Notifications
Clear all
Topic starter
10/06/2026 10:37 pm
TL;DR: Identity fraud grew 180% year over year and multi-step attacks rose from 10% to 28% of all cases, according to Sumsub's Identity Fraud Report 2025-2026, showing that one-time verification is no longer enough across the customer lifecycle. Continuous, real-time identity controls now matter more than static checks when AI-powered fraud adapts mid-flow.
NHIMG editorial — based on content published by Sumsub: its analysis of the World Economic Forum Unicorn Community and AI-driven identity fraud
By the numbers:
- Sophisticated fraud grew 180% year over year.
- 10% in 2024 to 28% in 2025 of, from 10% in 2024 to 28% in 2025 of all identity fraud.
- Sumsub works with more than 4,000 clients worldwide.
Questions worth separating out
Q: How should IAM teams respond to multi-step identity fraud?
A: They should move from single-point verification to continuous trust evaluation across onboarding, recovery, and downstream activity.
Q: Why do AI-powered fraud campaigns weaken one-time verification?
A: Because the attacker can use AI to adapt artefacts and tactics after the first check, then keep exploiting the account or session later.
Q: How do security teams know if continuous identity verification is working?
A: Look for a reduction in fraud that progresses beyond first-touch checks, plus faster escalation of risk scores when behaviour changes.
Practitioner guidance
- Add post-onboarding risk evaluation Monitor identity behaviour after initial verification so account recovery, transaction changes, and device shifts can trigger re-assessment.
- Correlate fraud signals across sessions Link device reputation, document anomalies, behavioural telemetry, and transaction patterns into a single review path.
- Stress-test for AI-generated impersonation Exercise customer verification flows against deepfake-style media, synthetic identity artefacts, and fast retry patterns.
What's in the full analysis
Sumsub's full report covers the operational detail this post intentionally leaves for the source:
- Deep breakdown of the identity fraud typologies driving the 180% year-over-year growth in sophisticated attacks.
- Lifecycle examples showing how multi-step fraud moves from onboarding into account abuse and money movement.
- Discussion of AI-powered fraud tactics such as deepfakes, synthetic identities, and coordinated mule activity.
- Context on how non-document verification and reusable identity are being used in higher-risk onboarding scenarios.
👉 Read Sumsub's analysis of AI-driven identity fraud and lifecycle risk →
AI-driven identity fraud: what it means for IAM teams?
Explore further
11/06/2026 2:44 am
Identity fraud has become a lifecycle problem, not a verification problem. The article shows why one-time onboarding checks fail once attackers can move from initial impersonation to later-stage abuse. That shift matters because the control boundary is no longer the application login screen, it is the full customer journey. Practitioners should treat fraud as a continuing governance issue across identity, session, and transaction layers.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which means many teams cannot even prove where identity risk is concentrated.
A question worth separating out:
Q: What is the difference between static onboarding checks and lifecycle identity assurance?
A: Static onboarding checks validate identity at a single entry point. Lifecycle identity assurance keeps evaluating trust after the user is admitted, using session, device, and transaction evidence. That difference matters because modern fraud often appears after the initial check, not before it.
👉 Read our full editorial: Identity fraud is shifting to multi-step AI attacks
