Entrust, Onfido Report Map 2025 Fraud Trends

Entrust and Onfido’s 2025 Identity Fraud Report chronicles how 2024 will be remembered as the year digital manipulation overtook the physical before showing us the trends that will dominate in 2025.

The increased availability and ease of use of advanced technologies like AI lower barriers to entry and allow more criminals to stage sophisticated attacks. That, and improved internet communication, fosters idea sharing, increasing the use of multiple attack vectors.

In 2024, digital methods replaced physical ones for document creation, with digital forgeries increasing 244% year-over-year. AI and a surge in Fraud-as-a-Service (FaaS) providers contribute to this, which also leads to increases in synthetic identity creation, where fraudsters create entirely new identities through combinations of real and fake IDs.

As AI becomes more available, it has naturally been applied to crime. Fraudsters use tools like GenAI to create phishing emails and deepfakes  (via face-swapping technology).

“There’s a general consensus that AI is increasing the scale and sophistication of fraudulent attack vectors,” the report states. And this shows up in the data…deepfakes now account for 40% of all biometric fraud.” There is one deepfake attempt every five minutes in 2024.

Criminals are selling their skills to others. In addition to FaaS, they offer Ransomware-as-a-Service and Phishing-as-a-Service. This, in combination with ease of use, has spawned legions of amateur criminals edging into what was once the exclusive territory of organized groups.

How the Pandemic Changed Everything

The COVID-19 pandemic forced folks online. Initially, this meant prominent online industries were most targeted, but as the pandemic wore on, most companies without much of an online presence rushed one out, leaving them vulnerable. Fraud became more globalized, whereas it previously was a 9-5, Monday-Friday effort.

At the pandemic’s height, 75% of merchants reported online fraud growth. With hybrid workforces now normalized, IT teams faced new challenges in providing security outside their walls. Successful ones responded by employing zero-trust strategies containing encryption and multi-factor authentication. In 2024, these processes were increasingly AI-driven.

The Top 3 Fraud Targets

Cryptocurrency, lending and traditional banking are the top three fraud targets. According to the FBI, 2023 crypto fraud losses rose 45%, topping $5.6 billion. In 2024, nearly one in 10 (9.5%) of customer onboarding attempts were fraudulent. As Bitcoin’s value surges, so will fraud attempts. 2025 should see more regulation.

As living costs and interest rates rise, so will lending fraud. That should compel lenders to beef up verification processes. Those higher rates can lead to consumer-focused lending scams.

Fraudulent onboarding attempts at traditional banks are up 13% in 2024, likely due to economic conditions and increased cash rewards, lending and credit opportunities that come with bank accounts.

The Most Targeted IDs

Which identification types do fraudsters most use? India’s National Tax ID is the most popular target. National IDs from Pakistan, Bangladesh, South Africa and France. French, Italian, Philippine and UK/Northern Irish passports round out the top 10.

Video biometric fraud is rising, with selfie-based solutions being easy targets. Providers find that biometric checks that include active liveness elements are harder to bypass

“They raise the barrier of entry for fraud by enforcing a live capture, meaning fraudsters must resort to more sophisticated methods of attack, such as deepfakes, to impersonate someone,” the report states. “This is why deepfakes make up such a large percentage (40.80%) of fraud attempts across video biometrics.

“However, active liveness solutions are more robust against these types of attacks. They can analyze multiple frames to better detect anomalies that arise from deepfakes. Organizations that incorporate a liveness biometric check into their defences are better protected not only against lower-sophistication fraud that can easily be performed at scale but also against rapidly evolving deepfake technologies – for holistic protection against fraud.”

New(ish) Fraud Terms

Synthetic identity fraud: New identities are created through combinations of real and fake personally identifiable information (PII).

Identity manipulation: Authentic PII elements are adjusted slightly to create a new fake identity.

Identity compilation: Actual and fabricated PII data elements are compiled together to form a new identity

Identity fabrication: A new fake identity is created without the use of any genuine PII

Deepfake creation: Using face-swap apps and other software available online to create realistic deepfakes to attempt to open fraudulent accounts or gain unauthorized access to existing accounts

Voice spoofing: Creating new or replicating voices of other individuals – for example, to bypass vocal recognition software

Generating text and image content: GenAI tools make it easier to create text and image content, such as phishing email templates, from scratch

Data scraping: Automating the scraping and collecting of enormous amounts of data for use in synthetic identity creation or credential stuffing

Bots: For credential stuffing (where bots use stolen account credentials to gain unauthorized access to user accounts) or to automate the submission of loan or credit card applications using stolen or synthetic identities

Regulation is coming

The United States has no comprehensive AI legislation, though a recent executive order (The Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence) lays the groundwork. The White House Blueprint for an AI Bill of Rights is also in development. Several proposed regulations target deepfakes.

The European Union is a leader in AI regulation with its EU AI Act, 2024, where most provisions come into effect on Aug. 2, 2026. The United Kingdom proposes a principles-based regulation founded on safety, security, and robustness; appropriate transparency and explainability; fairness; accountability and governance; and contestability and redress.

Zero-Trust, CRQCs, Behavioral Biometrics and Passports

Financial services firms are urged to adopt zero-trust strategies featuring regular AI-powered biometric identity verification, identity and access management, multi-factor authentication, and digital signing.

Just as industries adapt to quantum computing, they must prepare for cryptographically relevant quantum computers (CRQCs).

“CRQCs will break the conventional encryption we rely on today to help keep users and data secure, ushering in the post-quantum (PQ) era,” the report states. “The good news is that, according to Entrust’s 2024 State of Zero Trust & Encryption Study, 61% of IT and IT security practitioners report that their organizations are planning to migrate to PQC within the next five years.”

Look for increased use of electronic IDs, which are intended to function across multiple jurisdictions and systems. The European Digital Identity Regulation seeks to design a system that can be used in any member country. Globally accepted standards must be developed.

Behavioral biometrics will be increasingly used to target fraud. They combat bots, which, while effective, produce non-human patterns in mouse movement, keystroke velocity and touchscreen interaction.

The ICAO 2025 biometric passport seeks to leverage best practices for multi-sector biometric usage to deliver best practices for biometric system fairness, biometric presentation attack detection, standard fingerprint and facial image quality.

5 Best Practices

  • Be vigilant in knowing your customers and verifying identities.
  • Software development kits (SDK) can offer easier integration, better image quality, and fraud deterrence.
  • Screen for fraud throughout the lifecycle. Begin with strong onboarding, deploy biometrics at high-risk points and use bio-to-bio authentication for data storage.
  • Adopt zero-trust best practices.
  • Use AI-based solutions to fight AI-based fraud.


Sponsored Links by DQ Promote

 

 

 
Send this to a friend