Notifications
Clear all
Topic starter
10/06/2026 10:36 pm
TL;DR: 40% of global businesses reported fraud victims, while sophisticated fraud rose 180% year over year to 28% of detected attacks, underscoring why firms are being pushed to demonstrate KYC, AML and fraud controls more visibly, according to SumSub. Public recognition may shape trust, but it does not replace governance, evidence, or continuous assurance.
NHIMG editorial — based on content published by Sumsub: Risk-intolerant badges and fraud exposure survey findings
By the numbers:
- 40% of global businesses reported being victims of fraud.
- The share of sophisticated fraud has increased by 180% over 2024-2025, reaching 28% of all detected attacks.
Questions worth separating out
Q: How should security teams use public trust badges without overclaiming assurance?
A: Use them as a visibility signal, not as proof of continuous control.
Q: Why do fraud and compliance programmes need shared identity governance evidence?
A: Because the same identity events often support both fraud detection and regulatory assurance.
Q: When does a public recognition programme become a governance risk?
A: It becomes a risk when the recognition is reused as a substitute for operational proof.
Practitioner guidance
- Separate recognition from assurance evidence Keep badge or certification claims distinct from the operational controls that generated them.
- Map fraud controls to identity governance controls Link KYC, AML, account verification, and fraud monitoring to a single governance view so teams can see where the same identity data supports multiple risk decisions.
- Track AI-driven fraud patterns as governance inputs Feed emerging fraud techniques into incident review, policy tuning, and access-risk reporting.
What's in the full article
Sumsub's full article covers the operational detail this post intentionally leaves for the source:
- The badge tiers and evaluation labels used to distinguish recognised companies
- The sectors eligible for assessment, including fintech, crypto, gaming, edtech, and mobility
- The disclaimer language that limits what the recognition does and does not guarantee
- The exact positioning of the Risk Intolerant project inside Sumsub's trust and compliance narrative
👉 Read Sumsub's analysis of the Risk Intolerant trust registry and fraud survey →
Risk-intolerant badges: what they mean for compliance teams?
Explore further
11/06/2026 2:41 am
Public trust badges are becoming a governance layer, not just a marketing layer. Once a company turns fraud and compliance posture into a visible signal, it creates a new accountability surface for the identity programme. The badge is not the control, but it does force teams to prove that the control story is coherent across KYC, AML, fraud monitoring, and audit evidence. The practitioner conclusion is simple: if you cannot evidence the control, you cannot safely externalise the claim.
A few things that frame the scale:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to The 2024 ESG Report: Managing Non-Human Identities.
- Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months.
A question worth separating out:
Q: How can teams tell whether fraud controls are actually keeping up?
A: Look for evidence that detection, investigation, and policy updates are moving at the same pace as attack change. If new fraud patterns appear repeatedly in incident reviews but never change governance controls, the programme is reactive rather than adaptive.
👉 Read our full editorial: Risk-intolerant badges turn compliance into public identity proof
