TL;DR: Fraud in 2026 is shifting from manual social engineering to automated deepfakes, injection attacks, and agentic AI that can bypass identity checks at scale, according to Oz Forensics. Visual trust and one-time biometric verification are no longer enough when attackers can industrialize fraud across thousands of sessions.
NHIMG editorial — based on content published by Oz Forensics: Fraud Trends 2026: Countering the Industrialization of Attack Vectors
By the numbers:
- The Deloitte Center for Financial Services projects that Generative AI could facilitate fraud losses reaching $40 billion by 2027 in the U.S. alone.
- Gartner predicts that by 2026, 30% of enterprises will consider identity verification solutions unreliable in isolation due to this threat.
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.
Questions worth separating out
Q: What breaks when identity verification only checks whether a face looks real?
A: The control fails when attackers can inject synthetic video, automate retries, or combine real personal data with AI-generated media.
Q: Why do deepfakes and agentic AI make onboarding risk harder to control?
A: Deepfakes supply convincing content, while agentic AI supplies speed and persistence.
Q: How do security teams know whether liveness detection is actually working?
A: They should test for replay, injection, emulator, and virtual camera scenarios, then measure whether the system blocks those inputs consistently across devices and app versions.
Practitioner guidance
- Instrument the full biometric capture path Monitor the application pipeline for emulator hooks, virtual camera artefacts, and injected video streams so the control does not depend solely on what the camera appears to see.
- Add adversarial testing for synthetic identities Red-team onboarding flows with deepfakes, face swaps, replayed video, and scripted agent behaviour to find which signals still pass when the attacker can iterate automatically.
- Align fraud and IAM ownership at account creation Define who owns account issuance, step-up review, and post-verification monitoring when synthetic identities bypass initial checks.
What's in the full report
Oz Forensics' full article covers the operational detail this post intentionally leaves for the source:
- The article breaks down the financial fraud projection model behind the 2026 threat outlook.
- It explains the injection attack mechanism and how malware manipulates the biometric capture pipeline.
- It outlines the specific biometric stack components Oz Forensics says counter virtual camera and emulator abuse.
- It describes the CEN/TS 18099 testing context and the passive liveness approach discussed in the source.
👉 Read Oz Forensics' analysis of industrialized fraud, deepfakes, and injection attacks →
AI-generated fraud and injection attacks: are your controls keeping up?
Explore further
Visual trust is no longer a governance control. The article correctly shows that human-eye verification collapses once attackers can synthesize faces, voices, and video in real time. That is an identity governance problem, not just a fraud problem, because many programmes still treat manual review as a backstop for trust. Practitioners should reclassify visual confirmation as a weak signal and move to layered verification that assumes adversarial media.
A question worth separating out:
Q: Who is accountable when synthetic identity fraud passes onboarding controls?
A: Accountability should sit jointly with identity verification, fraud, IAM, and application owners because the failure crosses multiple control domains. If a fraudulent account becomes an access path, the organisation has a lifecycle governance problem as much as a fraud problem. Control ownership must extend beyond the first approval step.
👉 Read our full editorial: Industrialized fraud is breaking legacy identity verification controls