Fraud Starts with Identity. So Should the Fix.

It is time to modernize SIN use for credit verification.

Abstract: Canada’s credit system was built to measure borrower behaviour, not to confirm identity, creating a vulnerability that organized fraud networks increasingly exploit through synthetic identities. Criminal groups are able to construct and nurture false identities over time, gradually building credit histories before executing coordinated “bust-out” frauds that leave lenders with significant losses. Data from TransUnion shows that a growing share of delinquent balances, particularly in credit cards and auto lending, now carries high fraud-risk indicators and is increasingly appearing in near-prime and prime tiers rather than traditional subprime segments. At the same time, the share of credit files containing a Social Insurance Number (SIN) has declined sharply, weakening one of the few reliable identity anchors available in Canada’s credit system. The result is a widening identity assurance gap that raises costs for lenders and borrowers alike. A pragmatic policy response would clarify that lenders may request SIN for identity verification, implement strict governance and purpose limitations, and explore secure verification mechanisms that confirm SIN ownership at the source. Strengthening identity verification in this way would help close the structural gap that synthetic fraud networks currently exploit.

Canada’s credit system is designed to measure behaviour, not confirm identity. Fraudsters understand that distinction and exploit it.

Across the country, organized fraud networks are creating synthetic identities, nurturing them patiently for 18 to 24 months, moving them through higher credit tiers, and then executing coordinated bust-outs. The result is a growing category of losses that traditional credit risk tools were never designed to stop.

Recent research from TransUnion illustrates the scale of the challenge. Across non-mortgage originations, roughly $409 million in reported delinquent balances in a single year are associated with accounts exhibiting high fraud-risk indicators. That represents approximately 23 percent of delinquent dollars tied to new originations during the period measured.

In credit cards alone, roughly 14 percent of delinquent balances are associated with high fraud-risk profiles. Historically, that figure ranged between 2 and 5 percent.

Auto lending presents an even sharper signal. Roughly 30 percent of delinquent dollars in that sector are associated with high predicted fraud risk. Among the highest-risk originations, lenders report bad-rate concentrations approaching five times normal levels.

Importantly, these patterns are not concentrated in traditional subprime segments. TransUnion’s analysis shows that delinquency deterioration is occurring disproportionately in near-prime and prime credit tiers, where borrowers with similar scores should normally perform similarly.

More strikingly, many high synthetic-risk profiles migrate upward through credit tiers faster than expected before defaulting. That behaviour is inconsistent with traditional financial distress and far more consistent with coordinated identity manipulation.

When fraud risk signals are removed from the dataset, delinquency performance among new-to-credit borrowers largely normalizes.

That supports an uncomfortable but necessary conclusion.

• The problem is not new-to-credit Canadians.
• The problem is that new-to-credit has become the easiest entry point for synthetic identity fraud.

At the same time fraud networks have become more sophisticated, the structural guardrail that once helped anchor identity matching in the credit system has weakened.

According to TransUnion, only about 33 percent of newly created credit files today contain a Social Insurance Number (SIN). Prior to 2000, the coverage rate was close to universal.

The decline reflects evolving privacy guidance, consumer sensitivity to breaches, and institutional caution around collecting sensitive identifiers.

But the unintended consequence has been the creation of a large identity assurance gap. Without a strong unique identifier, lenders must rely on combinations of names, addresses, and dates of birth — attributes that fraudsters can fabricate, manipulate, or reuse across synthetic identities.

In effect, Canada has gradually weakened one of the few tools that can reliably distinguish one “John Smith” from another.

The policy question is not whether the SIN should become a national identity card. It should not.

The question is whether Canada expects lenders to prevent identity-based credit fraud — now costing hundreds of millions of dollars annually — while discouraging use of the only universal identifier that already exists.

Other Countries

Every advanced economy faces fraud risk. But those that have invested in strong identity rails have made identity fraud materially harder to scale.

Denmark operates MitID, a national digital identity used across banking and government services. Official statistics show that more than 96 percent of Danes over age 15 maintain an active MitID credential, enabling secure authentication across sectors.

Estonia’s national digital identity system supports legally binding digital signatures and secure authentication across public and private services. The Estonian Information System Authority reports more than 800 million digital signatures generated over the past two decades.

Singapore’s Singpass functions as a secure authentication platform used across government and increasingly within the private sector. Built with multi-factor authentication and biometric verification, it dramatically reduces impersonation risk.

India’s Aadhaar system has been more controversial, but global institutions such as the World Bank note that trusted digital identity infrastructure can significantly reduce fraud and “ghost beneficiaries” in large financial systems.

The models differ, but the principle is consistent. These countries treat identity verification as national infrastructure.

Canada does not.

Canada is unusual among advanced economies in one important respect.

We already possess a near-universal identifier.

The Social Insurance Number reliably distinguishes individuals across the country and across time. Yet policy guidance and institutional caution have discouraged its use in credit origination.

As a result, lenders attempting to detect identity-based fraud are often forced to operate with weaker identity signals than the fraud networks targeting them.

The cost is not confined to lenders.

When synthetic fraud scales:

• lenders absorb losses
• consumers face higher borrowing costs
• legitimate borrowers face tighter underwriting
• and organized crime gains a new funding channel

Identity fraud is not merely a financial services problem. It is a system integrity problem.

Canada does not need to mandate the use of SIN in credit applications.

But the rules governing its use should reflect modern fraud realities.

A workable policy approach would involve three steps.

1. Clarify permissibility: Regulatory guidance should explicitly allow lenders to request SIN for identity verification purposes during credit origination and onboarding, accompanied by clear consumer disclosure. This would create clarity for lenders without compelling consumers to provide the number.

2. Build safeguards that prevent feature creep: Purpose limitations must remain explicit. Access controls, audit requirements, and strict governance must apply to any system using SIN-based verification. Where a SIN has been validated through an approved verification process, retaining a validated SIN indicator within the credit file can improve identity confirmation and enable more accurate Search-Match-Merge processes across the credit ecosystem.

Because SINs rarely change, maintaining this validated identifier can reduce the need to repeatedly re-verify the same individual while strengthening fraud detection and file accuracy. Such retention must remain tightly governed and limited strictly to identity verification and matching functions.

3. Enable verification at the source: Collecting a SIN alone does not confirm identity. The strongest control is the ability to verify that the SIN actually belongs to the applicant.

Other jurisdictions increasingly rely on identity authentication services that confirm identity claims in real time for authorized entities. Canada should explore a comparable high-assurance verification framework for limited anti-fraud use cases.

The shift required is straightforward. Move from treating SIN solely as sensitive data that should never be used, to treating it as a credential that can be used within a narrow, auditable verification process.

Before any policy change occurs, the industry must present a credible and disciplined case. The Canadian Lenders Association is well positioned to convene a working group of lenders and credit bureaus to:

• quantify the scale and mechanics of synthetic fraud losses
• define a narrow policy proposal focused exclusively on identity verification
• engage government stakeholders to test feasibility and safeguards

Canada does not have to choose between privacy and security. But it does have to decide whether the current system — which leaves identity verification weak while fraud networks grow stronger — remains acceptable.

Fraud starts with identity. Fixing it should start there too.

Five Key Insights

1. Synthetic identity fraud is scaling quickly
   Organized fraud rings now cultivate synthetic identities for 18–24 months before executing bust-out schemes, allowing them to penetrate higher credit tiers before defaulting.

2. Fraud is distorting delinquency patterns across the credit system
   Approximately 23% of delinquent balances from new originations show high fraud-risk indicators, with especially strong signals in auto lending and credit cards.

3. Prime and near-prime segments are increasingly affected
   Fraud-related deterioration is appearing in stronger credit tiers where borrowers with similar scores should perform similarly, signalling identity manipulation rather than traditional financial distress.

4. Canada’s identity signals in credit files have weakened
   Only about one-third of newly created credit files contain a SIN, compared with near-universal coverage before 2000, forcing lenders to rely on weaker identifiers such as names, addresses, and birth dates.

5. Policy modernization could significantly strengthen fraud prevention
   Allowing SIN to be used for controlled identity verification, supported by strict governance and potential source verification, would help close the identity assurance gap without turning SIN into a universal identity card.

Sign up for the CLA Finance Summit Series