Notifications
Clear all
Topic starter
10/06/2026 10:33 pm
TL;DR: AI-driven fraud attacks increased 180% year on year globally in 2025, according to Sumsub’s Identity Fraud Report, while static KYC is losing effectiveness against deepfake impersonation and remote onboarding fraud. Continuous identity assurance is becoming a lifecycle control, not a one-time checkpoint.
NHIMG editorial — based on content published by Sumsub: MEXC and Sumsub’s partnership on AI-driven identity fraud and continuous verification
By the numbers:
- AI-driven fraud attacks increased 180% year-on-year globally in 2025.
Questions worth separating out
Q: How should security teams handle AI-driven identity fraud in remote onboarding?
A: They should treat onboarding as the start of identity assurance, not the end of it.
Q: Why do static KYC controls fail against AI-generated impersonation?
A: Static KYC fails because it assumes identity proof is durable after the initial check.
Q: What breaks when identity verification is treated as a one-time event?
A: Fraudsters can exploit the gap between acceptance and later review.
Practitioner guidance
- Replace one-time KYC with lifecycle verification gates Tie additional identity checks to account recovery, high-value trading, beneficiary changes, and other behaviour that increases fraud risk.
- Add biometric liveness to high-risk onboarding paths Require liveness checks where impersonation risk is highest, especially for remote onboarding and cross-border user flows.
- Use source-of-funds checks as a fraud signal, not just a compliance task Treat source-of-funds validation as a trigger for deeper review when account behaviour, deposit patterns, or transaction velocity diverge from the expected profile.
What's in the full article
Sumsub's full article covers the operational detail this post intentionally leaves for the source:
- How its AI-powered verification suite combines ID checks, liveness, database validation, and source-of-funds review in one workflow
- How MEXC frames continuous identity verification across the user lifecycle rather than as a one-time onboarding control
- How risk-based workflows adapt verification decisions to user behaviour and operational thresholds
- How the partnership positions identity assurance alongside AML and KYC obligations in a high-volume trading environment
👉 Read Sumsub's analysis of AI-driven identity fraud and continuous KYC →
AI-driven identity fraud: what continuous KYC changes for teams?
Explore further
11/06/2026 2:38 am
Static onboarding trust is no longer a durable identity assumption. AI-driven fraud makes the first verification decision too weak to carry the whole relationship, because attackers can now produce passable identity signals on demand. In governance terms, the problem is not just fraud volume. It is that the old assumption of stable trust after initial KYC no longer holds. Practitioners should treat identity as something that degrades under adversarial pressure, not something that remains valid until manually revoked.
A few things that frame the scale:
- Two-thirds of enterprises have endured a successful cyberattack resulting from compromised non-human identities, with a quarter encountering multiple attacks, according to The 2024 ESG Report: Managing Non-Human Identities.
- 46% confirmed, 26% suspected of organisations have experienced a breach of non-human identities, which shows how often identity compromise remains partially invisible at first detection.
A question worth separating out:
Q: Who is accountable when continuous identity checks are missing?
A: Accountability usually sits with the product, security, and compliance owners jointly, because the failure spans verification design, fraud monitoring, and regulatory obligations. In regulated digital asset environments, teams need clear ownership for step-up checks, review thresholds, and exception handling so no one assumes another function is managing the risk.
👉 Read our full editorial: AI-driven identity fraud is forcing continuous KYC for crypto platforms
