Follow Us! ThumbsUp 20 3997 6090
Identity Theft in Banking: What You Need to Know

Identity theft is on the rise. Just in the US, criminals stole the identities of 15 million individuals in 2021 and used them for fraudulent schemes that affected 40 million Americans.

Today, let’s look at how identity theft impacts banking institutions – and especially online neobanks and challenger banks.

Why Is Identity Theft a Problem for Banking?

Identity theft happens in numerous ways but the goal is always the same: to leverage real people’s data for nefarious deeds.

Fraudsters and criminals who rely on stolen identities can then target banks in the following ways, for instance:

  • opening bank accounts under someone else’s name
  • taking out credit loans that they have no interest in repaying
  • laundering money without linking transactions to their real-life identities

While flagging fake IDs is a key part of the KYC process, it becomes a lot more challenging when you’re dealing with a real person who is unaware their data has been stolen. 

This is especially true if the fraudsters are sophisticated enough to create a digital footprint that matches the person’s ID or to create a synthetic ID profile – a core strategy deployed when fraudsters open bank accounts.


The identity theft that fuels synthetic IDs comes from standard cybersecurity failures, such as data breaches, phishing, or fake job ads. However, there is also a growing market for “rent-an-ID” services, which see desperate punters sell their identities in exchange for a quick payment. 

In short, bank account fraudsters have no shortage of options when it comes to identity theft. And this makes it harder for banking institutions to separate criminals from legitimate users – especially if they want to acquire more customers online with as little friction as possible.


How Do You Detect Identity Theft in Banking?

In banking, like in any other industry, detecting stolen identities starts at the onboarding stage. In short, SEON can function as a frictionless pre-KYC filter to instantly assess the kind of customer you’re dealing with and raise any red flags.

While the traditional KYC process can help you flag suspicious IDs using identity verification software or document validation checks, there’s a lot of benefit to sourcing alternative data at pre-KYC stage.

This is the best time to find out the following, which the system investigates without introducing any friction to the customer’s journey:

  • Is the user connecting with a suspicious configuration (emulator, VPN, Tor, etc.)?
  • Are they employing suspicious tools commonly used by fraudsters (eSIM cards, disposable email address domains, etc.)?
  • Do they have an online presence (social media profiles, accounts on popular platforms, subscriptions)?

Equipped with the answers to these questions, you can block obvious fraudsters right away. Not only will this help you keep your fintech organization free from fraud, but it can also save you money and time wasted on fully-fledged KYC verification and compliance checks for those who would never pass them.

Think of the score resulting from such a pre-KYC check as a traffic-lights system, allowing you to funnel customers who are confirmed to be legitimate through just the minimum (light) KYC checks required by law – keeping them happy and satisfied.

Meanwhile, those customers deemed to be suspicious but not certainly bad actors can go through a heavy KYC process that scrutinizes their identity very closely, so that you are ultimately only onboarding real people, without any false positive rejections.

Stop ID Fraud for Good

Partner with SEON to reduce fraud rates in your business without friction – with real-time data enrichment and advanced APIs.

Book a Demo

Top 3 Custom Rules to Detect Stolen IDs in Banking

Let’s now look at three examples of risk rules where you can leverage that alternative data to spot suspicious users before they create an account with your bank or neobank. 

#1: User Has No Social Media Profiles

At the time of digital onboarding, every customer will provide a phone number or email address. Good news for risk managers: This can be enough to identify suspicious applications that most certainly point to a fraudster.

Using these to check 50+ social signals, you can quickly get an idea of whether that person has an online presence or not thanks to the comprehensive profiles created by data enrichment.

ID thieves might have a name, address and in some cases PII, but they will rarely have the full set of data related to the person. A phone number and email address is easy enough to falsify, but it is incredibly hard to make them link back to the real person’s digital footprint.

For example, it is easy to sign up for a new email handle that uses the victim’s full name but incredibly difficult to convincingly recreate that email account’s online presence on social media, web platforms, apps etc.

#2: The IP Lookup Returns Suspicious Data

An IP address check is one of the oldest tricks in the risk manager’s book, but over the years the technology has evolved to the point where you can pretty much profile users based on their connection details.

You may learn whether they are where they say they are, if their address points to the middle of nowhere or a commercial area instead of a residential one, and if they are trying to spoof this information with proxies and VPNs.

IP Geolocation

Then, you can feed the results to calculate an IP fraud score, which can be a strong gauge of how risky it is to continue the onboarding process. 

And, of course, you can combine the above with other data points to build an even more precise risk model to flag stolen IDs in real-time.

IP Analysis

#3: The Device or Browser Data Appears Manipulated 

Understanding how users connect to your banking website or app can reveal enlightening clues about who they are. A device and browser fingerprinting tool will uncover important technical data relating to their configuration of software and hardware.

So what does an identity thief’s connection look like? In all likelihood, it’s going to be spoofed, controlled or manipulated. They will rely on emulators, anti-fingerprinting browsers, or even privacy-focused operating systems.

Here are examples of rules this may trigger:

Manipulated Browser

As you can see, this person’s browser is raising a few red flags. Its version points to a five-year-old product, which is unrealistic for an everyday user, and there is a spoofing attempt of the user agent (UA). 

Of course, this doesn’t necessarily point to identity theft, but the likelihood that you’re dealing with an imposter increases drastically if they’re relying on these tools which SEON can detect.

Another way to think about it is to ask yourself: Why would someone try to hide their personal data when opening a bank account? 

There doesn’t seem to be much variation here: You are either dealing with a privacy enthusiast or someone who is attempting to fool your KYC process.


How SEON Helps With Banking Identity Verification

Spotting identity theft and synthetic ID fraud starts with an effective ID verification process. While most banks and financial institutions will have a strong KYC process that includes IDV, SEON is designed to let risk managers work with real-time alternative intel as well as in-depth technical data points.

There are key advantages there:

  • All the data is enriched in real-time.
  • You can perform pe-KYC checks to save on costs and labor. 
  • Digital footprint analysis is becoming more important than legacy ID checks.
  • Combining these with velocity checks and device fingerprinting allows you to catch more fraudsters.

Thanks to lightweight and frictionless integration, you can deploy SEON as a full end-to-end system, or simply as an additional layer on top of your existing KYC or IDV processes. 

Reduce fraud rates by 70-90%

Partner with SEON to reduce fraud rates in your neobank and catch identity theft without false positives and with no friction.

Book a Demo


What is identity theft in banking?

Identity theft happens when criminals or fraudsters acquire important pieces of a legal identity, such as a full name, address, and copy of an ID document, and try to use it to open a bank account or access a financial product offered by a bank.

What are the common types of identity theft used to defraud banks?

Criminals have developed different techniques for financial identity theft, medical identity theft, synthetic identity theft, and even child identity theft. They then use these to try to defraud banks.

What are the first signs of identity theft?

You may be a victim of identity theft if you notice unexplained bank charges or withdrawals, receive letters from credit card providers you did not apply with, or notice errors on your credit report.


  • McAfee: A Guide to Identity Theft Statistics for 2022

Share article

See a live demo of our product

Click here

Author avatar
PJ Rohall

Sign up for our newsletter

The top stories of the month delivered straight to your inbox