms are working with regulators and international bodies to push for policies that match the speed and sophistication of modern fraud.
Success in combating synthetic fraud demands unprecedented collaboration across the UK financial sector. Clements says public–private partnerships are essential, with intelligence sharing and aligned standards making fraud riskier and less profitable. “By pooling intelligence, aligning verification standards, and sharing prevention outcomes, we can make fraud riskier and less profitable,” he says.
A critical challenge involves maintaining balance between robust fraud prevention and seamless customer experience. Logoteta argues that institutions should not have to choose between instant payments and robust detection, calling for real-time checks, AI-driven tech, and behavioural analysis “to keep the industry safe and sustainable long-term.”
For UK payment providers, synthetic identity fraud is a critical new threat. With synthetic fraud contributing to the £1.17 billion stolen through fraud in 2024, according to UK Finance’s annual fraud report, the need for comprehensive countermeasures is urgent. The traditional model of spotting legitimate customers making illegitimate transactions has become inadequate against illegitimate identities carrying out seemingly legitimate activities. Success demands AI-powered detection tools, behavioural analytics, and verification processes extending far beyond traditional checks, supported by collaboration between financial institutions, regulators, technology providers, and law enforcement agencies
Full-blown synthetic identities, built from stolen data and AI visuals, are flooding platforms.
