How to Stop Synthetic Identity Fraud With Liveness
Discover how fraudsters build fake people from stolen data and how passive liveness verification blocks synthetic identity fraud during digital onboarding.

The traditional model of digital onboarding assumes that if the submitted data checks out, the person behind the screen is real. This assumption is breaking down under the weight of sophisticated credential fabrication, making synthetic identity fraud prevention a critical priority for enterprise security teams. When threat actors stitch together legitimate data points, such as dormant Social Security numbers, with fabricated names and addresses, they create an entirely new persona capable of bypassing standard database checks. Because there is no immediate victim to report a stolen identity, these fake personas can incubate for months or years, slowly building credit before maximizing limits and abandoning the accounts. Stopping this cycle requires a fundamental shift in how organizations verify users at the exact moment of account origination, moving beyond data matching to definitive proof of human presence.
"U.S. lenders faced over $3.3 billion in exposure from synthetic identities tied to new accounts through 2024, demonstrating that database-centric verification models are no longer sufficient to stop the creation of fabricated personas." - TransUnion Research, 2024
The mechanics of synthetic identity fraud prevention
To establish an effective defense against fake identity onboarding, organizations must first understand how these profiles are constructed and why they succeed against legacy defenses. The anatomy of a synthetic identity typically begins with stolen data fraud. Threat actors acquire legitimate but unmonitored identifiers - often belonging to children, the elderly, or unbanked individuals - from dark web marketplaces.
They combine this legitimate anchor data with a fictitious name, date of birth, and mailing address. When the fraudster applies for credit or opens an account using this fabricated identity, the initial application is usually rejected because there is no existing credit file. However, the very act of applying forces the credit bureaus to create a new file for the synthetic entity. The identity now legally exists in the financial system.
From this point, the fraudster engages in continuous new account fraud across multiple platforms. They might open low-risk accounts, apply for secured credit cards, or add the synthetic identity as an authorized user on an existing account. Over time, the synthetic profile builds a legitimate-looking credit history. The culmination of this process is the "bust-out," where the fraudster maxes out all available credit lines and disappears, leaving institutions to chase a ghost.
Standard identity verification fails here because it relies on checking the provided data against the newly established credit file. The data matches perfectly. The only way to break this cycle is to introduce a physical anchor during the onboarding process: a biometric liveness check that proves a real, living human is claiming the identity.
| Verification Method | Data Dependency | Resistance to Stolen Data Fraud | Friction Level | Vulnerability Level |
|---|---|---|---|---|
| Database PII Checks | High | Low | Low | High |
| Manual Document Review | Medium | Moderate | High | Moderate |
| Active Biometrics (Movement) | Low | Moderate | High | Moderate |
| Passive Biometric Liveness | Low | High | Low | Low |
Integrating passive liveness detection disrupts the synthetic identity cycle in several critical ways:
- Binds the digital data to a physically present human at the exact point of origin.
- Prevents the use of AI-generated headshots, masks, or deepfakes during the verification process.
- Analyzes subsurface skin characteristics and micro-movements without requiring user action.
- Blocks presentation attack detection vectors like printed photos, screen replays, and video injections.
- Deters fraudsters who operate at scale, as they cannot mathematically simulate a unique human physiological response for thousands of synthetic profiles.
Industry applications for stopping fake identity onboarding
Financial services and banking
In the banking sector, new account fraud driven by synthetic identities is a massive vulnerability. Fraudsters target high-yield savings accounts, auto loans, and unsecured credit cards. By implementing passive liveness detection, financial institutions can mandate that the person opening the account physically presents themselves to the device camera. Because fraudsters manage hundreds of synthetic profiles simultaneously, they cannot bind their own face to all of them without triggering velocity checks and cross-matching alerts within the bank's fraud prevention systems.
Identity platform providers
Electronic Know Your Customer (eKYC) platforms and identity infrastructure providers carry the burden of securing the onboarding layer for their downstream clients. As these platforms evolve, they are moving away from manual review queues and active challenge-response biometrics that ask users to smile or turn their heads. Instead, they are integrating passive liveness technology that evaluates blood flow and skin texture invisibly. This provides a high-assurance biometric liveness check that scales across multi-cloud environments without adding friction for legitimate users.
Government ID verification technology
Public agencies face unique challenges when modernizing their digital portals. The distribution of government benefits, tax refunds, and unemployment claims has become a prime target for synthetic identities. Government ID verification technology must balance rigorous security with broad accessibility. Passive liveness offers a solution by verifying the applicant's physical presence without requiring complex instructions that could exclude users with cognitive disabilities or older devices, ensuring equitable access while blocking automated fraud rings.
Current research and evidence
The escalation of this threat vector is heavily documented by financial and security researchers. The Federal Reserve Bank of Boston reported in 2024 that the proliferation of generative AI is significantly ramping up the threat of synthetic identity fraud. AI tools allow threat actors to automate the creation of realistic identification documents, generate consistent facial images for synthetic profiles, and produce deepfake audio and video to bypass manual review processes.
Similarly, Experian tracked a 60% increase in false identity cases in 2024 compared to the previous year, noting that these fabricated personas now account for nearly a third of all identity fraud cases. The research indicates that as traditional fraud methods like simple account takeover encounter stronger defenses, criminal networks are shifting their resources toward building synthetic portfolios from scratch.
This data highlights a critical failure point: if a system only verifies the logical consistency of an identity, AI can bypass it. The defense must shift to verifying the physiological reality of the applicant. Presentation attack detection (PAD) algorithms trained on the latest deepfake artifacts and injection methods are becoming the primary barrier against AI-generated fraud.
The future of synthetic identity fraud prevention
As synthetic identities become mathematically indistinguishable from real people on paper, the future of fraud prevention lies entirely in the physical realm. The next generation of defense relies on continuous authentication and advanced passive biometrics, such as remote photoplethysmography (rPPG).
rPPG technology turns a standard smartphone or webcam into a biometric sensor capable of detecting the human heartbeat. By analyzing the micro-color changes in human skin caused by cardiac cycles - changes invisible to the naked eye - rPPG can definitively confirm the presence of a living human. A printed photo, a 3D mask, or a digitally injected deepfake video does not have a pulse. When a fraudster attempts to use a generated face to onboard a synthetic identity, the rPPG analysis will fail to detect a valid cardiovascular signal, immediately flagging the session as a presentation attack.
Security architectures are also moving toward Zero-Trust models for identity verification. In a perimeter-less environment, enterprise systems assume that any submitted data is potentially compromised. Trust is only established momentarily, based on a cryptographic and biometric binding of the user to their device. Passive liveness serves as the anchor for this trust, ensuring that a stolen Social Security number cannot be weaponized without the real human it supposedly belongs to.
Frequently asked questions
What is the difference between synthetic identity fraud and traditional identity theft?
Traditional identity theft involves a fraudster stealing an entire identity from a specific victim and using it to access existing accounts or open new ones. There is a clear victim who will eventually notice the fraud. Synthetic identity fraud involves combining real and fake data to create a completely new, fictitious persona. Because there is no direct victim monitoring the credit file, synthetic fraud can go undetected for years.
How does a biometric liveness check prevent new account fraud?
A biometric liveness check requires the applicant to present their face to a camera during the onboarding process. The technology analyzes the video feed to confirm that the face belongs to a living, physically present human, rather than a printed photo, mask, or digital deepfake. This prevents fraudsters from using AI-generated faces or stolen imagery to associate a physical appearance with their synthetic identities.
Can deepfakes bypass standard presentation attack detection?
Basic presentation attack detection systems that rely on 2D image analysis can sometimes be fooled by high-quality deepfakes or virtual camera injections. However, advanced passive liveness detection systems analyze three-dimensional depth, skin texture, light reflection, and physiological signals like blood flow. Deepfakes cannot replicate these complex biological markers, making advanced liveness highly effective at blocking AI-generated spoofing attempts.
What makes passive liveness detection different from active liveness?
Active liveness requires the user to perform specific actions, such as blinking, smiling, or turning their head, to prove they are real. This adds friction to the onboarding process and can often be bypassed by sophisticated video replay attacks. Passive liveness operates invisibly in the background, analyzing the user's face during a natural, stationary glance at the camera. It relies on advanced physiological analysis rather than simple motion detection, providing higher security with less user friction.
As synthetic identity fraud prevention becomes a non-negotiable requirement for enterprise security architectures, organizations need technology that definitively separates humans from fabricated profiles. Circadify is actively addressing this space with solutions designed to stop automated attacks and deepfake injections at the edge. To learn how passive liveness detection can secure your onboarding flows against synthetic identities, review the technical documentation and integration guide at circadify.com/solutions/fraud-detection.
