By NHI Mgmt Group Editorial TeamDomain: Identity Beyond IAMSource: RiskifiedPublished August 27, 2025

TL;DR: Fraudsters are using AI, deepfakes, voice cloning, phishing kits, and fake documents to bypass KYC and fuel account takeovers, APP fraud, and cash-out schemes across crypto, remittance, and precious metals, according to Riskified and Deloitte. Identity data and transaction-pattern analysis now matter more than static screening because trust signals are easier to fabricate than behaviour.


At a glance

What this is: This is a Riskified analysis of how AI-powered fraud is weakening traditional KYC controls in alternative finance and why identity data and transaction behaviour are becoming more reliable trust signals.

Why it matters: It matters because IAM, fraud, and identity verification teams need controls that can detect fabricated identities and manipulated onboarding journeys without slowing legitimate customers.

By the numbers:

👉 Read Riskified's analysis of AI-powered KYC fraud in alt finance


Context

Know Your Customer controls were designed to verify identity at onboarding, but they now face a threat environment shaped by AI-generated deception and industrialised fraud services. In alt finance, the problem is not only whether a customer can present convincing documents, but whether the signals behind the application can still be trusted.

This is an identity verification and fraud-governance problem as much as a financial crime problem. When deepfakes, voice cloning, and synthetic documents become cheap to produce, the boundary between KYC assurance and fraud detection narrows, and programmes need stronger linkage between identity evidence, behavioural signals, and transaction context.


Key questions

Q: How should financial platforms handle KYC when AI can fake identity evidence?

A: Treat KYC as a multi-signal decision, not a document check. Combine identity evidence with device reputation, behavioural patterns, transaction context, and historical customer data so one convincing artefact cannot carry the whole trust decision. That approach is more resilient when AI can generate believable documents, voices, and personas.

Q: Why do alternative finance platforms need behavioural signals for fraud detection?

A: Because static identity proofs can be copied or synthesised, while behaviour is harder to fake consistently at scale. Transfer timing, proxy use, language patterns, and location changes often reveal obfuscation that onboarding documents miss. Behavioural signals help distinguish a real customer from a polished fraud workflow.

Q: What do teams get wrong about KYC and fraud prevention?

A: They often assume a strong onboarding check means the trust problem is solved. In reality, KYC only answers part of the question, and fraudsters increasingly attack the gap between identity verification and post-onboarding activity. Controls need to continue after account creation and adapt to changing risk signals.

Q: How should compliance and fraud teams respond when AI-assisted identity fraud increases?

A: They should update risk appetite, escalation paths, and review thresholds together rather than treating fraud as a back-office exception. When AI-enabled deception becomes common, faster approvals must be balanced against loss limits, stronger monitoring, and clearer ownership for suspected synthetic identities.


Technical breakdown

How AI is breaking traditional KYC screening

Traditional KYC assumes the reviewer can reliably compare a person, a document, and a declared identity against known records. AI tools weaken that assumption by generating convincing images, voices, and document artefacts that can survive superficial checks. Fraud-as-a-service then turns those capabilities into repeatable workflows, lowering the effort needed to open accounts, take over accounts, or move money through regulated platforms. The operational challenge is not just scale, but realism: the fraud artefacts increasingly resemble legitimate onboarding evidence.

Practical implication: teams need verification controls that test for consistency across signals, not just document authenticity.

Why transaction context outperforms static identity proofs

Identity data becomes more valuable when it is correlated with transaction behaviour, device signals, network patterns, and known customer history. Static proofs such as selfies, documents, and one-time checks can be copied or generated, but the surrounding behavioural context is harder to fake at scale. Platforms that understand typical transfer timing, geolocation shifts, proxy usage, and language patterns can detect obfuscation that would otherwise pass onboarding review. This is especially relevant where money moves instantly and reversal windows are short.

Practical implication: fuse onboarding checks with behavioural analytics so suspicious applications are judged in context, not in isolation.

Fraud-as-a-service turns KYC bypass into an operational supply chain

The article points to a market in which scammers buy or rent tools, kits, and services rather than building attacks alone. That changes the defence model because the threat becomes modular, repeatable, and easier to scale across platforms and geographies. Once fake documentation, phishing kits, voice cloning, and deepfake media are packaged for reuse, the same evasion pattern can hit multiple institutions with minor variation. Defenders are no longer facing one-off deception; they are facing a service economy built to industrialise fraud.

Practical implication: tune fraud detection for repeatable patterns of abuse and share indicators across onboarding, payments, and case management teams.


Threat narrative

Attacker objective: The attacker wants to gain trusted access to financial accounts and move money out of the platform before controls or recovery processes can stop the transaction.

  1. Entry begins with AI-generated or black-market identity artefacts, including deepfakes, fake documents, phishing kits, or cloned voices used to pass KYC review.
  2. Escalation occurs when the fraudster opens, takes over, or validates accounts that can move funds through crypto, remittance, or precious metals platforms.
  3. Impact follows when the attacker cashes out, launders money, or executes APP fraud at scale through platforms that accepted synthetic trust signals as real.

NHI Mgmt Group analysis

KYC is no longer a single-event identity check, it is a continuous trust problem. AI-generated documents and cloned voices undermine the assumption that onboarding evidence is inherently human-authored and therefore trustworthy. In practice, the control boundary has moved from verifying a document to validating the consistency of identity signals over time. Practitioners should treat KYC as a living assurance process, not a one-time gate.

Identity data becomes a fraud control when it is correlated with behaviour, device, and transaction context. The article correctly shifts the emphasis away from static proof and toward signals that are harder to fabricate at scale. That is the right direction for modern IDV and fraud programmes because a convincing persona is not the same thing as legitimate customer behaviour. Practitioners should link onboarding risk scoring to post-onboarding monitoring.

Fraud-as-a-service creates a repeatable evasion pattern, which means defences must look for reusable abuse methods rather than single bad actors. The problem is not only sophistication, but commoditisation. When black-market tooling makes bypass techniques portable, case teams need shared intelligence across channels, geographies, and product lines. Practitioners should align fraud detection with pattern-level response, not case-by-case intuition.

Alt finance platforms need governance that connects identity verification to financial risk appetite. Faster approvals can improve conversion, but the acceptance decision is now a risk decision, not just an onboarding decision. The governance question is whether teams can tolerate false accepts in the name of growth and still contain downstream loss. Practitioners should define acceptance thresholds jointly across fraud, compliance, and product teams.

Verification trust gap: the core failure is the widening gap between what KYC can observe and what fraudsters can now convincingly simulate. This gap is becoming a defining control issue for digital finance and identity verification. Practitioners should invest in controls that test trust, not just identity claims.

What this signals

Verification trust gap: as AI-generated artefacts become more convincing, identity verification programmes will be judged on how well they correlate signals rather than how well they inspect documents. That pushes fraud teams toward device, behavioural, and transaction context as primary trust inputs, while strengthening links to frameworks such as the NIST Cybersecurity Framework 2.0 where governance and detection need to work together.

The next maturity step for alt finance is not more friction everywhere, but smarter friction at the point where trust becomes economically valuable. Teams should expect greater pressure to distinguish legitimate acceleration from synthetic identity abuse, especially where instant money movement limits recovery options.

This also has a broader identity implication: as fraud operations become more automated, the evidence needed to approve a customer starts to resemble the evidence needed to govern a high-risk identity lifecycle. That makes cross-functional ownership between fraud, IAM, and compliance harder to avoid, particularly where account recovery and step-up verification are part of the same trust chain.


For practitioners

  • Strengthen signal correlation across onboarding Combine document checks, biometric or liveness checks where appropriate, device reputation, proxy detection, and transaction behaviour into one risk model so a convincing artefact does not pass on its own.
  • Raise the bar on identity evidence consistency Compare declared identity details against historical account patterns, language use, location signals, and payment behaviour to identify fabricated personas that look legitimate in a single review.
  • Tune case handling for AI-enabled fraud Update playbooks so analysts can recognise deepfake-driven onboarding, account takeover, and APP fraud patterns, then share those patterns across compliance, fraud, and payments teams.
  • Align acceptance policy with loss tolerance Set explicit thresholds for false accepts, manual review depth, and step-up verification so growth goals do not quietly override financial crime controls.

Key takeaways

  • AI-powered fraud is reducing the reliability of traditional KYC checks by making documents, voices, and personas easier to fake.
  • The scale of the problem is already material, with Deloitte estimating $4.6 billion in crypto scam losses in 2024.
  • Alt finance platforms need identity verification that blends behavioural context, transaction intelligence, and shared fraud governance.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack surface, NIST SP 800-63, NIST CSF 2.0 and NIST SP 800-53 Rev 5 set the technical controls, and GDPR define the regulatory obligations.

FrameworkControl / ReferenceRelevance
NIST SP 800-63SP 800-63AKYC and identity proofing align directly with digital identity proofing guidance.
GDPRArt.32Identity verification processing can involve personal data and security of processing duties.
NIST CSF 2.0PR.AC-1Identity proofing and access decisions rely on governance of authentication and trust.
NIST SP 800-53 Rev 5IA-2Identity verification and account access controls depend on strong authentication and assurance.
OWASP Non-Human Identity Top 10NHI-07Fraud workflows often rely on credentials and tokens that need lifecycle and misuse control.

Treat compromised or reused credentials as governance inputs and remove standing trust wherever possible.


Key terms

  • Know Your Customer (KYC): KYC is the process financial services and online platforms use to verify that a customer is who they claim to be. It typically combines document checks, identity evidence, and risk screening, but it must now account for synthetic media, fabricated documentation, and behavioural fraud signals.
  • Account Takeover (ATO): Account takeover is when an attacker gains control of an existing customer account and acts as the legitimate user. In fraud programmes, it often follows credential theft, social engineering, or identity deception and can be harder to detect than new-account fraud because the account already looks trusted.
  • APP Fraud: Authorised Push Payment fraud occurs when a victim is manipulated into sending money to an account controlled by an attacker. The payment is authorised by the victim, which makes recovery difficult and puts pressure on identity verification, confirmation flows, and behavioural controls.
  • Fraud-as-a-Service: Fraud-as-a-service is a criminal model in which attack tools, access, and expertise are sold or rented through underground markets. It lowers the barrier to fraud by packaging impersonation, phishing, deepfake creation, and account abuse into repeatable services that many actors can reuse.

What's in the full article

Riskified's full analysis covers the operational detail this post intentionally leaves for the source:

  • Examples of AI-enabled fraud patterns observed across alt finance channels and customer journeys.
  • The identity-data signals Riskified says help separate legitimate users from fabricated personas.
  • Operational guidance for improving approval rates without weakening fraud controls.
  • The latest Risk Rundown findings on new fraud risks in crypto, remittance, and precious metals.

👉 Riskified's full post covers the fraud patterns, identity signals, and platform risks in more operational detail.

Deepen your knowledge

The NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, identity lifecycle, and secrets management in a practitioner-focused format. It is suitable for security and identity teams that need to connect access governance with broader control design.
NHIMG Editorial Note
Published by the NHIMG editorial team on July 11, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org