Synthetic Fraud Is Rewriting Compliance in LATAM

The compliance stack most financial institutions built for LATAM was designed for a different threat model. It was designed for stolen identities, forged documents, money mules with real histories. The playbook worked when the attacker was a human trying to pass off as another human.

That model is breaking down. The attacker today is a process, not a person.

Synthetic identity fraud, where fraudsters construct new identities by combining real data fragments with fabricated information, has become the dominant fraud vector across the region. It does not trigger traditional identity verification alerts because the identity is technically new. It does not match stolen-identity databases because nothing was stolen. It passes document checks because the documents are real, just assembled for a fabricated person.

The result is a compliance problem that most existing tooling was not built to catch.

What the data shows#

BioCatch's 2026 LATAM fraud report, which analyzed data from 36 financial institutions serving more than 300 million customers across the region, found that scam attempts rose 155% in 2025 alone. Account takeover attempts nearly tripled between the end of 2024 and the beginning of 2026. In Mexico, that number increased by a factor of four.

These are not just phishing attacks or credential stuffing. BioCatch also found that malware-driven fraud in LATAM increased 113% year over year, with Argentina and Colombia showing the steepest curves. Critically, approximately half of all fraud cases in 2025 are now mobile-first, a structural shift from web-based attack vectors that dominated in prior years.

Sumsub's Identity Fraud Report 2025-2026 adds a different dimension: deepfake fraud in LATAM and the Caribbean grew 255% in 2024 compared to the prior year. That growth rate is second only to the Middle East globally. Deepfakes in the context of KYC bypass are not a theoretical concern anymore. They are the mechanism synthetic identity fraudsters use to pass liveness checks at onboarding.

The combination of a fabricated identity document plus a deepfake selfie defeats the liveness-plus-document check that most LATAM fintechs still rely on as their primary KYC layer.

LexisNexis Risk Solutions' True Cost of Financial Crime Compliance Study for Latin America put the annual cost of financial crime compliance at $15 billion across the region. For Brazil specifically, every real lost to fraud costs companies R$3.59 in total, when you account for investigation costs, chargebacks, manual review time, and regulatory penalties. Fraud cost is not the face value of the transaction. It is the multiplier.

Why synthetic fraud is different#

Traditional fraud leaves traces. A stolen credit card has a victim who reports it. An identity stolen from a breach shows up on watchlists. Money mules have transaction histories that trigger velocity checks.

Synthetic identities are clean. They start with no derogatory history, no watchlist flags, no alerts. The constructed person opens accounts, builds credit history, and behaves normally for months, sometimes years. The attack phase, when the fraudster maxes out credit lines, drains accounts, or moves funds, happens once the synthetic identity has established sufficient legitimacy to operate at scale.

This is what practitioners call "bust-out fraud." The damage is not linear and it is not immediate. By the time a financial institution detects the pattern, the identity has usually touched multiple institutions across the same financial ecosystem.

The implications for compliance teams are significant:

KYC at onboarding is necessary but not sufficient. A synthetic identity can pass document verification, liveness checks, and even database cross-referencing if the fabrication is sophisticated. The signal has to come from behavioral patterns over time, not just point-in-time identity verification.

AML transaction monitoring needs to account for account seeding behavior. Synthetic identity fraudsters often deposit small amounts to establish history before executing the bust-out. Standard velocity rules miss this because each transaction looks normal in isolation.

Cross-institutional visibility matters. A synthetic identity that is flagged at one institution moves to another. Without shared signal infrastructure, every institution fights the same fraudster independently.

The country-level picture#

The threat surface varies significantly by country, driven by differences in digital identity infrastructure, banking penetration, and regulatory maturity.

Brazil is dealing with a 340% year-over-year surge in stolen device fraud, per BioCatch data. With PIX enabling instant transfers, compromised device plus synthetic identity creates a high-velocity attack surface. The Banco Central do Brasil has pushed forward on Open Finance infrastructure, which means more data interoperability but also more attack vectors.

Mexico saw account takeover attempts increase 324% year over year. The CNBV has been expanding KYC requirements for digital wallets and neobanks, but enforcement lag means that newer institutions are operating with compliance frameworks designed for a lower-sophistication threat environment.

Argentina and Colombia show the steepest malware growth curves in the BioCatch data. In Argentina, economic instability has historically correlated with increased financial fraud. Digital banking penetration grew rapidly through 2023-2025, outpacing the compliance maturity of many new entrants.

Chile and Colombia have some of the more robust AML frameworks in the region, driven by SBIF and SFC regulatory oversight, but regulatory strength does not automatically translate to operational capability at the institution level.

What needs to change in the compliance stack#

The institutions that are ahead of this problem share a few operational characteristics.

They treat identity as continuous, not point-in-time. Onboarding KYC is a snapshot. Synthetic fraud is a longitudinal attack. The institutions catching it earlier are running behavioral signals, device fingerprinting, and network graph analysis throughout the customer lifecycle, not just at account opening.

They have moved from rules to models for transaction monitoring. Static velocity rules with fixed thresholds are not calibrated for the seeding-then-burst pattern of synthetic identity fraud. Machine learning models trained on account aging curves, deposit pattern anomalies, and network relationships catch these attacks earlier, with fewer false positives than rule-based systems.

They are building or joining shared signal infrastructure. The asymmetry of synthetic fraud is that the fraudster operates across institutions while each institution operates in isolation. Fraud consortia, shared negative databases, and AML data-sharing arrangements are not new, but AI-native infrastructure makes them operationally viable at the transaction level in real time for the first time.

The institutions that close the detection gap fastest are not the ones with the most sophisticated individual KYC layer. They are the ones with the most connected fraud signal across institutions.

They have separated the compliance control layer from the product layer. When compliance rules live inside the product stack, every compliance update requires a product engineering sprint. The institutions that move faster have abstracted compliance into a configurable layer that can be updated without touching the core product.

The operational cost of staying manual#

The LexisNexis data from North America (the most recent comparable data available) shows that 44% of financial institutions still primarily rely on manual processes for fraud detection. The cost multiplier for those institutions is higher. Manual review creates delays, inconsistency, and scale constraints that automated fraud engines do not have.

In LATAM, where digital banking growth has outpaced compliance team hiring, the gap is wider. The institutions that built compliance operations on the assumption that headcount could scale linearly with transaction volume are now running with review queues that cannot keep up.

The fraud vectors that are growing, synthetic identity and deepfake-assisted onboarding bypass, are precisely the ones that are hardest to catch manually. A human reviewer looking at a document plus a selfie cannot reliably detect a high-quality deepfake. A human analyst reviewing transaction history cannot reliably spot synthetic account seeding without ML assistance on the pattern detection side.

This is not a technology-for-technology's-sake argument. It is a capacity argument: the fraud surface is growing faster than manual review teams can handle it.

Where this goes from here#

The trajectory is toward more sophisticated synthetic identity construction. AI tools that generate consistent identity packages, pass document generation that produces convincing forgeries, and deepfake generation that passes biometric checks are all becoming more accessible and cheaper. The cost curve of sophisticated fraud is falling.

The compliance response needs to outpace that curve. That means moving the detection logic earlier in the customer lifecycle, connecting signal across institutions, and building infrastructure that can be updated as attack patterns evolve without requiring full re-implementation.

For fintechs and banks expanding in LATAM, the compliance stack is not just a regulatory cost. It is a competitive variable. The institutions that can onboard faster with lower fraud loss rates have a structural advantage. The ones that are still running KYC as a point-in-time document check are building that advantage for their competitors.

Gu1 builds the compliance and fraud prevention infrastructure that handles this at the transaction level, in real time, across Brazil, Mexico, Argentina, Colombia, and Chile. If synthetic fraud is a problem your team is actively working on, the architecture we have built for this is worth a conversation.