By NHI Mgmt Group Editorial TeamPublished 2026-04-22Domain: Governance & RiskSource: Prove Identity

TL;DR: Bots and generative AI are industrialising marketplace abuse by creating synthetic identities, mimicking human behaviour, and adapting in real time, with Prove Identity citing a 300% rise in deepfake identity attacks and 85% of identity fraud involving GenAI. Point-in-time verification is no longer enough when trust is being attacked across the entire user lifecycle.


At a glance

What this is: This is an analysis of how bots and AI-powered synthetic identity fraud are pushing digital marketplaces away from static verification toward continuous trust controls.

Why it matters: It matters because marketplace IAM, fraud, and identity teams now have to govern trust signals across onboarding, login, and transaction flows, not just at a single verification step.

By the numbers:

👉 Read Prove Identity's analysis of bots and synthetic identity fraud in marketplaces


Context

Digital marketplaces are now dealing with a trust problem that starts before a user completes onboarding and continues long after the first login. Bots, synthetic identities, and AI-generated behavioural mimicry exploit environments built for growth, low friction, and fast transaction volume, which makes static verification feel increasingly narrow.

The primary identity issue is not just fraud volume. It is that identity can now be created, recycled, and adapted as a disposable asset, which forces marketplace teams to move from point-in-time checks to continuous assurance across consumer identity, account lifecycle, and transaction risk signals.


Key questions

Q: How should marketplaces handle bot traffic without hurting legitimate user experience?

A: Use risk-based controls that adapt to context instead of forcing every user through the same verification path. Combine device intelligence, behavioural patterns, and transaction context so low-risk users move quickly while suspicious sessions receive step-up checks. The goal is to keep friction targeted, not universal, so legitimate participation stays smooth.

Q: Why do synthetic identities make marketplace fraud harder to stop?

A: Synthetic identities are harder to stop because they are not dependent on a single stolen credential or one obvious signal. They can be built to satisfy document checks, mimic behaviour, and spread across many accounts. That means teams need joined-up identity, fraud, and lifecycle controls rather than isolated point solutions.

Q: What do security teams get wrong about fraud prevention in marketplaces?

A: They often treat fraud as a point-in-time event instead of a lifecycle behaviour. That leads to controls that work at onboarding but fail during repeat use, account recycling, and transaction abuse. The better question is whether the platform can maintain trust after the first successful verification, not just during it.

Q: Who is accountable when synthetic identities enter a marketplace?

A: Accountability usually sits across fraud, identity, and product teams, which is why ownership needs to be explicit. IAM and fraud operations must share the same trust signals, while product teams need to understand which experiences can tolerate step-up checks. If ownership is fragmented, abuse will exploit the gaps between teams.


Technical breakdown

Why point-in-time verification fails against adaptive fraud

Point-in-time verification assumes the identity decision is mostly settled at onboarding or login. That model breaks when attackers can change their behaviour after each challenge, imitate real-user interaction patterns, and reuse synthetic identities across many attempts. In practice, static rules and document checks are weak against systems that learn from feedback and adapt mid-session. The technical failure is not only false negatives, but also control brittleness: once a fraudster understands the threshold, they work around it rather than through it.

Practical implication: treat verification as a continuous control loop, not a one-time gate.

How bots and synthetic identities reinforce each other

Bots provide the scale and speed, while synthetic identities provide the believable surface. A bot can create accounts, probe controls, test credentials, and replay human-like interactions at a rate that manual fraudsters cannot match. Synthetic identity data then makes those sessions harder to distinguish from legitimate users. This creates a compound threat where automation handles volume and generative AI handles credibility, which is why marketplaces see both account creation abuse and downstream transaction fraud.

Practical implication: correlate behavioural signals with identity provenance before trusting either one on its own.

Why continuous trust infrastructure is now the governance baseline

Continuous trust infrastructure means the platform keeps evaluating identity confidence across the lifecycle, using persistent signals rather than a single verification event. That includes device reputation, behavioural consistency, session anomalies, and transaction context. For marketplaces, this is less about adding friction and more about sustaining assurance while users move from registration to purchase to repeat activity. It is a governance shift as much as a technical one because trust decisions are now operational, not episodic.

Practical implication: align fraud, IAM, and product teams around lifecycle-based trust decisions.


NHI Mgmt Group analysis

Disposable identity is the new marketplace abuse model. The article shows that fraud is no longer about a stolen account alone. It is about identities that can be created, cycled, and discarded faster than governance can certify them. That changes the problem from perimeter fraud detection to lifecycle trust management, and practitioners should treat repeated identity reconstitution as a control failure, not a nuisance.

Point-in-time verification was designed for a pre-AI trust model. Static onboarding checks assume the risk decision happens once and stays valid long enough to matter. That assumption fails when bots adapt after each challenge and synthetic identities can pass one control while failing none of the others. The implication is that marketplace assurance has to be measured across sessions, not just at entry.

Bot scale and GenAI realism create a compounding fraud surface. Automation without realism produces noisy abuse, while realism without automation is too slow to matter. Combined, they produce persistent, distributed manipulation of marketplace trust signals, which is exactly why simple rule tuning no longer holds. Practitioners should read this as a warning that single-signal fraud controls are structurally brittle.

Continuous trust infrastructure is becoming the governance layer for consumer identity. Marketplaces now need policies that connect authentication, behavioural analysis, and transaction risk into one lifecycle view. That is where consumer IAM, fraud operations, and platform integrity meet. Teams that keep these functions separate will keep discovering abuse only after users or revenue have already been affected.

From our research:

  • 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage, according to Ultimate Guide to NHIs.
  • 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, which shows how often trust controls are bypassed in practice.
  • Persistent abuse patterns also connect to lifecycle failure, as only 20% have formal processes for offboarding and revoking API keys, according to Ultimate Guide to NHIs.

What this signals

Disposable identity: marketplace teams should treat account creation, reuse, and abandonment as one governance problem rather than three separate fraud events. When synthetic identities can be manufactured at scale, the control question shifts from detection at entry to confidence across the full lifecycle, which is exactly where traditional onboarding checks run out of road.

With 79% of organisations having experienced secrets leaks and 77% of those incidents causing tangible damage, the broader lesson is that trust infrastructure fails when identity artefacts are treated as static. Marketplace operators should expect more abuse to arrive through distributed, low-and-slow identity manipulation rather than single obvious takeover events.

The forward-looking programme move is to connect fraud telemetry with identity governance and transaction controls in one operating model. That means reviewing how 52 NHI Breaches Analysis patterns map to consumer identity abuse, and using that evidence to design controls that are continuous rather than episodic.


For practitioners

  • Map trust decisions across the full user lifecycle Identify where your platform makes trust decisions at onboarding, login, checkout, and post-transaction review, then document the signals each decision depends on. Replace isolated checks with a lifecycle map so fraud teams can see where synthetic identities bypass one control and reappear in another. Use the mapping to prioritise the highest-risk gaps first.
  • Correlate behavioural and provenance signals Do not rely on behavioural biometrics or document checks in isolation. Combine device reputation, session consistency, phone or email validation, velocity, and transaction context so one clean-looking signal cannot override a weak identity history. This is especially important when bots are mimicking human cadence and response timing.
  • Introduce adaptive risk scoring for repeat interactions Raise or lower risk dynamically as users move through the marketplace, especially when the same identity pattern appears across multiple accounts, devices, or geographies. Feed those scores into step-up review, challenge logic, and transaction throttling rather than using a fixed rule at the point of entry.
  • Separate low-friction UX from low-assurance trust Minimise user friction without assuming that every reduction in friction is neutral. Establish explicit control thresholds for when a seamless journey remains acceptable and when the platform should ask for additional proof, especially for high-value listings, repeated promotions, or unusual transaction behaviour.

Key takeaways

  • Marketplace fraud is becoming a lifecycle trust problem, not just an onboarding problem.
  • Synthetic identities and bots combine scale with realism, which makes static verification increasingly brittle.
  • Teams need continuous trust infrastructure that joins identity, behavioural, and transaction signals across the user lifecycle.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0, NIST SP 800-63 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Non-Human Identity Top 10NHI-01Bot abuse and synthetic identity handling align with NHI visibility and governance gaps.
NIST CSF 2.0PR.AC-1Marketplace trust decisions map to access and authentication controls across the user lifecycle.
NIST SP 800-63SP 800-63BThe article centres on identity proofing and authentication in consumer flows.
NIST Zero Trust (SP 800-207)Continuous trust decisions reflect zero trust principles for session-level evaluation.

Inventory all non-human and synthetic identity touchpoints, then remove trust decisions that rely on a single signal.


Key terms

  • Synthetic Identity Fraud: Synthetic identity fraud is the creation of a believable but false identity using a mix of real and fabricated attributes. In marketplace environments, it bypasses isolated verification checks because the identity can be tuned to satisfy the controls that are being tested.
  • Continuous Trust Infrastructure: Continuous trust infrastructure is the set of controls that keep reassessing identity confidence throughout a session and across the lifecycle. It combines behavioural, device, and transaction signals so trust does not depend on a single moment of verification.
  • Bot Abuse: Bot abuse is automated interaction designed to manipulate workflows, exhaust controls, or exploit platform rules at scale. In identity-heavy environments, bots are dangerous because they can simulate legitimate behaviour while testing the boundaries of fraud detection and authentication systems.
  • Identity Lifecycle: Identity lifecycle is the full progression from creation to use, review, and retirement of an identity. For marketplace systems, the lifecycle matters because abuse often appears after initial verification, when controls weaken and identities are reused, recycled, or abandoned.

What's in the full article

Prove Identity's full blog covers the operational detail this post intentionally leaves for the source:

  • The article expands on the specific behavioural patterns bots now use to imitate real users across marketplace flows.
  • It adds the concrete fraud statistics Prove cites from its State of Identity research and related market data.
  • It explains how continuous trust infrastructure changes verification, authentication, and transaction decisions across the user lifecycle.
  • It outlines why marketplaces face a structural friction-versus-abuse trade-off that implementation teams need to resolve.

👉 Prove Identity's full blog covers the fraud patterns, statistics, and marketplace trust implications in more detail.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an IAM, fraud, or identity governance programme, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2026-04-22.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org