TL;DR: Three rising identity fraud patterns are emerging in 2025: generative AI video reenactments, serial fraud through reused biometrics and PII, and organised account takeover using the same devices across sessions, according to Incode. The finding underscores that verification systems need cross-session analysis, device intelligence, and real-time correlation, not one-step checks alone.
NHIMG editorial — based on content published by Incode: Identity Fraud trends to watch in 2025
By the numbers:
- Fraud in the USA has seen growth by 0.8%, which was contributed by this emerging type of attack.
- A single phone was used to create 10 or more accounts within a short timeframe.
Questions worth separating out
Q: What breaks when identity verification only evaluates one session at a time?
A: Single-session verification misses repeated biometrics, reused documents, and device continuity.
Q: Why do reused devices and biometrics increase fraud risk in onboarding flows?
A: Reused devices and biometrics are strong indicators that multiple applications may be controlled by the same actor or fraud ring.
Q: How can identity teams tell whether liveness checks are actually working?
A: Look for adversarial cases that still pass when motion is synthetic, partial, or replayed from a static image.
Practitioner guidance
- Deploy cross-session biometric correlation Link faces, documents, names, and device fingerprints across attempts so repeated identity material is surfaced even when each session looks valid on its own.
- Raise step-up scrutiny for repeated devices Flag devices that create multiple accounts, especially when the timing, location, or behavioral pattern suggests assisted onboarding or organised abuse.
- Blend liveness with behavioural telemetry Use camera, motion, submission cadence, and device trust together so generative reenactments do not rely on a single acceptance signal.
What's in the full article
Incode’s full blog covers the operational fraud signals this post intentionally leaves at a higher level:
- Detailed examples of video reenactment and liveness spoofing patterns observed by the Fraud Lab
- The multi-signal detection logic used to combine biometric, device, and behaviour trust
- Operational distinctions between serial fraud, assisted onboarding, and account takeover
- How the team uses cross-frame video analysis to distinguish legitimate motion from spoofing
👉 Read Incode’s analysis of 2025 identity fraud trends and detection signals →
AI reenactments, serial fraud, and device reuse: what teams must watch?
Explore further
Biometric fraud has become a cross-session governance problem, not a point-in-time verification problem. The article shows that repeated faces, reused documents, and device continuity are now part of organised fraud tradecraft. That means the control objective is entity linkage over time, not just one-off identity proofing. Practitioners should treat reuse detection as a core trust function, not a back-office tuning exercise.
A question worth separating out:
Q: Who is accountable when fraudulent onboarding becomes account takeover later?
A: Accountability sits across identity verification, fraud operations, and IAM because the original trust decision can propagate into access. If onboarding accepts a compromised identity, later authentication and recovery processes inherit that risk. Governance should assign clear ownership for proofing, detection, and lifecycle reassessment so no stage can claim the problem belongs elsewhere.
👉 Read our full editorial: Identity fraud is shifting to AI reenactments and device reuse