
Synthetic data is an artificially generated dataset that reproduces the statistical properties and inter-variable correlations of the original data without using any real personal information. Its defining characteristic is that while it has a realistic distribution indistinguishable from genuine customer data, it contains no information linked to specific individuals.
The target audience for this article is personnel and data scientists responsible for developing and operating AI models at microfinance institutions (MFIs) and financial institutions. It is intended for those seeking to build credit scoring models while grappling with compliance with privacy regulations and insufficient data.
After reading this article, you will understand the following 3 points.
Conclusion: Synthetic data is a promising option for financial AI development that can simultaneously address privacy regulation compliance and data scarcity.
In credit scoring development, the legal risks associated with acquiring and using real data, along with constraints on data volume, tend to present significant barriers. Synthetic data is attracting attention precisely because it can alleviate both of these challenges at once.
In developing credit scoring models, it is easy to assume that "using real customer data will improve accuracy." In practice, however, cases have been reported where using real data directly for training gives rise to regulatory violations and the risk of information leakage.
The main risks financial institutions face when handling real data are as follows:
In Japan as well, following the full enforcement of the amended Act on the Protection of Personal Information (May 30, 2017), the provision of training data to third parties that does not meet the standards for anonymously processed information has become subject to regulation.
Given these constraints, model development that relies on real data simultaneously carries regulatory compliance costs and the risk of information leakage.
The first stumbling block in developing credit scoring models is the problem of an absolute shortage of training data and class imbalance. At MFIs, the number of loans issued is inherently small, and default cases in particular often account for only a few percent of the total, creating a structural challenge in which models tend to be biased toward classifying cases as "normal repayment."
Synthetic data addresses this problem through the following 2 approaches:
A useful decision-making guideline to keep in mind is the following: if a certain amount of real data exists and imbalance is the primary issue, it may be possible to address this through minority class synthetic augmentation alone. On the other hand, if real data itself is extremely scarce, an approach that combines overall data volume augmentation with minority class augmentation is effective.
However, if the synthetically augmented samples do not accurately reflect the original distribution, model accuracy will actually decline. It is a prerequisite not to skip quality validation after generation.
"We have too little actual loan screening data for an AI model to train on"—this is the barrier that many MFI practitioners encounter first. Synthetic data offers several concrete practical benefits in addressing this challenge.
Reduction of regulatory compliance costs When real data is taken outside the organization to external vendors or development environments, compliance with GDPR pseudonymization requirements and each country's data localization regulations becomes necessary. Since synthetic data does not inherently contain personally identifiable information, it tends to significantly reduce the legal risks and review workload associated with data sharing.
Amplification of the minority class (default cases) In MFI loan portfolios, the number of defaults is often extremely small compared to the number of normal repayments. By artificially increasing default cases through synthetic data generation, models become better able to learn rare patterns.
Shortening of development cycles Collecting, anonymizing, and obtaining approval for real data can take anywhere from several weeks to several months. By leveraging synthetic data, a dataset of sufficient volume can be prepared from the prototype stage, enabling faster model validation cycles.
Smoother data sharing across teams Since data science teams and system development teams can securely share the same synthetic dataset, work fragmentation caused by access restrictions is less likely to occur.
Conclusion: The quality of synthetic data generation is largely determined by the preparation stage before work begins. Establishing three prerequisites—source data quality, privacy requirements, and selection of generation methods—leads to ensuring model reliability.
The quality of synthetic data is directly dependent on the quality of the source data. It is tempting to think that "just feeding it into a generation tool will somehow work out," but in reality, the Garbage In, Garbage Out principle applies just as strictly to synthetic data. The accuracy of preprocessing has a significant impact on model performance in downstream processes.
The first thing to check in quality assessment is the distribution of missing values. Unless you distinguish between Missing At Random (MAR) and Missing Not At Random (MNAR)—where missingness is skewed toward specific attributes—synthesizing data with MNAR patterns will carry over the biased distribution as-is. Additionally, input errors and temporary outliers mixed into repayment records and transaction amounts must be removed in advance, as synthetic models will learn these outliers as "correct patterns." A problem that is easy to overlook in credit scoring is class imbalance, where default cases account for only a few percent of the total. Starting synthesis without quantitatively understanding the degree of imbalance will significantly reduce the reproducibility of the minority class. Furthermore, recording the correlation structure among variables such as income, outstanding loan balances, and repayment history in a correlation matrix allows it to be used as a baseline for verifying that "the structure has not been broken" after synthesis.
Concrete preprocessing steps include: standardizing notation formats such as date formats and currency units (e.g., inconsistencies in Lao Kip (LAK) notation); determining imputation policies for missing values on a per-variable basis (whether mean, median, or model-based imputation is appropriate depends on the nature of the variable); and deciding, based on business rules, whether to remove outliers or round them via upper/lower bound clipping. If these decisions are left ambiguous, the problems will not surface at the synthesis step but will instead appear only at the final model evaluation stage as unexplained performance degradation.
Before beginning synthetic data generation, it is important to clearly define which privacy protection level must be satisfied. Deferring requirements definition creates the risk of discovering after generation that regulatory requirements are not met, necessitating rework.
The following two primary protection methods should be understood:
The choice of protection method varies by use case. Differential Privacy is appropriate when synthetic data is intended for external provision or sharing with research institutions, while k-Anonymization may suffice for cases limited to internal model training.
Additionally, GDPR Recital 26 states that "anonymized data falls outside the scope of the GDPR." However, it should be noted that the standard for "anonymization" is high, and pseudonymisation does not place data outside the scope of the GDPR.
"Not knowing which generation method to choose" is one of the first obstacles encountered when introducing synthetic data in practice. Since the prerequisites and areas of strength differ by method, selection based on project requirements is essential.
The primary methods and selection guidelines are as follows:
The following three criteria should be evaluated during selection:
Conclusion: Synthetic data generation proceeds in 3 steps: "source data analysis → model selection → quality verification."
After accurately understanding the statistical characteristics of the source data, select the appropriate method from GAN, VAE, or statistical models, and verify quality after generation from both fidelity and privacy protection perspectives.
A "just get started" approach to synthetic data generation tends to fail. In practice, carefully understanding the statistical properties of the original data before moving to the generation step significantly improves the final quality.
Here is a summary of the items to verify first.
Compiling these findings into a "data profile sheet" serves as a decision-making reference when selecting a generative model in Step 2.
One area that warrants particular attention is the handling of correlation structure. Attempting to reproduce distributions for each variable independently tends to produce skewed samples that do not reflect real-world lending decision logic. It is important to use pair plots and correlation matrices to identify variable pairs with strong dependencies in advance.
Finally, when the original dataset is small, the accuracy of statistical property estimates is inherently lower. Recording the "uncertainty of estimates" will therefore prove useful during post-generation quality evaluation.
The choice of generation method varies considerably depending on the size and characteristics of the data at hand. Broadly, there are three families of approaches: GAN-based methods, VAEs, and statistical models.
GANs (Generative Adversarial Networks) generate samples close to the original data distribution through a competitive training process between a Generator and a Discriminator. CTGAN and TVAE have an established track record with tabular financial data. VAEs (Variational Autoencoders), through their architecture of compressing data into a latent space and reconstructing it, can smoothly reproduce continuous distributions, making them well-suited to credit scoring data with high rates of missing values. Statistical models (copulas, Bayesian networks, etc.) explicitly model the dependency structure between variables; their high interpretability makes them a good fit for MFIs that are required to produce explanatory documentation for regulatory compliance.
The choice between these approaches depends on data volume and infrastructure. If training samples number in the tens of thousands or more and a GPU environment is available, GAN-based methods tend to deliver high fidelity. For datasets of a few thousand records or fewer where interpretability is a priority, statistical models such as copulas yield more stable results.
On the implementation side, the Python library SDV (Synthetic Data Vault) and the open-source version of Gretel.ai both provide CTGAN, TVAE, and GaussianCopula in a single package, making them accessible options even for small teams like those at MFIs.
"How can we tell whether the synthetic data we've generated is actually usable?"—this is a question that frequently arises in practice. Quality validation is fundamentally conducted along three axes: fidelity, diversity, and privacy.
Checking Fidelity
Verify that the statistical properties of the original data and the synthetic data are consistent.
Checking Diversity
Confirm that the synthetic data adequately covers minority classes and outliers present in the original data.
Checking Privacy
NIST SP 800-226 recommends quantitative evaluation of the privacy parameter ε (epsilon) when assessing differential privacy guarantees. Please verify risk from the following perspectives.
Conclusion: Synthetic data does not end at generation—how it is combined with real data and the choices made in model selection ultimately determine predictive accuracy.
When training credit scoring models using synthetic data, three factors are key: feature engineering, the mixing ratio of data, and algorithm selection. Each step is explained in turn below.
It is tempting to assume that feeding synthetic data directly into a model will improve accuracy, but in practice it is more effective to clarify how synthetic data will be used during the feature design stage. Even if the generated data accurately reproduces the original distribution, combining features without regard to their meaning tends to make it difficult to improve a model's generalization performance.
The basic approach to feature engineering is as follows.
In the MFI context, there is a growing trend toward incorporating alternative data from customers without formal bank accounts—such as mobile phone payment history and group loan repayment records—as features. Because real-data sample sizes for such alternative features tend to be small, this is an area where supplementing with synthetic data is particularly effective.
The proportion of synthetic data to mix in is a critical design decision that affects a model's generalization performance.
When sufficient real data is available, keeping the synthetic data ratio relatively low and limiting its use to distribution supplementation is considered a stable starting point. On the other hand, in early-stage situations where real data is extremely scarce, or in class-imbalanced scenarios where default cases are rare, an approach that significantly raises the synthetic data ratio to correct class balance is effective.
The following is a practical procedure for determining the ratio.
One important caveat: the higher the synthetic data ratio, the more likely the model is to learn the "synthetic distribution," increasing the risk of divergence from the actual applicant distribution. For this reason, the final determination of the mixing ratio is premised on composing the validation set exclusively from real data. Since including synthetic data in the validation set leads to overestimation, strictly separate the data sources used for the training set and the validation set.
The mixing ratio is not a fixed value and should be reviewed periodically in accordance with the state of data accumulation.
The question of "if we train on synthetic data, which model is actually usable in practice?" is the first obstacle encountered during the implementation phase.
The fundamental criteria for model selection lie in balancing three factors: interpretability, accuracy, and data volume.
Logistic regression allows loan officers and regulatory authorities to easily understand the model, as its coefficients directly indicate the influence of each feature. It also has the advantage of being less prone to overfitting against the subtle noise characteristic of synthetic data. However, it has difficulty capturing nonlinear relationships between variables, which can limit credit score separation performance in some cases.
Gradient boosting (XGBoost, LightGBM, etc.) tends to have an advantage in default prediction accuracy, as it can automatically learn nonlinear patterns and interactions between variables. On the other hand, without the concurrent use of explainability tools such as SHAP values, the internal logic becomes opaque, requiring additional effort from a regulatory compliance perspective.
The selection criteria can be summarized as follows:
Note that when evaluating a model trained on synthetic data against real data, higher model complexity makes it more susceptible to the effects of distribution shift.
Even if accuracy is high, if privacy risks remain, the value of using synthetic data is cut in half. Conversely, if privacy protection is made too strict, the model's discriminative power deteriorates to the point where it can no longer withstand real-world operation. Since these two factors are in a trade-off relationship, evaluating accuracy metrics such as AUC and KS statistics separately from privacy risk metrics tends to lead to judgments that are biased toward one side or the other. In the following sections, we will examine each evaluation method in detail.
When evaluating a model trained on synthetic data, choosing the wrong accuracy metrics makes it easy to overlook a model that "looks good but is actually unusable." While it is tempting to judge solely by Accuracy at first, credit scoring with low default rates is affected by class imbalance, so combining three metrics—AUC, KS statistic, and PSI—provides a more accurate picture of actual performance.
AUC (Area Under the ROC Curve) indicates the model's overall ability to distinguish between defaulting and non-defaulting customers. Values closer to 1.0 indicate higher discriminative power, while 0.5 is equivalent to random. For models trained on synthetic data, comparing AUC against models trained on real data only allows you to confirm the effectiveness of the synthetic data.
KS Statistic (Kolmogorov-Smirnov Statistic) measures the maximum divergence between the cumulative distribution functions of the default group and the non-default group in the score distribution. A larger value indicates clearer separation between the two groups, making it an important metric in credit scoring practice.
PSI (Population Stability Index) quantifies the shift in score distribution between training time and production deployment. The main decision criteria are as follows:
A membership inference attack is a technique by which an attacker observes a model's outputs to infer "whether or not a specific individual's data was used in training." Even when training with synthetic data, if the statistical characteristics of the original data are retained to an excessive degree, this risk may persist.
The basic procedure for attack testing is as follows:
Conditional branching is important when interpreting test results. If the attack success rate falls within the random baseline range (around 50%), it can be considered acceptable; however, if the success rate is notably high, it is necessary to either set a smaller ε (epsilon) value for differential privacy or revisit the synthetic data generation parameters.
NIST SP 800-226 organizes the relationship between differential privacy assurance levels and synthetic data, with the privacy parameter ε serving as the benchmark for risk assessment. A smaller ε value strengthens privacy protection, but creates a trade-off with data utility (fidelity), so adjustment must be made in light of the accuracy requirements of credit scoring.
Conclusion: The pitfalls of using synthetic data can be distilled into two points: "overfitting" and "insufficient reproduction of minority classes." Knowing these countermeasures in advance can prevent model degradation before it occurs.
In credit scoring development using synthetic data, certain failure patterns tend to repeat themselves. The following H3 sections address the two major challenges — model degradation due to distribution shift and insufficient reproduction of default cases — and explain how to avoid each.
The more a synthetic dataset strives to be a "faithful copy" of the original data, the more likely it is to break the model. This is analogous to perfectly memorizing a recipe yet being unable to handle the subtle variations in actual ingredients.
When a generative model overfits to the original data, the synthetic data ends up with a distribution nearly identical to it. A scoring model trained on such data has effectively "rote-learned" the statistical properties of the original dataset, resulting in severely degraded generalization performance on new application data encountered in production.
The problem of distribution shift (Covariate Shift) must not be overlooked. When the feature distributions diverge between synthetic data and real production data, the model learns patterns that do not exist in reality. Typical symptoms include a high AUC during training followed by a sharp drop in the KS statistic in the production environment, a PSI (Population Stability Index) exceeding its threshold requiring frequent model retraining, and unnaturally skewed approval rates for specific age groups or occupational categories. Once these signs begin to appear, it becomes difficult to determine whether the root cause lies in the "quality of the synthetic data" or the "model architecture," making early detection critical.
Preventing overfitting and distribution shift requires countermeasures at both the generation stage and the evaluation stage.
After generating synthetic data, it is tempting to think "we have more samples now, so we're fine" — but in reality, it is the reproduction quality of default cases (the minority class) that determines model accuracy.
In credit scoring datasets, customers who become unable to repay often account for only a few percent of the total, making class imbalance a structurally persistent condition. If the statistical characteristics of these default cases are not adequately captured during synthetic data generation, the following problems cascade:
To avoid this problem, it is effective to use conditional generation targeting only default cases — such as the class-conditioning settings in Conditional GAN or CTGAN — to deliberately oversample the minority class. After generation, be sure to check not only the AUC but also the F1 score and KS statistic for the minority class.
Furthermore, if the number of default cases in the original data is extremely small (fewer than a few dozen), the generative model itself risks overfitting. In such cases, consider supplementing the original data with external open data sharing similar attributes or with domain expert knowledge before proceeding with generation.
Conclusion: Synthetic data is an effective means of simultaneously addressing privacy regulation compliance and resolving insufficient training data. However, without correctly following each step of generation, evaluation, and operation, achieving both accuracy and compliance is difficult.
The key points covered in this article are summarized below.
As indicated by GDPR Recital 26, properly anonymized synthetic data has the potential to significantly relax regulatory constraints. On the other hand, if the design of the generation process is inadequate, the risk of re-identification of the original data remains. Since regulatory requirements vary by region and industry, it is recommended to proceed in coordination with legal and compliance departments.
For financial institutions in emerging markets, including MFIs in Laos, the less historical data available, the greater the benefit synthetic data tends to provide.
Chi
Majored in Information Science at the National University of Laos, where he contributed to the development of statistical software, building a practical foundation in data analysis and programming. He began his career in web and application development in 2021, and from 2023 onward gained extensive hands-on experience across both frontend and backend domains. At our company, he is responsible for the design and development of AI-powered web services, and is involved in projects that integrate natural language processing (NLP), machine learning, and generative AI and large language models (LLMs) into business systems. He has a voracious appetite for keeping up with the latest technologies and places great value on moving swiftly from technical validation to production implementation.