Notifications
Clear all
Topic starter
10/06/2026 10:38 pm
TL;DR: Fraud is shifting from convincing people to manipulating systems, with attackers using camera injection, emulator farms, AI-driven tactics, and reverse-engineered onboarding flows to evade layered defences, according to SumSub. Traditional controls are increasingly brittle when the adversary studies workflows, not just users.
NHIMG editorial — based on content published by SumSub: an episode on how fraud is shifting from human deception to system manipulation
Questions worth separating out
Q: How should security teams stop fraud rings from reverse engineering onboarding flows?
A: Security teams should treat onboarding as an attack surface and minimise predictable decision paths.
Q: Why do camera injection attacks matter for identity assurance?
A: Camera injection attacks matter because they compromise the signal source, not just the person being verified.
Q: How can teams tell whether AI-driven fraud controls are keeping up?
A: Teams should measure how quickly fraud patterns are detected, validated, and pushed into controls compared with how fast attackers adapt.
Practitioner guidance
- Harden onboarding against workflow reconstruction Map every branch, fallback, and exception in your identity proofing journey, then remove predictable paths that let attackers rehearse the process.
- Test liveness controls against spoofed capture Run controlled exercises for camera injection, replayed video, and other signal substitution techniques to see whether liveness checks still distinguish a live subject from a fabricated input.
- Correlate device trust with session behaviour Tie device reputation, emulator detection, and behavioural signals together before allowing high-risk actions.
What's in the full article
SumSub's full episode covers the operational detail this post intentionally leaves for the source:
- Maikel Ninaber’s firsthand examples of how attackers test fraud systems as structured workflows rather than isolated checks.
- Discussion of camera injection attacks and emulator farms in the context of real-world defence operations.
- The conversation’s practical examples of how layered defences behave when fraud is automated and scaled.
- The interview perspective on cross-industry collaboration and resilience when identity abuse moves at machine speed.
👉 Read SumSub's episode on machine-speed fraud and system manipulation →
System manipulation and AI-driven fraud: what IAM teams need to know?
Explore further
11/06/2026 2:45 am
Fraud has become workflow abuse, not just identity spoofing. The article shows that the decisive target is now the sequence of checks, exceptions, and fallback decisions that make up onboarding and fraud detection. When attackers can reverse engineer that sequence, the control failure is structural rather than tactical. Practitioners should treat identity workflows as attack paths, not administrative plumbing.
A few things that frame the scale:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to The 2026 Infrastructure Identity Survey.
- 67% of organisations still rely heavily on static credentials despite the risks they pose to agentic AI deployments, according to The 2026 Infrastructure Identity Survey.
A question worth separating out:
Q: What should organisations do when fraud moves faster than manual review?
A: Organisations should move high-risk decisions toward real-time, risk-based evaluation and reserve manual review for escalation rather than first-line gating. Manual queues cannot be the primary defence when attackers operate at machine speed. The right response is to automate detection, shorten feedback loops, and route only the ambiguous cases to humans.
👉 Read our full editorial: Fraud moves at machine speed as systems become the target
