Synthetic IDs that behave like long-horizon exposures and account takeover attacks driven by deepfake automation are two of the most significant pressures on lending strategies for 2026. These behaviours often bypass controls, leaving lenders with unexpected risks.
The FCA’s call for smarter risk is prompting lenders to reassess how fraud controls, credit thresholds and decisioning frameworks operate. Doing this well requires a clearer view of where fraud and credit signals interact and where controls may (unintentionally) work against each other.
More lenders are now joining fraud and credit models to build this view. When these signals sit in one place, issues that stand-alone models overlook become easier to address earlier in the lifecycle.
This article covers:
|
The fraud behaviours influencing 2026 lending strategies
Before we get into the approach, let’s recap on why Synthetic ID activity and account takeover attacks will have such an influence on portfolio performance in 2026:
1. Synthetic ID activity
Synthetic ID activity is now one of the most difficult issues for lenders to manage. These accounts can sit unnoticed and often appear only when they default in a concentrated bust-out. Because the early behaviour resembles standard credit use, the losses are frequently recorded as credit losses rather than fraud.
This creates an area of exposure, unless lenders build Synthetic ID detection into credit risk models beyond the onboarding stage. Treating SIF as a long-horizon exposure is becoming essential for accurate loss forecasting and portfolio planning.
2. Account takeover attacks
Account takeover attacks are increasing in scale and effectiveness. Deepfake and automation tools give fraudsters the ability to run convincing, high-volume attempts across digital channels. These methods remove many of the friction points that historically helped lenders filter attacks, making it easier for fraudsters to test, learn and refine their approach.
As more fraudsters use these tools, lenders will see more systematic attempts targeting authentication processes, higher-risk applicants and thin-file groups.
|
CIFAS fraud filings: the highest ever recorded
|
These behaviours raise expectations for how models detect issues that develop over time and where fraud may emerge within the customer lifecycle.
Smarter risk and its impact on thresholds and decisioning
And on top of that, the FCA’s emphasis on smarter risk is prompting lenders to reassess how fraud controls and credit decisioning operate in practice. Stronger controls need to be matched with good judgement about where friction is applied and how different types of applicants are treated.
A key part of this is calibrating to false-positive rates, not only fraud losses. Stricter thresholds during periods of uncertainty can create unintended outcomes for thin-file or higher-risk applicants. Under smarter risk, lenders are encouraged to identify where controls may be overly cautious and where a more graduated approach would deliver better outcomes.
This requires decision frameworks that separate genuinely low-risk cases from those that need more scrutiny. Light-touch verification for low-risk applicants and step-up authentication or manual review for ambiguous cases helps avoid unnecessary rejections while still reducing exposure.
Essentially, this approach supports both stronger fraud prevention and broader access, offering lenders more control over where and when intervention is applied.
The vulnerabilities revealed through integrated fraud and credit models
As lenders join fraud and credit signals into one view, behaviours that previously sat between separate frameworks become easier to detect. Let me break this down for you…
Synthetic ID activity that escapes stand-alone models
When fraud and credit-risk models operate separately, Synthetic ID activity can fall into a grey area. Fraud indicators may look benign, while the credit side shows behaviour that does not align with a genuine customer. This is why SIF is often absorbed as a credit loss.
Integrated modelling provides the missing context. Signals that appear harmless on the fraud side take on meaning when combined with credit-seeking behaviour, usage patterns and the timing of applications. This supports earlier detection and reduces the likelihood of significant exposures building unnoticed.
Build-up fraud that sits behind legitimate accounts
Build-up fraud also benefits from a combined view. A genuine low-limit account can be taken over and shaped to secure higher limits. Fraud signals alone may miss this because each action looks low-risk in isolation. The credit-behaviour lens shows the shift in usage and intent.
By analysing both sets of signals in one place, lenders can see the transition from normal use to manipulated behaviour and intervene earlier in the lifecycle.
And that begs the obvious question…
Why is this so important for 2026?
The short answer: Combined models reveal issues that would otherwise remain unnoticed until they appear as losses, giving lenders a stronger basis for managing the more complex behaviours expected in 2026.
Strengthening controls while maintaining access
The pressure to reduce fraud losses often leads to stricter controls, but this can create poor outcomes for customers who pose low risk. Under the FCA’s focus on smarter risk, lenders are encouraged to use controls that respond to the level of uncertainty in each case rather than relying on a single approach for all applicants.
Adaptive, risk-tiered controls support this. Clear, low-risk applications can pass through light-touch verification, while cases that sit in a grey area can move to step-up authentication or manual review. This keeps friction targeted and avoids unnecessary barriers for applicants who do not require extra checks.
This approach reduces exposure where indicators justify closer attention while protecting access for low-risk groups. It also gives lenders more flexibility over when and how intervention is applied.
The techniques and data signals now proving effective
Lenders are placing more weight on techniques that can surface subtle, fast-changing fraud behaviours and support earlier intervention.
Network and graph-based approaches
Graph databases and network analytics are becoming central to detecting sophisticated fraud, particularly Synthetic IDs. These methods map connections between identities, devices and addresses that are difficult to see through traditional modelling. Fraud rings that appear as isolated accounts become identifiable when these relationships are viewed in context.
Real-time device intelligence
Signals drawn from device configuration and usage are increasingly important for managing digital-channel fraud. Sudden changes in device behaviour or anomalies in how a session is established can provide early indicators of attempted compromise and support quicker intervention.
Behavioural biometrics
Behavioural data offers another layer of defence. Changes in typing patterns, mouse movement or navigation style can highlight attempts to mimic genuine customers, particularly where attacks rely on scripted or automated tools.
Techniques losing value
Traditional, static rules-based systems and simple univariate anomaly checks are becoming less effective. Fraudsters can test these controls and work around thresholds over time, limiting their ability to provide meaningful protection.
These techniques are giving lenders a more reliable view of early behaviour changes, which is becoming essential for managing exposure as fraud methods develop across 2026.
Preparing lending strategies for 2026 pressures
The themes running across these behaviours point to a more connected approach to fraud and credit risk. Lenders are moving towards models and controls that combine signals, respond to uncertainty more precisely and adapt as behaviours change throughout the lifecycle. This is helping teams intervene earlier, refine thresholds with greater confidence and build a clearer view of emerging exposure as they plan for 2026.
Talk to us to find out more.