Fraud Starts with Identity. So Should the Fix.

It is time to modernize SIN use for credit verification.

Abstract: Canada’s credit system is increasingly exposed to identity-based fraud because it was built to assess borrower behaviour, not to verify identity at the point of entry. The article argues that synthetic identities are being used to enter the credit system, build credibility over time, migrate into stronger credit tiers, and then execute coordinated defaults. With SIN coverage on new credit files falling sharply, lenders have lost an important identity-matching tool. The proposed solution is not to turn the SIN into a national ID card, but to modernize its use for narrow, regulated, auditable credit verification, with clear safeguards, limited retention, and potentially source-level validation. Canada should treat identity assurance as shared financial infrastructure, not merely a lender-by-lender compliance issue.

Our credit system is built to measure behaviour, not to confirm identity. Fraudsters understand that. They exploit the front end of the system by creating synthetic identities, nurturing them for 18 to 24 months, accelerating them into higher credit tiers, and then executing coordinated bust-outs. The result is a category of losses that traditional credit risk tools were never designed to stop.

TransUnion’s research speaks to the scale of the issue. Across non-mortgage originations, approximately $409 million in one year of reported delinquencies are associated with accounts scoring high on fraud risk indicators. That represents roughly 23 percent of all delinquent dollars tied to new originations in the measured period. In credit cards alone, approximately 14 percent of delinquent balances are associated with high fraud-risk profiles, a sharp increase from historical levels that ranged between 2 and 5 percent several years ago.

Auto lending presents an even starker picture. In that segment, approximately 30 percent of delinquent dollars are associated with high predicted fraud risk. In the highest fraud-risk cohort of auto originations, lenders are seeing a roughly five-to-one bad rate concentration, a dramatically different risk distribution than historical norms.

These patterns are not concentrated in subprime segments. TransUnion’s analysis shows delinquency deterioration disproportionately concentrated in interior credit tiers — near-prime and prime — where borrowers should, on paper, perform similarly within the same risk band. More strikingly, high synthetic-risk profiles can migrate upward through credit tiers faster than expected before defaulting, behaviour inconsistent with traditional credit stress and more aligned with coordinated identity manipulation.

When fraud risk signals are isolated and removed from the dataset, delinquency performance for new-to-credit borrowers largely normalizes. That supports an uncomfortable but necessary conclusion: the problem is not new-to-credit Canadians. The problem is that new-to-credit has become the easiest on-ramp for bad actors exploiting weak identity verification at entry.

At the same time, the structural guardrail that once helped anchor identity matching has eroded. TransUnion reports that only approximately 33 percent of newly created credit files in recent years contain a SIN, a dramatic decline from near-universal coverage prior to 2000. The reduction reflects evolving guidance, consumer sensitivity, and institutional breach concerns. But the unintended consequence has been a widening identity assurance gap — one large enough for organized fraud to industrialize.

The policy question is not whether SIN should become a national ID card. It should not. The question is whether Canada will continue to tolerate a status quo in which lenders are expected to prevent identity-based credit fraud — now accounting for hundreds of millions of dollars annually — without being permitted to effectively use the one truly universal identifier already in place, or without a viable national alternative.

Other Countries Effectively use Universal IDs to Stop Fraud

Every advanced economy fights fraud. None solves it with a single instrument. But countries that have deployed widely adopted, high-assurance identity rails have made it materially harder to scale identity-enabled fraud.

Denmark runs one of the world’s most ubiquitous digital identity systems, MitID, used across banking and government services. Official MitID statistics show that 96.95 percent of Danes over 15 have an active MitID, with massive transaction volume. (mitid.dk) This is what a universal, reusable, high-assurance credential looks like in practice: secure login, secure consent, and a consistent way to verify identity across sectors.

Estonia paired a national ID framework with strong cryptography and a governance model that is built around trust and transparency. Estonia’s digital ID has enabled legally binding digital signatures at national scale, with the Estonian Information System Authority noting over 800 million digital signatures in 20 years across ID-card, Mobile-ID, and Smart-ID. (ria.ee) That level of identity assurance changes the economics of fraud by making impersonation and account fabrication harder to sustain at scale.

Singapore has built Singpass as a national digital identity for both public services and, increasingly, private-sector use cases. The Singapore Government Developer Portal explicitly positions Singpass as a secure authentication mechanism that reduces the risk of fraud and unauthorized access, supported by multi-factor authentication and biometrics. (Singapore Government Developer Portal)

India demonstrates both the upside and the controversy. Aadhaar-based authentication and e-KYC were designed to reduce leakage and “ghost beneficiaries” in government programs, with global institutions such as the World Bank describing how trusted digital ID can reduce fraud and leakage in government-to-person transfers. (World Bank) The point for Canada is not to import India’s model wholesale. It is to recognize that identity assurance, when built with safeguards, can substantially reduce fraud vectors and improve integrity.

The common thread is simple: these countries treat identity verification as shared national infrastructure. Canada does not.

Canada’s unique constraint: we already have a universal identifier, but we discourage its use

The SIN is already universal in practice. It is the only identifier that reliably distinguishes one “John Smith” from the next across the country. Yet policy guidance and market norms have pushed lenders away from collecting SIN at the point of credit application, and the downstream consequence is a weaker ability to confirm identity, match files accurately, and detect synthetic behaviour patterns.

This is not merely a lender issue. It is an ecosystem issue. When synthetic fraud scales, everyone pays: lenders through losses, consumers through tighter access and higher prices, and government through the downstream funding of broader organized crime.

Even the World Bank frames digital identity as an integrity lever. Trusted ID systems can reduce fraud and leakage and improve service delivery. (World Bank) Canada should treat credit fraud the same way: as a system-level integrity problem that warrants system-level identity rails.

A practical compromise: permit SIN-based verification, with tight guardrails and modern validation

Canada does not need to “mandate SIN” in a blunt way. It needs to modernize what is permissible and operationally realistic.

A workable approach has three parts:

1. Clarify permissibility
   Update guidance so lenders can request SIN specifically for identity verification in credit origination and onboarding, with clear consumer disclosure. This is about permission and clarity, not coercion.
2. Build safeguards that prevent feature creep
   Purpose limitations must be explicit. Collection and storage must be minimized. Retention periods should be constrained. Access controls and audit requirements should be mandatory. The use case should be verification and matching, not generalized profiling.
3. Enable verification at the source
   The strongest control is not merely collecting a SIN. It is confirming that a SIN is valid and linked to the applicant. Other countries increasingly rely on high-assurance identity services precisely because “a number in a form” is not the same as verified identity. UIDAI, for example, describes authentication as a validation service that confirms identity claims for authorized agencies. (uidai.gov.in) Canada should explore a Canadian equivalent for permitted use cases.

This is the core policy shift: move from “SIN as sensitive data that nobody should touch” to “SIN as a credential that can be used in a narrow, regulated, auditable verification workflow.”

What the CLA should do next

A shift to start to use SIN as a verification standard requires a credible coalition and a disciplined policy case.

The right next step is a CLA-led working group with lenders and credit bureaus to do three things quickly:

• Validate the scale of fraud losses and the identity mechanics driving them
• Define a narrow, defensible policy ask focused on verification and anti-fraud outcomes
• Launch a targeted government meetings program to gauge feasibility, then publish an evidence-based op-ed and briefing note once members align

Canada does not have to choose between privacy and security. But it does have to choose whether it will continue to subsidize identity-enabled credit fraud by leaving the front door open.

Countries that took identity seriously did not eliminate fraud. They reduced the easiest fraud at the point of entry and forced criminals into higher-cost tactics. Canada should do the same.

If you want, I can also produce a companion “policy one-pager” that frames the proposed change as: Permitted SIN verification, limited purpose, minimal retention, auditable access, and optional government validation, plus draft member talking points for government meetings.

5 Key Points

1. Fraud starts with identity. Traditional credit tools measure repayment behaviour, but synthetic fraud exploits weak identity checks before credit risk models can work.
2. The scale is material. TransUnion research cited in the article links approximately $409 million in annual non-mortgage delinquency dollars to accounts with high fraud-risk indicators.
3. The issue is not simply subprime lending. Fraud-linked delinquency deterioration is appearing in near-prime and prime segments, where borrowers should normally perform more predictably.
4. SIN usage has declined dramatically. Only about 33 percent of newly created credit files now contain a SIN, compared with near-universal coverage before 2000, weakening identity matching across the system.
5. Canada needs a controlled verification model. The article recommends permitting SIN-based verification for credit origination with strict purpose limits, minimal storage, access controls, audits, and source-level validation where possible.

Sign up for the CLA Finance Summit Series