How is synthetic identity fraud different from stolen identity fraud?

Stolen identity uses a real consumer's full identity (often stolen wholesale). Synthetic identity combines stolen and fabricated elements — a real SSN belonging to a minor or deceased person, paired with a fabricated name, address, and date of birth. The synthetic identity then cultivates legitimate credit history over 12–24 months before busting out. Credit-bureau scoring typically cannot distinguish a mature synthetic from a real consumer — that's what makes location and property signals structurally necessary.

What's the minimum mobility-data history needed to validate residency?

90 days is the practical minimum. 30 days can establish a pattern but is vulnerable to short-term travel noise. 90 days captures the consistent overnight-and-daily-life pattern that separates real residents from application-time address claims. Some lenders require 180 days for high-dollar products.

Can property data alone detect occupancy fraud?

It detects claim-vs-record mismatches (e.g., applicant claims ownership but is not on the deed) but cannot distinguish a legitimate tenant from a synthetic tenant — that's where mobility signal is required. The strongest controls combine property records (documentary truth) with mobility signals (behavioral truth); either alone has too many false positives for operational use.

What fraud-loss reduction should a bank expect from adding location + property signals?

Published case data from large US banks and insurers reports 20–40% loss reduction specifically on the synthetic-identity and first-party-fraud tranches. Total portfolio fraud-loss reduction is smaller (8–15%) because these tranches are a subset of total fraud. The ROI math typically pencils on the synthetic-identity tranche alone — the first-party reduction is incremental upside.

Fraud Detection with Location + Property Signals

Fraud teams at banks, insurers, and fintechs agree on one thing: the fraud patterns that cost the most money are the ones the traditional stack doesn't catch. Credit-bureau scoring catches the obvious cases — stolen identities with credit histories that don't match the application, or device-fingerprint collisions across rapidly-submitted applications. It is substantially worse at catching synthetic identities, which are built precisely to pass those checks, and first-party fraud where a real consumer builds legitimate credit history over months before busting out. For the synthetic and first-party cases, mobility location data and property data together produce a signature the score-based models cannot see. This piece walks through the operational pattern mature fraud teams use to combine them.

Key Takeaways

Score-based fraud models catch stolen identity well; they miss synthetic and first-party fraud — which is where most avoidable loss sits, per Federal Reserve research on synthetic identity.
Location data answers 'does this person actually live where they claim?' — a residency pattern requires months of overnights and nearby daily-life POIs, not just a declared address.
Property data answers 'is this person the owner/tenant of record?' — 155M parcel-level records anchor the documentary side.
Combined in a two-stage workflow (property at application, mobility in 24–72h batch), banks and insurers report 20–40% fraud-loss reduction on synthetic and first-party tranches.

Where the Traditional Stack Falls Short

Credit-bureau scoring and device fingerprinting together cover maybe 60–70% of the fraud-loss curve — mostly the stolen-identity and velocity patterns. The remaining 30–40% is where synthetic identity and first-party bust-out concentrate, and it is the most expensive tranche because the events take longer to detect and often pass multiple control gates before the loss realizes. FinCEN's published guidance on synthetic identity fraud and related financial-crime bulletins call out the same pattern: the signals to catch it are not in the credit file, because the credit file is precisely what the synthetic identity has been cultivating for the last 12–24 months.

What Location Data Answers

Location data — particularly MAID-based mobility data at scale — makes one specific question answerable: does this person actually live where they claim to live? A synthetic identity constructed with a stolen-plus-fabricated identity mix often lists a residence address that the applicant has no real relationship to. Mobility data reveals this immediately. A legitimate resident's device shows a specific fingerprint:

Evening and overnight presence at the claimed address (typically 10 PM–6 AM, 5+ nights per week)
Weekend activity at nearby daily-life POIs — grocery stores, pharmacies, places of worship, parks within a 5-mile radius
Weekday daytime pattern at a commute-distance office, or retail/service POIs consistent with declared employment
A consistent device graph — same handful of MAIDs over 90+ days, not a rotating device set

The device associated with a synthetic identity's claimed address shows none of that pattern — no overnights at the address, no nearby daily-life POIs, sometimes no US-based pattern at all. Aggregated across 301 million US individual records and roughly 200 million MAID-to-HEM links, mobility signals catch this pattern in minutes rather than months. The identity-resolution plumbing behind the MAID-to-address join is covered in the companion piece on identity graphs 101.

What Property Data Confirms

Property data comes at the same question from the documentary side. A 155-million-record US property file tells the fraud team whether the applicant is listed as an owner or tenant of record at the claimed address. For ownership cases, the signal is precise — the deed, the tax bill, and the mortgage are all anchored to a specific named owner. For tenancy cases, the signal is weaker (utility records, voter rolls, change-of-address notices help but are not as clean), which is why fraud teams increasingly combine property-of-record data with location-signal confirmation rather than relying on either alone. A claim of ownership that doesn't appear in property records plus a device pattern that shows no residence at the address is a near-certain fraud flag; either signal alone generates more false positives than the team can triage. The FBI's annual Mortgage Fraud Report has called out this exact occupancy-misrepresentation pattern for years — the tooling to detect it at scale is what has changed.

The Two-Stage Operational Pattern

The practical operational pattern combines both layers into a two-stage workflow. Stage one runs at application time: a fast property-data lookup on the claimed address confirms or flags the ownership or tenancy claim — sub-second latency, low false-positive rate, used as a decision input but rarely as a sole decline signal. Stage two runs out-of-band in a batch job — within 24 to 72 hours after application — and cross-references the applicant's known device(s) against the claimed residence. The batch stage is where most of the expensive catches happen; it's where the fraud team catches the first-party bust-out pattern in which the applicant is technically the owner of record but the device spent the last four months overseas. Banks and insurers who have built this two-stage pattern typically report 20–40% reduction in fraud loss on the first-party and synthetic tranches of their portfolio, which is where most of the industry's avoidable loss sits. For shops integrating this into a broader financial-crime program, the risk management and fraud detection solution provides the joined data layer alongside the broader financial services portfolio most teams are already running. The underlying pattern-recognition principle is simple: a credit score is one signal, a device fingerprint is another, a 90-day mobility pattern is a third, a property-records match is a fourth. Each has a false-positive rate that's too high to act on alone; combined, the false-positive rate drops below the threshold where fraud operations teams can efficiently investigate the flagged cases.

Frequently Asked Questions

How is synthetic identity fraud different from stolen identity fraud?: Stolen identity uses a real consumer's full identity (often stolen wholesale). Synthetic identity combines stolen and fabricated elements — a real SSN belonging to a minor or deceased person, paired with a fabricated name, address, and date of birth. The synthetic identity then cultivates legitimate credit history over 12–24 months before busting out. Credit-bureau scoring typically cannot distinguish a mature synthetic from a real consumer — that's what makes location and property signals structurally necessary.
What's the minimum mobility-data history needed to validate residency?: 90 days is the practical minimum. 30 days can establish a pattern but is vulnerable to short-term travel noise. 90 days captures the consistent overnight-and-daily-life pattern that separates real residents from application-time address claims. Some lenders require 180 days for high-dollar products.
Can property data alone detect occupancy fraud?: It detects claim-vs-record mismatches (e.g., applicant claims ownership but is not on the deed) but cannot distinguish a legitimate tenant from a synthetic tenant — that's where mobility signal is required. The strongest controls combine property records (documentary truth) with mobility signals (behavioral truth); either alone has too many false positives for operational use.
What fraud-loss reduction should a bank expect from adding location + property signals?: Published case data from large US banks and insurers reports 20–40% loss reduction specifically on the synthetic-identity and first-party-fraud tranches. Total portfolio fraud-loss reduction is smaller (8–15%) because these tranches are a subset of total fraud. The ROI math typically pencils on the synthetic-identity tranche alone — the first-party reduction is incremental upside.