Notifications
Clear all
Topic starter
10/06/2026 10:38 pm
TL;DR: Fraud and compliance risk can change continuously across the customer lifecycle, and SumSub says its new risk scoring engine recalculates it in real time, with 76% of fraud occurring after onboarding and businesses losing an average of $300,000 per incident in 2024; static review cycles and manual checks struggle to keep pace with behaviour-driven risk.
NHIMG editorial — what this means for NHI practitioners
By the numbers:
- 76% of fraud occurs after onboarding, during user activities such as transactions, logins, and profile updates.
Questions worth separating out
Q: How should teams govern customer risk after onboarding?
A: Teams should treat onboarding as the start of assurance, not the end.
Q: Why do static risk rules fail in lifecycle monitoring?
A: Static rules fail because they assume identity risk is stable after the first check.
Q: How do you know if dynamic scoring is actually working?
A: Look for evidence that scores change when the underlying signals change and that those changes affect review priorities in a consistent way.
Practitioner guidance
- Separate onboarding assurance from ongoing risk governance Define different control objectives for identity proofing and post-onboarding monitoring so the same review logic is not reused for both stages.
- Weight behavioural signals with change control Document which factors can change a score in real time, who can alter those weights, and how policy changes are tested before release.
- Use post-onboarding triggers for review queues Build review triggers around logins, transactions, and profile updates rather than relying on account creation as the main checkpoint.
What's in the full announcement
Sumsub's full product announcement covers the operational detail this post intentionally leaves for the source:
- The weighting model for geography, transaction type, device, payment method, and behaviour
- How transaction tags map detected risks into low, medium, and high categories
- The no-code workflow for adjusting risk logic without developer input
- The way Sumsub frames alignment to FATF guidance and AMLA expectations
👉 Read Sumsub's announcement on dynamic risk scoring across the customer lifecycle →
Dynamic risk scoring for customer lifecycles: what IAM teams should watch?
Explore further
11/06/2026 2:44 am
Static onboarding checks are no longer enough to govern risk across the customer lifecycle. The article’s core claim is that fraud commonly appears after the initial identity decision, which means trust cannot be frozen at enrolment. Once behaviour changes during transactions or profile updates, the original risk view becomes stale. For identity teams, the lifecycle itself is the control surface, not just the entry point.
A few things that frame the scale:
- 62% of all secrets are duplicated and stored in multiple locations, causing unnecessary redundancy and increasing the risk of accidental exposure, according to The 2025 State of NHIs and Secrets in Cybersecurity.
- 91% of former employee tokens remain active after offboarding, leaving organisations vulnerable to potential security breaches.
A question worth separating out:
Q: Who should own risk-scoring decisions across fraud and compliance teams?
A: Ownership should sit across fraud, compliance, and IAM because the score informs all three domains. One team can define policy, but shared governance is needed for thresholds, exceptions, audit trails, and change control. Without that, the same score can trigger inconsistent actions and weaken accountability.
👉 Read our full editorial: Dynamic risk scoring exposes the limits of lifecycle-only controls
