All
Announcement
Events
Insights
Product News

Synthetic Identity Fraud Detection: How Cross-Account Analysis Exposes Fabricated Profiles

The Operational Challenge: One Account Looks Clean, the Network Does Not

A new user signs up with a valid-looking ID document, a clear selfie, a new phone number, and a clean device session. OCR is readable. Liveness passes. The selfie matches the ID portrait. The account is approved.

Days later, another account appears with a different name, document number, phone number, and email address. The face looks similar, but not identical. The device has changed. The account passes again.

This is why synthetic identity fraud detection is difficult. Fabricated profiles are built to pass single-account checks. The fraud signal often appears only when accounts are compared against each other.

In Southeast Asia, the challenge is sharper. Digital banks, e-wallets, lending platforms, gaming apps, and super apps onboard users across different ID formats, Android device tiers, network conditions, and regulatory frameworks.

The Federal Reserve defines synthetic identity fraud as the use of combined personally identifiable information to fabricate a person or entity for dishonest gain. The implication is clear: identity verification cannot stop at one applicant. It must evaluate relationships across accounts.

Under the Hood: Why Traditional KYC Misses Fabricated Profiles

Most onboarding systems are built around a stateless decision flow. A mobile client captures an ID document and selfie, then sends a JSON payload through REST or gRPC to the backend. The risk engine evaluates OCR fields, face match score, liveness result, device fingerprint, IP address, and session metadata. It returns approve, review, or reject.

That architecture works for basic fraud. It fails when the synthetic profile looks clean at the individual level.

The missing layer is cross-account memory. If face embeddings, device fingerprints, document metadata, phone hashes, email hashes, and behavioral signals are not indexed for later comparison, the platform cannot identify identity reuse over time.

Synthetic fraud is therefore a graph problem. The question is not only “Does this user pass KYC?” It is also “Has this face, device, document pattern, or session behavior appeared elsewhere under another identity?”

Step-by-Step Workflow for Cross-Account Detection

Step 1: Normalize Identity Signals During Ingestion

Convert onboarding data into structured, searchable attributes: account ID, document country and type, OCR name, date of birth, hashed document number, face embedding ID, device fingerprint hash, phone and email hash, IP ASN, geo-region, liveness result, face match score, and session timestamp.

Avoid storing unnecessary raw PII where hashed, tokenized, or encrypted attributes are sufficient. FATF’s Guidance on Digital Identity is a useful reference for customer due diligence.

Step 2: Add 1:N Face Search, Not Only 1:1 Face Matching

1:1 face matching asks whether this selfie matches this ID portrait.

1:N face search asks whether this face has appeared before under another account.

That distinction matters. A synthetic fraud ring may reuse the same face with different names, IDs, emails, and phone numbers. Without 1:N search, the platform may approve each account separately.

For scalable deployment, convert detected faces into embeddings and index them in a vector search layer. Approximate nearest neighbor retrieval can return candidate matches quickly, while a more precise comparison model re-ranks results before risk scoring.

Log model version, similarity score, threshold, candidate match count, and review outcome for auditability.

Step 3: Build a Cross-Account Risk Graph

Do not block users based on face similarity alone. Combine biometric, device, document, and behavioral signals into a graph-based view.

Signal TypeWhat It DetectsBest Used ForRisk Consideration
Face 1:N SearchSame or similar face across accountsSynthetic profile clusters and repeated onboarding attemptsNeeds threshold tuning and review for borderline matches
Device FingerprintShared device, emulator, VM, or reset patternMulti-account abuse and scripted account creationDevice sharing can be normal in some markets
Document MetadataReused templates, edited portraits, or recaptured documentsDocument manipulation and fabricated profilesCompression may reduce image quality
Behavioral SignalsRepeated typing, swiping, retry, or session patternsBot-assisted onboarding and organized fraud ringsBest used with stronger identity signals

The goal is to detect clusters. One weak link may be harmless. Multiple links across the same account group should increase risk.

Step 4: Apply Risk-Based Decisions

Cross-account analysis should not create a binary approval model. Use tiered actions: approve and monitor low-risk users, request step-up verification for medium risk, route high-risk users to manual review, and block or freeze critical-risk actions.

This reduces false positives while still escalating suspicious identity networks.

Regional Context: Why Southeast Asia Needs This Layer

First, onboarding is mobile-first. Users may submit images from low-end Android devices, compressed cameras, unstable networks, and poor lighting. Fraud systems must handle quality variation without rejecting too many legitimate users.

Second, ID documents differ across Indonesia, the Philippines, Thailand, Vietnam, Malaysia, and Singapore. Each market has different formats, data fields, capture quality, and verification practices.

Third, regulatory expectations are rising. Bank Negara Malaysia’s Electronic Know-Your-Customer policy document outlines e-KYC requirements for financial institutions. The Bangko Sentral ng Pilipinas’ Circular No. 1170 covers customer due diligence and digital identity systems.

The takeaway: single-session KYC is necessary, but not sufficient. Platforms need a persistent identity layer that can recognize fraud patterns across users, sessions, and time.

How Face++ Supports Cross-Account Identity Analysis

Face++ supports face detection, face comparison, and face search capabilities for onboarding, account recovery, login risk control, and fraud investigation workflows.

For synthetic identity fraud detection, the key capability is connecting 1:1 verification with 1:N identity search. The platform can verify whether a user matches the submitted ID portrait, then help determine whether the same face appears elsewhere in the customer base.

A typical architecture includes client-side image quality control, server-side feature extraction, 1:1 ID-to-selfie verification, 1:N search against enrolled or risk-labeled profiles, cross-signal risk scoring, and API integration with KYC, fraud, and case management systems.

For low-bandwidth environments, image quality checks can reduce unnecessary retries. For high-volume platforms, asynchronous search and batch graph analysis can reduce synchronous onboarding latency.

Technical CTA

If your onboarding flow already uses OCR, liveness detection, and 1:1 face matching, the next maturity step is cross-account identity analysis.

Review whether your current architecture can identify the same face under another identity, connect accounts by device or document signals, route risky clusters to review, and log model scores and thresholds for audit.

Schedule a technical deep-dive with the Face++ team or review your API architecture for 1:N face search and graph-based risk scoring readiness.

FAQ

What is synthetic identity fraud?

Synthetic identity fraud uses a mix of real and fabricated information to create a profile that does not fully belong to a real person.

Why is 1:1 face matching not enough?

It checks one selfie against one ID portrait, but does not detect whether the same face appears across multiple accounts.

What is cross-account analysis?

It compares identity signals across users to find hidden links, such as shared faces, devices, documents, or session patterns.

Does this increase false positives?

Not if deployed with risk-based decisioning. Borderline matches should trigger review or step-up verification.

Is this suitable for mobile-first markets?

Yes. With image quality checks, efficient payload design, and asynchronous search, it can work in low-bandwidth environments.

Related Articles
Face++
2026-07-10 08:43
Passive Liveness Detection: How to Reduce Friction in Digital Onboarding
Synthetic Identity Fraud Detection: How Cross-Account Analysis Exposes Fabricated Profiles What Is Passive Liveness Detection? Why Onboarding Friction Matters How Passive Liveness Detection Works Facial Texture Analysis Lighting and Reflection Analysis Depth and Structural Signals Motion and Temporal Analysis Attack Pattern Detection Reducing Friction During Digital Onboarding Fewer User Instructions Faster Verification Better Mobile Experience […]
Face++
2026-07-08 09:08
Event-Driven KYC Reverification: When Should Digital Businesses Recheck Customer Identity?
Synthetic Identity Fraud Detection: How Cross-Account Analysis Exposes Fabricated Profiles What Is Event-Driven KYC Reverification? Why Periodic KYC Reviews Are Not Enough Key Events That Should Trigger KYC Reverification 1. Account Recovery or Credential Reset 2. New Device, Location, or Session Risk 3. Sensitive Account Information Changes 4. High-Risk Transactions or Withdrawal Behavior 5. Dormant […]
Face++
2026-07-06 17:56
Identity Verification Against Account Takeover: How Face Verification Protects High-Risk Logins
Synthetic Identity Fraud Detection: How Cross-Account Analysis Exposes Fabricated Profiles Why High-Risk Logins Need Stronger Verification How Face Verification Protects the Login Journey The Role of Liveness Detection Where Face Verification Fits in Account Takeover Defense High-Value Use Cases for Face Verification Reducing Fraud Without Increasing Unnecessary Friction Compliance and Trust Considerations Building a Stronger […]