Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Synthetic identity fraud in onboarding: what IAM teams need to fix


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Synthetic identity fraud combines stolen personal data with fabricated details, fake IDs and controlled phone numbers to bypass onboarding checks, then uses fraudulent accounts for credit, purchases and laundering, according to Transmit Security. Legacy validation alone is not enough because confidence now depends on layered proofing, data validation and decisioning.

NHIMG editorial — based on content published by Transmit Security: synthetic identity fraud, identity proofing and data validation

By the numbers:

Questions worth separating out

Q: How should security teams reduce synthetic identity fraud in customer onboarding?

A: Security teams should combine document proofing, data validation, device intelligence and reputation checks in a single onboarding policy.

Q: Why do basic validation checks fail against synthetic identities?

A: Basic checks fail because synthetic identities are built from enough real data to look credible while the attacker controls the missing pieces.

Q: When should organisations require document-based identity proofing?

A: Organisations should require document-based proofing when the business impact of a bad account is high, when KYC rules apply, or when validation results are mixed.

Practitioner guidance

What's in the full article

Transmit Security's full article covers the operational detail this post intentionally leaves for the source:

  • The layered onboarding flow that combines identity proofing with data validation for different risk thresholds.
  • The AI and machine learning methods used for document inspection, biometric matching and liveness detection.
  • The operational checks for name, address, email, phone number, DoB and SSN validation across source data.
  • The decisioning and orchestration approach for reconciling mixed or negative validation results.

👉 Read Transmit Security's analysis of synthetic identity fraud and onboarding controls →

Synthetic identity fraud in onboarding: what IAM teams need to fix?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Identity proofing alone does not solve synthetic identity fraud: The attack succeeds because a document can look legitimate while the surrounding identity is still fabricated. That means the governance problem is not simply whether an ID image is authentic, but whether the full identity profile is internally consistent across data, device and contact channels. Practitioners should treat proofing as one control in a broader trust decision, not as the trust decision itself.

A few things that frame the scale:

  • 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
  • Our research also shows: 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.

A question worth separating out:

Q: What should fraud teams do when identity validation sources disagree?

A: Fraud teams should not auto-approve or auto-reject solely on disagreement. They should use a decision layer that weighs the signals, applies policy by risk tier and routes unresolved cases to review. Discrepancies are often the strongest indicator that the identity is synthetic or partially controlled by the attacker.

👉 Read our full editorial: Synthetic identity fraud exposes the limits of legacy onboarding controls



   
ReplyQuote
Share: