UK Fraud Strategy considers business digital identity and IDV 

In a new fraud strategy, the UK government is showing its commitment in fighting fraud and the way it has evolved in the modern day.

For biometrics and digital identity, the full Fraud Strategy 2026-2029 text contains insights into how public offices and the private sector are collaborating and organizing to combat crime.

Identity verification, UK DIATF and business digital identity are included in the UK government’s official strategy, which is co-signed by the Home Secretary Shabana Mahmood, Labour MP, and Minister of State at the Home Office, Lord Hanson of Flint.

The Labour government is investing over £250 million (US$335 million) between 2026 and 2029 to deliver its anti-fraud strategy, noting that fraud against individuals and business is the largest crime type in the UK and cost the economy £14.4 billion ($19.3 billion) in 2023–2024.

The UK government now explicitly recognizes that fraud and cyber crime are tightly linked and mutually reinforcing. Almost half of all fraud is now online‑enabled, and criminals routinely use data from major breaches to create highly convincing phishing messages.

“The [UK] Government’s new Fraud Strategy rightly highlights how organised crime groups are exploiting digital platforms, AI tools and phishing attacks to operate at an unprecedented scale,” comments Ulf Ritsvall, CEO at Next Biometrics.

The strategy highlights phishing as the most common attack method, with organized crime groups using phishing kits, large language models and fraudulent QR codes to harvest personal and financial data. Overseas fraud networks are also becoming more sophisticated.

These criminal networks use VPNs, VoIP spoofing, AI‑generated deepfakes and hacked email accounts to hide their locations and manipulate victims. Many operate from structured call center‑style hubs, reflecting the industrial scale of modern fraud.

The government is working on closer collaboration between regulators, law enforcement, national security agencies, industry and nonprofit organizations to tackle fraud. It has also set up a new online crime squad to disrupt criminal gangs, with the new Online Crime Centre launching in April and backed by over £30 million ($40.1 million) in funding.

“The Government’s strategy is an important step, but success will depend on adopting technologies that make it much harder for criminals to pretend to be someone they are not,” Ritsvall says.

Looking to strengthen identity verification, but too slow an approach?

The strategy text highlights Southeast Asia as a center for fraud networks. The governments of the countries in this region have also worked to strengthen measures to combat the scourge of scams and fraud.

Thailand and Indonesia have introduced biometric verification for SIM card registration to curb identity theft and fraud. Vietnam is connecting its digital identity VNeID to a range of services, and requires mobile network operators to authenticate using biometric checks.

The UK is taking a more measured approach. The UK’s fraud strategy identifies vulnerabilities, including “relatively easy access” to UK phone numbers with minimal identity checks. “Weak verification processes and inconsistent compliance standards allow bad actors to present themselves as legitimate while operating anonymously,” it says.

To address these risks, the Home Office will work with Ofcom, law enforcement, intelligence agencies, and industry to launch a Call for Evidence this year on proportionate measures to reduce anonymity and strengthen accountability within the UK communications sector.

The government’s Call for Evidence is designed to gauge the scale of the problem and gather views on potential interventions. These could include licensing or registration requirements for companies providing access to UK networks, stronger KYC checks, limits on anonymous use, and improved law enforcement visibility.

Depending on the responses, the government and Ofcom plan to run a full consultation later in 2026 to expand the current regulatory framework in a proportionate way.

The Home Office is also developing plans for a secure digital system to manage UK telephone numbers. This would create the first central, real‑time database showing the status and ownership of numbers, helping telecom providers trace suspicious activity and block fraudulent calls before they reach users.

Government is considering digital identity for businesses

The government acknowledges that businesses and charities depend heavily on Companies House data to verify partners, suppliers and customers. However, the register has long operated on trust and this has allowed criminals to create fake companies or alter records.

Reforms under the Economic Crime and Corporate Transparency Act 2023 now require identity verification for directors, people with significant control and anyone submitting filings. The Registrar also has stronger powers to check, remove or reject information, share data, take enforcement action and strike off companies created for illegal purposes.

These measures are intended to improve the accuracy of the register and reduce misuse of UK corporate structures. Impersonation within supply chains remains a major threat. Criminals intercept emails and issue fake invoices, causing losses that can reach millions. To counter this, the government will require all VAT invoices to be issued electronically from April 2029, with a roadmap due at Budget 2026. Secure e‑invoicing is expected to reduce interception risks.

Ministers are also exploring digital company identities as a way to secure electronic identities and to support secure onboarding, transactions and compliance. It builds on work led by the Centre for Finance, Innovation and Technology and supported by HM Treasury and industry.

Recognizing AI deepfakes, synthetic media and passkeys

The strategy acknowledges that rapid advances in artificial intelligence bring both benefits and new security risks, such as the use of generative AI to produce deepfakes. The Home Office is working with DSIT, the Alan Turing Institute and other departments to create a framework for detecting synthetic media, including fake documents and audio.

As part of this effort, the government ran the Deepfake Detection Challenge in January to assess current capabilities and emerging threats. The Home Office will continue evaluating detection tools to ensure they remain effective as techniques evolve.

Ministers also recognize the growing risk of criminals using deepfakes and social‑engineering tactics to break into consumer and business accounts. Strong customer authentication and robust KYC and CDD processes remain essential, but the government says these must keep pace with changing threats.

To support this, HM Treasury will repeal existing Strong Customer Authentication technical standards so the FCA can adopt a more flexible, outcomes-based approach. This is intended to help firms deploy newer, more adaptive authentication technologies while applying proportionate checks for low‑risk transactions.

The National Cyber Security Centre will continue working with standards bodies and industry to speed up adoption of passkeys. The government is also going to promote best practice using NCSC guidance on strong authentication, including passkeys, and certified Digital Verification Services under the UK Digital Identity and Attributes Trust Framework.

Officials are encouraging regulators and financial institutions to use this guidance to strengthen anti‑money‑laundering controls. The aim is to align secure technology, clear standards and public awareness to create a safer digital environment.

HM Treasury and the Office for Digital Identities and Attributes (OfDIA) has put out guidance on digital ID for AML, but raised questions as well as addressing them.

Article Topics

AI fraud  |  AML  |  digital company ID  |  digital ID  |  identity verification  |  KYC  |  synthetic identity fraud  |  UK