Insurance Fraud · · 8 min read

Synthetic Identity Fraud in Insurance: Detection and Prevention

How synthetic identities created with AI and deepfakes threaten insurance underwriting and claims. Detection strategies and prevention for insurers.

Synthetic identity fraud — where criminals combine real and fabricated personal data to create entirely fictitious identities — is the fastest-growing type of financial crime in the United States, according to the Federal Reserve. While the banking sector has been the primary target, insurance is increasingly in the crosshairs.

The Federal Reserve estimated that synthetic identity fraud cost US lenders US$6 billion in a single year, with the average charge-off around US$15,000. As Thomson Reuters has documented, this form of fraud is particularly dangerous because there’s often no real victim in the traditional sense — no individual to notice unusual activity and report it.

Generative AI has supercharged this threat. Creating a convincing synthetic identity once required skill and effort. Now, AI tools can generate realistic face photos, forge identity documents, clone voices, and fabricate supporting documentation in minutes.

What Is Synthetic Identity Fraud?

Traditional identity theft steals a real person’s complete identity. Synthetic identity fraud is different — it creates a new identity that never existed, often by combining:

  • A real Social Security number (frequently belonging to a child, elderly person, or deceased individual — people unlikely to monitor their credit)
  • A fabricated name and date of birth
  • AI-generated identity photos — deepfake face images that don’t correspond to any real person
  • Fabricated supporting documents — AI-generated utility bills, bank statements, employment records
  • A cloned or synthetic voice — for phone-based identity verification

This combination — sometimes called “Frankenstein fraud” — creates an identity that can pass many traditional verification checks. The SSN is real (so it validates against databases), but the person attached to it doesn’t exist.

How Synthetic Identities Attack Insurance

Policy Procurement Fraud

Synthetic identities are used to purchase insurance policies that will later be used fraudulently:

  • Auto insurance — a synthetic identity obtains a policy on a vehicle that will be involved in a staged or fabricated accident claim
  • Health insurance — a fake identity enrols in a health plan, then submits fraudulent medical claims for treatments that never occurred
  • Life insurance — a synthetic identity takes out a policy, then fakes their own death using fabricated documentation (death certificates, medical records, obituaries)
  • Workers’ compensation — a fabricated employee identity is used to file workers’ comp claims for injuries that never happened

The Long Game

What makes synthetic identity fraud particularly dangerous is the patience involved. As Thomson Reuters notes, fraudsters often build their synthetic identities over months or years, maintaining accounts in good standing to establish credibility. They may:

  1. Create the synthetic identity
  2. Open bank accounts and build a credit history
  3. Obtain insurance policies and maintain them with premium payments
  4. After months of “good behavior,” execute the fraud — filing large claims or staging losses
  5. Disappear, leaving the insurer with no real person to pursue

This slow-burn approach makes detection extremely difficult using traditional methods, which rely on identifying suspicious behavior at the point of transaction.

The AI Accelerant

Generative AI has dramatically lowered the barriers to creating convincing synthetic identities:

AI-generated faces. Tools based on generative adversarial networks (GANs) and diffusion models can produce photorealistic face images of people who don’t exist. These images can be used for identity documents, social media profiles, and video-based identity verification. The technology is freely available and requires no technical expertise.

Document forgery. Large language models generate convincing text for supporting documents, while image generation tools create realistic letterheads, stamps, and formatting. A complete identity package — driver’s license, utility bill, bank statement, employment letter — can be fabricated in hours.

Voice cloning. As documented in Pindrop’s 2025 Voice Intelligence and Security Report, an estimated US$12.5 billion was lost to fraud across contact centers in 2024, with synthetic voices and deepfakes overwhelming legacy defenses. Voice cloning from as little as a few seconds of sample audio means phone-based identity verification is no longer reliable without AI detection.

Deepfake video. For insurers requiring video-based identity verification (increasingly common for high-value policies), real-time face synthesis can defeat liveness checks that simply ask the applicant to blink, turn their head, or say a phrase.

Sumsub’s 2024 Identity Fraud Report confirmed this acceleration: global identity fraud rates more than doubled between 2021 and 2024, rising to 2.50% of all verifications, with AI-generated attacks identified as the primary driver across financial services including insurance.

Why Traditional Detection Fails

Database Checks

Traditional identity verification checks the provided SSN against databases. With synthetic identity fraud, the SSN is real — it validates. The name and date of birth are fabricated, but there’s no “correct” name in the database to contradict them (especially when using children’s or deceased persons’ SSNs).

Document Verification

Visual inspection of identity documents can catch crude forgeries but fails against AI-generated documents with correct formatting, realistic photos, and appropriate institutional details. Even automated document verification systems that check for specific security features can be defeated by high-quality AI forgeries.

Knowledge-Based Authentication

Questions like “What street did you grow up on?” or “What was your first car?” are answered using fabricated but internally consistent histories. Criminals creating synthetic identities often prepare comprehensive backstories.

Phone Verification

If the fraudster controls a phone number associated with the synthetic identity (easily obtained through prepaid SIMs or VoIP services), phone-based verification confirms the “identity.” Voice biometric checks are defeated by voice cloning.

Detection Strategies That Work

Combating synthetic identity fraud requires a multi-layered approach that addresses both the identity verification stage and the claims evidence stage.

AI-Powered Biometric Analysis

Face authentication with deepfake detection. Rather than simply checking whether a face matches an ID photo, advanced systems analyze the face image itself for signs of AI generation. This includes detecting GAN and diffusion model artifacts, checking for physical consistency (lighting, reflections in eyes, skin texture), and verifying that the face belongs to a real photograph rather than a generated image.

Liveness detection with injection prevention. Advanced liveness checks go beyond asking users to blink or turn their heads (which deepfakes can replicate). They analyze device-level signals to ensure the video feed is coming from a real camera on a real device, not a virtual camera presenting pre-recorded or generated footage.

Voice analysis. AI-powered voice authentication can distinguish between natural human speech and synthetic or cloned voices by analyzing micro-characteristics that voice cloning tools don’t replicate perfectly — subtle variations in pitch, cadence, breathing patterns, and spectral properties.

Cross-Signal Verification

Device intelligence. Analyze the device used for identity verification: Is it a real physical device or an emulator? Has the same device been used to create other identities? Does the device’s location match the claimed address? Device fingerprinting adds a layer of verification that’s harder to fake than documents.

Behavioral analysis. How someone interacts with an application form — typing speed, navigation patterns, hesitation on certain fields, copy-paste behavior — can distinguish a real person filling in their own information from a fraudster entering fabricated details from a script.

Network analysis. Map relationships between identities, devices, phone numbers, email addresses, and bank accounts. Synthetic identities often share infrastructure — the same device used to create multiple identities, phone numbers from the same VoIP provider, bank accounts at the same institution.

Claims Evidence Verification

Even if a synthetic identity successfully passes underwriting verification, the claims stage provides a second opportunity for detection:

Media forensics. When the synthetic identity files a claim, any submitted photos, videos, or documents can be analyzed for AI generation or manipulation. A fraudster who created an identity with AI-generated photos is likely to also use AI-generated evidence for their claim.

Document authentication. Medical records, police reports, repair estimates, and other supporting documents submitted with claims can be checked for AI generation signatures, formatting inconsistencies, and institutional authenticity.

Cross-claim analysis. Even well-constructed synthetic identities often reuse elements — the same repair shop, medical provider, or legal representative appears across multiple synthetic identities controlled by the same fraud ring.

Building a Defense Program

Underwriting Stage

  1. Implement AI-powered identity verification that includes deepfake detection on submitted photos and documents — not just database checks
  2. Deploy liveness verification with injection prevention for high-value policies
  3. Add device intelligence to flag emulators, virtual machines, and devices associated with multiple applications
  4. Cross-reference identity elements — check whether the SSN, name, date of birth, and address have a consistent history, or whether the identity appeared recently with no prior footprint

Claims Stage

  1. Analyze all submitted media for AI generation and manipulation before processing
  2. Verify documents with issuing institutions — don’t rely solely on document appearance
  3. Monitor for cross-claim patterns — the same evidence, providers, or devices appearing across multiple claimants
  4. Flag recent-vintage policies filing significant claims — the “long game” still typically involves claims within the first 1-2 years of policy inception

Organisational

  1. Share intelligence with industry bodies like the NICB and the Coalition Against Insurance Fraud — synthetic identity rings often target multiple insurers simultaneously
  2. Train underwriting and claims staff on synthetic identity indicators
  3. Update verification requirements as AI capabilities evolve — today’s sufficient check may be tomorrow’s inadequate one

The Scale of the Threat

Synthetic identity fraud is not a niche problem. The Federal Reserve identified it as the fastest-growing financial crime in the US. The Coalition Against Insurance Fraud reports that insurance fraud already costs US$308.6 billion annually — and synthetic identities are an increasingly significant contributor to that total.

The combination of freely available AI tools, enormous volumes of stolen personal data from breaches, and digital-first insurance processes creates ideal conditions for synthetic identity fraud to scale rapidly in the insurance sector.

Insurers that implement multi-layered detection now — combining AI-powered identity verification at underwriting with media forensics at claims — will be best positioned to defend against this evolving threat. Those relying solely on traditional database checks and document review are increasingly exposed.

deetech’s platform detects AI-generated and manipulated media across the insurance lifecycle — from identity verification at underwriting to evidence analysis at claims. Our forensic detection identifies deepfake photos, forged documents, and synthetic media with production-grade accuracy. Request a demo.

Sources cited in this article: