Synthetic Identity Fraud in Insurance: How Fabricated Customers Slip Past Onboarding
Author
Vikas Chaurasia
Date Published

Synthetic identity fraud is the practice of assembling a fictitious person from a mix of real and fabricated data, then using that persona to buy policies, build a clean history, and eventually extract value the insurer never priced for. It's the fastest-growing financial crime category globally, and insurance has become one of its softest targets.
Unlike a stolen identity, there's no real victim to report the fraud, so the fabricated customer can sit inside a book for months before anyone notices.
For Indian insurers moving to digital-first distribution, this is an underwriting problem before it's a claims problem. A synthetic profile that clears onboarding is a mispriced risk that has already entered the portfolio. By the time it surfaces at claims, the loss is booked and the recovery odds are poor.
This matters more now because the IRDAI Insurance Fraud Monitoring Framework Guidelines, 2025 came into force on 1 April 2026, extending fraud accountability across insurers and their distribution channels. Synthetic identity sits squarely in the new "external fraud" category the framework introduced.
What is synthetic identity fraud?
A synthetic identity is a constructed persona. A fraudster takes a valid data point, often a real PAN or a leaked Aadhaar number, and stitches it to a fabricated name, address, date of birth, and contact details. The result passes a surface-level KYC check because the anchoring document is genuine, even though that ‘person’ doesn't exist.
Contrast this with conventional identity theft, where a criminal impersonates a real individual. There, the genuine person eventually notices the fraudulent activity and disputes it. With a synthetic identity, no one files a complaint because no one was directly wronged. This is why detection is harder and dwell time is longer.
Two variants show up in insurance books-
Manipulated synthetics use mostly real data with small alterations to dodge blocklists or mis-state risk.
Manufactured synthetics are built almost entirely from fabricated or leaked fragments, often at scale, by organised rings.
Why synthetic identities target insurers specifically
Insurance has structural features that fraudsters exploit. Onboarding is now instant and remote, so there's no branch visit, no physical document handling, and sometimes no human interaction in the loop. Verification frequently stops at document validation and doesn't test whether the assembled identity is internally coherent or behaves like a real customer.
More importantly, insurance rewards patience. A synthetic profile, holding a low-value policy, paying premiums on time, establishes a clean record. That history becomes the cover for a later inflated or fabricated claim to be processed easily, and in instances of life insurance, it ‘dies’, only for it to be replaced with another fake identity- reused across multiple insurers simultaneously.
From an operational standpoint, the damage is layered.
- There's direct claims leakage, the payout on a fraudulent claim.
- There's underwriting distortion, because the risk was priced for a person who doesn't exist.
- And there's adverse selection, where weak controls quietly attract the exact risk profile an insurer should be screening out.
How synthetic identity fraud works: the lifecycle
Synthetic fraud runs as a sequence, not a single event. Understanding the stages shows where controls actually bite.
- Data sourcing. Fraud rings acquire genuine anchors like a real PAN or Aadhaar number or an active mobile number from leaked KYC repositories and dark-web brokers.
In India, the more disturbing sourcing model is human: the Sambhal (Uttar Pradesh) racket harvested real identity documents of poor and terminally ill villagers, then built policies around them. That's not stolen data in the abstract; it's a deliberately selected anchor whose mortality profile makes the eventual claim faster and cleaner.
- Assembly. This genuine fragment is fused with some fabricated demographics into a new persona that is internally consistent and document-backed.
Generative tools have collapsed the cost and skill floor here: fabricated photo IDs, synthetic faces, and coherent supporting documents are now easy access, produced at volume. The assembled identity is not flagged because its anchor is real and passes standard verifications.
- Onboarding. The persona enters through a digital journey- where verification confirms only that the document is authentic and the face matches the ID.
Verification confirms document authenticity and face matching, but rarely establishes that all the data points belong to one genuine, unique individual.
- Incubation. The persona behaves impeccably- a modest policy, premiums paid on schedule, no anomalous activity, accruing a legitimate footprint over months.
In life cover, that incubation period in itself is the investment- manufacturing the clean history that will later make a fabricated death claim look ordinary. Globally, synthetic identities now account for an estimated 80–85% of life-insurance identity fraud.
- Monetisation. The identity is cashed with a fabricated death or disability claim, a coordinated bust-out across several insurers holding policies on the same synthetic, or resale as a "seasoned" identity commanding a premium for its aged footprint.
The defining feature is the absence of a victim: no real person disputes the claim, so the fraud surfaces only when an investigator asks for a body, a relative, or a source document that doesn't exist.
The control lies at steps 3 and 4. Stopping fraud at monetisation means the loss is already in the book. Catching it at onboarding, and monitoring behaviour through incubation, is where insurers preserve underwriting profitability.
Why traditional KYC misses it
Most onboarding stacks validate each data field in isolation. The PAN is real. The document isn't tampered. The face matches the ID. Each check passes, and the application clears, because nothing tests whether the fields belong together or whether this identity has appeared elsewhere.
Synthetic fraud lives in the connections between data points, not in any single one. A real PAN paired with an address that has hosted fourteen unrelated applicants, or a date of birth that contradicts the document's issuance history, only becomes visible when the signals are correlated.
This is the gap between document verification and identity assurance, the confidence that a verified document actually maps to a real, unique, coherent person. Closing it needs identity correlation across applications, device and network intelligence to spot repeat infrastructure, and behavioural analytics that flag profiles acting unlike genuine customers.
For insurers, this is where risk orchestration layers can significantly improve early detection, scoring identity, entity and behavioural signals together, rather than in isolation.
Red flags insurers should be scoring
Individually, these look minor. Correlated, they're a synthetic fraud signature.
- A single address, device, or phone number linked to multiple unrelated applications
- Mismatches between document metadata and application data (issuance dates, name formatting, demographic inconsistencies)
- A valid PAN or Aadhaar paired with a thin or nonexistent broader footprint
- Applications clustered in time from the same IP range or device fingerprint
- New profiles that immediately buy the minimum policy, then go quiet
- Contact details, disposable emails, recently activated numbers, with no history
Industry-specific implications
Life insurers carry the worst exposure, due to the nature of these high payout policies.
A synthetic identity holds a small policy, pays premiums for months, then just needs a single fabricated death or disability claim worth far more than the premiums collected. The Sambhal (Uttar Pradesh) case is a major domestic example: fake policyholders were built from harvesting identities of poor and terminally ill villagers, followed by forging death certificates and officials bought in by the scheme to fraud insurers of millions.
For Health insurers, the synthetic layer sits under an already-high fraud rate and inflates it.
Roughly 15% of Indian health claims carry some element of fraud, and medical costs on genuine cases already run 15–35% above fair value through upcoding and unbundling. A fabricated policyholder tied to a collusive hospital forms a closed loop, no real patient exists to dispute a claim they never made, so the standard detection trigger never fires.
Motor and general insurers see synthetic identities being used to stage accidents and premium fraud.
Roughly 80,000 fake vehicle policies were issued across India in 2022-23, and the CBI's July 2026 case exposed ₹4.30 crore siphoned through 411 motor claims using duplicate photographs and forged instruments. When the identity behind a policy is synthetic, there's no accountable party to pursue at recovery, which is why fabricated identities are the connective tissue of organised motor fraud rather than an incidental feature of it.
Distribution channels, now inside the IRDAI framework's (as of June 2026 consultations), see ghost customers issued through complicit or compromised intermediaries.
This is where synthetic identity stops being a fraud-team issue and becomes a governance one. A channel that pads its new business with fake policyholders is doing two kinds of damage at once- seeding future claims fraud, hitting loss ratios and inflating the growth numbers into leadership reports upward.
Best practices for insurers
- Move detection to onboarding: The single highest-leverage intervention is shifting fraud screening from claims to underwriting. A synthetic identity caught at onboarding only costs a rejected application. On the other hand, if caught at claims, it costs a payout + investigation.
- Correlate, don't just validate: Treat identity as a graph. Cross-check every application against internal and external signals for reuse of addresses, devices, contacts, and documents
- Score risk dynamically: Replace binary pass/fail KYC with a risk score that weights multiple weak signals into a composite, with thresholds that route high-risk applications to enhanced due diligence rather than blocking outright.
- Monitor through the lifecycle: Because synthetics incubate, one-time KYC isn't enough. Behavioural monitoring across the policy lifecycle catches profiles that pass onboarding but act abnormally later.
- Align controls to regulatory frameworks: Map detection logic to the 2025 red flag indicator requirement and ensure external fraud is captured in the taxonomy the regulator now expects.
Conclusion
Synthetic identity fraud is an underwriting failure that surfaces as a claims loss. The fabricated customer enters at onboarding, incubates quietly, and monetises later, by which point the risk is already priced wrong and booked. As generative tools lower the cost of manufacturing convincing identities and the IRDAI framework raises the bar on fraud governance, the insurers who move screening upstream will carry cleaner books.
Platforms that combine identity intelligence, correlation, and continuous monitoring are becoming foundational for risk teams operating at digital speed.
FAQs
What is synthetic identity fraud in insurance?
It's the use of a fabricated persona, built from a mix of real and fake data, to obtain policies and eventually extract fraudulent value. Because the identity doesn't correspond to a real person, there's no victim to report it, making it harder to detect than conventional identity theft.
How does synthetic identity fraud differ from identity theft?
Identity theft impersonates a real person who can later dispute the activity. Synthetic identity fraud creates a person who doesn't exist, so the fraud can remain hidden for months.
How do synthetic identities pass KYC checks?
They're anchored to a genuine document, a real PAN or Aadhaar number, so field-level validation passes. The fraud lives in the relationships between data points, which isolated checks don't test.
Why are insurers vulnerable to synthetic identity fraud?
Digital onboarding is instant and remote, verification often stops at document validation, and insurance rewards patient fraud, letting a synthetic profile incubate a clean record before monetising it.
How can insurers detect synthetic identity fraud?
By correlating identity, device, and behavioural signals across applications rather than validating fields in isolation, scoring risk dynamically, and monitoring behaviour across the policy lifecycle.

Introduction In an era where our lives are increasingly entwined with the digital realm, the specter of identity theft looms ever larger. The term “identity theft” encompasses a range of malicious activities, all rooted in the nefarious acquisition and exploitation of an individual’s personal information. This breach of privacy can result in dire consequences, including ... Read more

As the insurance sector in India continues to grow, so do instances of fraudulent activities. Insurance fraud impacts the industry