A synthetic identity is not a stolen identity — it is an invented one. It may use a real PAN number combined with a fabricated name and address, or a real Aadhaar number whose photograph has been replaced, or a completely manufactured identity that passes every individual KYC check in isolation but fails when its signals are cross-referenced. The Fraud Detection Agent AI was built to find the cross-reference failures that individual checks cannot catch.
Why synthetic identity is harder to catch than stolen identity
Stolen identity fraud has a victim: a real person whose credit file shows anomalous new activity, who receives communications about accounts they never opened, and whose complaints create a trail. This trail, combined with the mismatch between their real behaviour and the fraudster's behaviour, is detectable — if not always quickly.
Synthetic identity fraud has no victim in the same sense. The identity may not correspond to any living person, or it may be a thin-file ghost identity — built around a legitimate but dormant identity number that belongs to a person who has never engaged with formal credit. There is no victim who will call to complain. The fraud surfaces only when the institution tries to collect from an entity that does not exist at the address on record, or when portfolio-level analysis reveals that a cluster of accounts with similar characteristics all defaulted in the same repayment window.
Detection must therefore happen at origination — and it must look beyond any single identity document or verification check to the pattern of consistency across the entire identity package the applicant presents.
The 7 signals checked at onboarding — and why each matters
When was this identity first seen anywhere — and where?
A legitimate borrower's PAN, Aadhaar, and any prior financial activity leave a trail with a coherent vintage — a PAN issued in 2008 will have some financial footprint from the years since, even if only a bank account or an insurance policy. A synthetic identity constructed for fraud typically has a very short history between identity document creation and first credit application. The Fraud AI checks the gap between document issue date and first bureau inquiry date, the gap between bureau file creation and the current application, and whether any financial activity predates the first bureau entry (which it should for a genuine identity).
Flag: Identity document issued within 90 days of first credit application with no prior financial footprintHas this identity changed address more often than a real person does?
Synthetic identity builders frequently update the address on record to use addresses that have not yet been flagged in fraud databases — creating an address history that shows more changes over a shorter period than any real person's housing pattern would. The Fraud AI cross-references Aadhaar address history (where available via DigiLocker update logs), CKYC address history, and the addresses appearing across any bureau entries — and computes a velocity score. Three or more distinct addresses in 18 months with no employment change or major life event explaining the moves is a synthetic identity signal.
Flag: 3+ address changes in 18 months with no supporting life event signalIs this a phone number that was registered recently, or ported multiple times?
Fraudsters use phone numbers that are recently registered, recently ported to a new carrier, or associated with SIM-swap activity — because a new number reduces the risk of prior fraud linkage. The Fraud AI checks the telecom registration date of the phone number provided, the number of carrier ports in the past 12 months, and whether the number has appeared on previous applications at this or other institutions (via consortium data). A phone number registered less than 30 days before application, or ported more than twice in 12 months, is a synthetic identity risk indicator — particularly when combined with other signals.
Flag: Phone registered <30 days ago OR 2+ carrier ports in 12 months AND appears on no prior financial recordDoes the stated income have any corroborating digital signal?
A synthetic identity borrower claims an income that cannot be corroborated because there is no underlying economic activity. The Fraud AI checks: Is there GST registration consistent with the stated business income? Is there EPFO contribution history consistent with the claimed employment? Do UPI transaction patterns (via Account Aggregator, where consented) show cash flows consistent with the stated income level? A ₹12 lakh annual income claim with no EPFO record, no GST registration, no UPI inflows above ₹15,000 in the prior 12 months, and a bank account opened less than 6 months ago is a synthetic identity red flag cluster.
Flag: Claimed income above ₹8L with zero EPFO/GST footprint and bank account age <6 monthsIs this email address associated with a real person's digital life?
Sophisticated synthetic identity fraud kits include purpose-created email addresses — often using recently registered domains, or free email services with account creation dates that match the identity construction timeline rather than any natural personal history. The Fraud AI checks the age of the email domain (if custom), the account creation date metadata where accessible, whether the email has appeared in any prior financial application (consortium data), and whether the email naming convention matches the applicant's stated name in a natural way. An email like priya.sharma1984@gmail.com created 45 days ago for a borrower claiming a 10-year employment history is inconsistent.
Flag: Email account created within 60 days of application AND no prior financial record linked to this addressDoes the bureau file tell a story consistent with the borrower's age and stated history?
A genuine 38-year-old self-employed professional with 10 years of business history should have some bureau footprint — even if only a savings account, a credit card, or a prior small loan — that predates the current application by years. A synthetic identity, even one with a legitimate PAN, typically has a bureau file that was created recently and has an unusually sparse history relative to the applicant's stated age and financial profile. The Fraud AI computes an expected bureau richness score based on applicant age, stated occupation, and stated income — and flags the delta between expected and actual bureau history as a synthetic identity indicator.
Flag: Bureau file age <18 months for applicant claiming 5+ years of financial activityDoes any element of this identity appear on another application — at this institution or across the consortium?
Synthetic identity fraud rings often reuse elements across multiple manufactured identities — the same phone number across different PAN numbers, the same address across different names, the same device submitting applications for multiple identities, or the same bank account number linked to multiple applicants. The Fraud AI checks every identity element (PAN, Aadhaar, phone, email, bank account, device ID, IP address) against the consortium database of prior applications — flagging any shared element that appears across two or more identities as a fraud ring indicator requiring immediate escalation, regardless of whether any individual identity element fails its own standalone check.
Flag: Any shared element across 2+ identities in consortium — immediate fraud ring escalationThe 7-signal combined score: how the Fraud AI makes its determination
No single signal is a definitive synthetic identity indicator. A recently registered phone number may belong to a genuine borrower who just changed carriers. A thin bureau file may belong to a first-time borrower at 23 years old. The Fraud Detection Agent AI scores each signal independently, weights them by their individual predictive value for synthetic identity (validated against confirmed fraud cases in the institution's historical data), and produces a combined synthetic identity risk score. Applications above a defined threshold are held for fraud team review — not automatically rejected, because false positives carry their own cost.
The signal that catches synthetic identity is almost never a single check failing — it is the pattern across checks
Every individual element of a well-constructed synthetic identity is designed to pass its own verification. The PAN is real. The Aadhaar biometric matches the photograph. The bank statement shows transactions. Each check, in isolation, returns a pass. What the Fraud Detection Agent AI looks for is the coherence failure that occurs across checks simultaneously — the identity that has a 2-month-old phone number, a 4-month-old bank account, a bureau file opened 6 months ago, and an address that has changed twice in the past year. Each fact is explainable. The combination is not.