Smarter Identity Verification in the Age of AI Fraud
By Joe Kaufmann, Global Head of Privacy and Data Protection Officer, Jumio
With AI tools readily available, cybercriminals have automated and industrialized identity attacks with surging velocity and volume. What once required time and effort is now carried out with AI pipelines capable of generating thousands of synthetic identities, manipulating real-time video feeds, and producing highly convincing deepfakes. Enterprises’ significant concern over the growing sophistication of these tactics makes sense. The natural reaction to equate more data with security? Not so much.
Many organizations, to stay ahead of sophisticated fraud, have turned to collecting more personal information during onboarding and authentication. Yet this approach often backfires. Expanding data collection increases the attack surface, heightens regulatory liability, and can introduce friction that harms the user experience. More data does not automatically translate into better fraud prevention. Instead, precision and availability of data signals turn minimal data into actionable intelligence.
AI Has Changed the Threat Model
Identity fraud has moved beyond isolated attacks to coordinated campaigns powered by accessible automation. What’s more, these operations are no longer confined to lone actors with advanced technical skills. Increasingly, fraud-as-a-service kits have lowered the barrier to entry.
According to one global study, 69% of consumers believe that AI-powered fraud now poses a greater threat to their personal security than traditional identity theft. More than 70% say deepfakes have made them more skeptical of the content they encounter online. In the U.S., 72% of respondents expressed concern that deepfakes could influence upcoming elections. Trust in digital identity is eroding at scale, and organizations are under growing pressure to act.
Deepfake-enabled fraud is also hitting enterprises. There have been increasing reports of AI-generated voices and synthetic video being used to impersonate executives, authorize payments, and deceive internal teams. As these threats scale, traditional identity checks are no longer sufficient. Relying solely on static biometrics or document verification cannot keep pace with the agility of modern attackers.
Three AI-Powered Attack Vectors Demanding Urgent Attention
Some of the most impactful and fast-growing AI-enabled fraud tactics include camera injection attacks, document manipulation, and synthetic identity creation.
Camera injection attacks exploit virtual video feeds or emulators to bypass real-time facial recognition checks. These tactics often present convincingly generated faces as live video, successfully defeating systems that lack robust liveness detection. In some cases, fraudsters also engage in background cloning, reusing the same visual backdrop across multiple ID submissions to exploit weaknesses in systems that don’t detect visual duplication.
A second threat vector is font and document manipulation. By subtly altering the fonts on government-issued IDs or modifying key fields, fraudsters create forged documents that are difficult for traditional OCR or template-based systems to detect. These variations often go unnoticed by human reviewers as well, making them an efficient avenue for bypassing static verification.
The third and perhaps most challenging tactic is synthetic identity fraud, which combines real and fictitious personal data to create entirely new identities. Fraudsters use real Social Security numbers paired with fabricated names and addresses. According to Deloitte, synthetic identity fraud is one of the fastest-growing forms of financial crime, and financial institutions are increasingly concerned about its ability to bypass risk-based onboarding controls.
These forms of fraud are often difficult to catch without adaptive systems that evaluate identities holistically, across behavior, network signals, device intelligence, and contextual anomalies.
Why Reducing Data Collection Can Improve Security
The instinct to gather more data to detect fraud is understandable, but increasingly counterproductive. Expansive data collection increases compliance obligations, such as those required under GDPR, CCPA, and evolving global AI regulations. It also creates tempting targets for data breaches, which continue to rise in cost and frequency.
An effective alternative is dynamic, risk-based identity verification. This method adapts verification intensity based on a real-time assessment of risk factors, such as transactional anomalies, device reputation, and location discrepancies. By tailoring the level of identity scrutiny to the specific context of the interaction, organizations can reduce friction for legitimate users while still maintaining high levels of fraud detection.
A 2024 global survey found that 75% of consumers would switch banks or financial providers if they felt the institution lacked sufficient protection against fraud. Trust is now a competitive differentiator, and minimizing the collection and storage of unnecessary personal data is increasingly seen as a privacy and security best practice.
A Smarter, Adaptive Model for Identity Trust
Adaptive identity systems can layer transactional analytics and liveness detection into a holistic fraud prevention strategy. The result is a recalibration of trust based on each user’s context and interactions over time. They detect changes in login patterns, device use, or transaction behavior, triggering additional authentication when anomalies appear. These methods don’t rely on static thresholds or one-size-fits-all verification flows. Instead, they adjust in real time, helping organizations stay ahead of adversaries without compromising the user experience.
The future of digital identity verification will be shaped by how well organizations balance intelligence and restraint. Fighting AI-enhanced fraud demands the use of equally advanced tools, but it also requires the discipline to resist overcollection. In doing so, organizations can protect users, maintain compliance, and build trust in a digital world where confidence is in increasingly short supply.