Sophisticated, industrialized fraud demands proactive identity defense

Fighting fraud is like fighting in the dark. That’s the metaphor put forward by a report from Signicat and a recent webinar. Ahead of its release, experts from Signicat and Red Goat Cyber Security revealed the depth of the challenge.

The picture shows fraudsters making use of increasingly sophisticated tools that can scale. In fact, the nefarious actors are pooling intelligence, sharing insights and working more cooperatively than the organizations they’re targeting.

A lack of data and siloed teams is creating exploitable gaps. Hence the title of the report: The Battle in the Dark 2025: Inside the Identity Fraud Gap. One of its clearest findings is the gap between confidence and reality.

For instance, 59 percent of businesses reported an increase in successful digital identity fraud in the last year. In banks, this number is as high as 64 percent. One in five transactions and customer onboardings were fraudulent, reported participants of the study.

Yet when the respondents are asked whether they believe they are winning the battle against fraud, 74 percent believe that they are. “How can both of these be true?” Pinar Alpay, the Chief Product and Marketing Officer at Signicat, asked rhetorically. “The answer lies in visibility.”

Fewer than half of businesses measure fraud’s impact, leaving them reliant on perception over data, Alpay said. As a result, they lack clarity on where vulnerabilities lie across the customer journey and which parts of their ecosystem are most at risk.

This creates a “dangerous blind spot” and the way criminals are operating is shifting and evolving. Fraud has evolved into a sophisticated, scalable industry, with some actors driving innovation. This was the alarming summary from Lisa Forte, co-founder of Red Goat Cyber Security, during the webinar.

Over the past four years, fraud has surged along with identity fraud. Groups are highly organized, adept at repurposing legitimate tools for malicious use, and skilled at exploiting internal gaps. Fragmented operations across AML, cybersecurity, and fraud teams create vulnerabilities that criminals readily exploit.

“They’re not really collaborating and what that does is it actually causes gaps within the organization and the criminals don’t think like that,” Forte said. “They don’t have this sort of siloed behavior when they’re working.”

The industrialization of fraud is driving innovation

Fraudsters now have unprecedented access to AI-driven toolkits, like custom GPT models, that enable them to build websites, generate scripts, and operate large-scale call centers dedicated to fraud. The barrier to entry has been lowered, which perhaps explains the surge, and defenders struggle to match the speed and scale of the fraud, making detection increasingly difficult.

“Cyber criminals and fraudsters are very data driven actually,” Forte said. “Nefarious actors are really, really good at sharing intelligence.”

These insights are echoed in a white paper from Shuftipro. The report, “The Critical 1%: Closing Systemic Gaps in Global Identity Verification,” reveals a costly blind spot in global identity verification systems. While providers claim 99 percent protection against common threats, the remaining one percent is being exploited.

Bad actors are taking advantage of outdated checks, fragmented regulations and inconsistent compliance. These actors use deepfakes, biometric spoofing and synthetic identities to bypass traditional defences, contributing to staggering losses: $40 billion annually from synthetic identity fraud and $410 million from deepfake-driven scams.

Criminals target fast-growing, weakly regulated sectors like crypto, Forex, iGaming and social media marketplaces. The paper introduces “Jack,” a fictional fraudster who capitalizes on systemic gaps. This includes unregistered births — with UNICEF estimating that 150 million children under five remain unregistered, with half concentrated in just five countries — and biometric vulnerabilities.

GAN-generated faces and forged documents with real barcodes routinely evade detection, while the lack of a unified global identity framework (despite ICAO’s Doc 9303) leaves many countries reliant on outdated, non-interoperable systems.

The fight against fraud is layered

Around 40 percent of all fraud occurs at the transaction stage, highlighting the urgent need to focus defenses there, said Forte. But if fraud is already breaching the perimeter, actions must be taken earlier — proactively identifying and dismantling domains and infrastructure used to facilitate attacks before transactions even take place.

Electronic IDs (eIDs) are designed to make online transactions safer, offering fraud prevention and enhanced privacy. Yet, like any technology, they come with vulnerabilities. The most prevalent forms of eID-related fraud include account takeover, synthetic identities, and deepfakes.

Alpay said that businesses typically combat fraud using profiling techniques such as mobile, email, and IP checks, alongside heightened security for high-risk transactions and manual reviews. However, fraudsters are highly adaptive with 80 percent of businesses reporting that attackers simply shift tactics in response to new defenses.

Signicat advises a four-pronged strategy. First, layered protection is essential; no single method is enough, and combining technologies effectively is key. Second, organizations must safeguard every stage, from onboarding and login to payment authorization and digital signatures, while prioritizing known weak points. Third, resilience against AI-driven threats is increasingly critical. And fourth, education remains vital, as staff and customers are often the weakest link in the chain. Awareness is essential to reducing identity fraud.

Mitigation, mitigation, mitigation

Mitigation starts with early risk assessments using behavioral analytics and geolocation, Signicat believes, followed by robust identity verification and authentication. Signicat’s global eID hub enhances this with additional risk data from both eIDs and proprietary sources. It recently launched ReuseID, a unified digital identity product that supposedly enables organizations to create, manage and reuse verified identities across their entire ecosystem on all platforms and in all countries.

Meanwhile, Shufti positions itself as a global solution to evolving identity fraud, combining adaptive AI, forensic document checks, and human oversight to detect and disrupt attacks. With a false acceptance rate of just 0.63 percent and KYC coverage in over 240 regions, it says its live-capture SDK turns verification into active defence.

The company stresses the importance of tailored tools. Its custom OCR handles complex scripts, with non-Western scripts (such as Arabic or Japanese) often posing a challenge, and validates diverse ID formats, including paper-based documents from countries like Myanmar.

A recent case in Japan highlights the effectiveness of layered security: while traditional systems missed a coordinated fraud attempt on a crypto exchange, Shufti claims its use of device fingerprinting, IP intelligence, and browser behavior analysis exposed the network. The takeaway is that static, compliance-only tools are insufficient. Closing the critical one percent gap requires intelligent, adaptive, and multi-layered defenses.

Article Topics

AI fraud  |  biometrics  |  digital identity  |  financial services  |  fraud prevention  |  identity verification  |  Shufti Pro  |  Signicat