Notifications
Clear all
Topic starter
10/06/2026 10:44 pm
TL;DR: Fraud attacks rose 180% last year as organised networks, synthetic identities, and AI agents intensified pressure across onboarding, payments, payouts, and cash-out, according to SumSub. The real problem is that fraud now behaves like a connected lifecycle, so identity controls must track trust, risk, and escalation across the full user journey.
NHIMG editorial — based on content published by SumSub: LLMjacking: How Attackers Hijack AI Using Compromised NHIs
By the numbers:
- Fraud attacks rose 180% last year as scammers’ tactics evolved.
- Only 5.7% of organisations have full visibility into their service accounts.
- NHIs outnumber human identities by 25x to 50x in modern enterprises.
Questions worth separating out
Q: How should security teams govern fraud risk across the full user journey?
A: Security teams should treat fraud as a lifecycle problem that begins at onboarding and continues through transaction authorisation, payout, and cash-out.
Q: Why do synthetic identities create more risk than simple fake accounts?
A: Synthetic identities can survive early checks, build a believable history, and then exploit the business once trust has been established.
Q: How can teams tell whether fraud controls are actually working?
A: Look for whether suspicious activity is being stopped before payout or cash-out, not just whether alerts are being generated.
Practitioner guidance
- Map controls to the full fraud lifecycle Document which signals and decisions protect onboarding, payment, payout, and cash-out.
- Tighten trust-building thresholds for new identities Review onboarding rules for synthetic identity risk, especially where a profile can accumulate credibility before it is asked to prove more than basic consistency.
- Correlate weak signals before escalating Use device, behavioural, and transaction patterns together so borderline cases are reviewed as a cluster rather than as isolated events.
What's in the full article
SumSub's full guide covers the operational detail this post intentionally leaves for the source:
- Scenario-by-scenario decision paths for chargebacks, payment fraud, and emerging AI-agent abuse
- Red flag checklists that show what to look for at onboarding, payout, and cash-out
- Actionable timelines for immediate response, next-step controls, and longer-term readiness
- A 2026 fraud forecast that helps teams plan controls before losses compound
👉 Read SumSub's guide to fraud scenarios across the 2026 fraud lifecycle →
Fraud lifecycle defence in 2026: are identity controls keeping up?
Explore further
11/06/2026 2:53 am
Fraud lifecycle defence is really identity lifecycle defence in disguise. Once fraud moves from a single event to a connected journey, the governance problem becomes trust continuity across identity proofing, transaction use, and payout. That is why identity teams cannot leave fraud entirely to downstream review functions. The practitioner conclusion is that fraud controls must be designed as lifecycle controls, not isolated checkpoints.
A few things that frame the scale:
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage, according to the Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which means many identity programmes still cannot see the accounts most likely to be abused.
A question worth separating out:
Q: What should organisations do when AI agents become part of the fraud problem?
A: Organisations should assume fraud can scale faster and with more variation when AI agents are involved. The response is to redesign reviews for machine-speed activity, use layered signals, and avoid relying on static thresholds that were built for human behaviour. The control model has to match the adversary's speed.
👉 Read our full editorial: Fraud lifecycle defence in 2026 needs stronger identity controls
