The collapse of trust at the identity layer
Identity verification has become the latest front in the fight against industrialized fraud, according to a new report from Regula. The shift is visible across sectors that once relied on predictable verification routines. Criminals have learned to target the identity step itself, and the impact is spreading through financial services, healthcare, telecoms, crypto platforms, and aviation.
Deepfake impersonation becomes the primary threat
AI driven impersonation has moved into the mainstream. Deepfakes and synthetic identities have become frequent tools for attackers, especially in organizations that already face significant financial losses. These techniques allow criminals to slip through onboarding and account recovery flows using convincing faces, voices, and videos that evade both automated controls and human reviewers.
Fraudsters no longer rely on forged documents or simple spoofing. They introduce synthetic personas during verification, then operate under the appearance of legitimacy. This keeps them out of reach of later fraud checks that assume the user was correctly verified at the start.
“The challenge now is verifying authenticity in real time, not just identity,” said Henry Patishman, EVP of Identity Verification Solutions at Regula.
Organizations with low case volumes mostly deal with document fraud. As case volumes rise, attackers shift toward biometric fraud and social engineering. At high volumes, identity spoofing and deepfakes dominate. Attackers adapt as soon as they can automate their methods.
Tools that look strong on paper are falling behind
Many organizations still depend on MFA, behavioral biometrics, and basic biometric checks. These are useful for common threats but are not suited to advanced impersonation. The report shows a divide between what companies use and what they believe they should use.
Biometrics are the exception. They continue to grow in both adoption and demand. Sectors such as aviation and healthcare move toward biometric systems because identity checks in those environments must be fast and reliable. Banking and fintech also lean toward biometrics to counter synthetic identities.
Some firms are stepping back from behavioral biometrics in their future plans, preferring tools that are easier to audit and explain. Human review rises in specific regions with tight compliance cultures, though the broader trend points toward more automation rather than more manual oversight.
Automation stalls in the middle
Fraud teams continue to be measured by lagging indicators such as chargeback rates and cost of fraud. These metrics reveal how much damage has occurred, but they do not reveal whether preventive systems are improving.
Leaders are pushing for metrics that look ahead. They want to know if prevention is working, whether detection is faster, and whether customers trust the process. Without these indicators, fraud teams struggle to defend their budgets or show progress, even as attacks become more sophisticated.
Most organizations automate part of their verification process, but many remain stuck in the middle range. The report shows that firms want to move further, but hesitation persists.
Healthcare is pushing hardest toward higher automation. Fintech aims for fully automated flows to support growth. Banking remains split between cautious incumbents and aggressive challengers. Telecoms are shifting toward more automation to handle high volumes of identity attacks.
Partial automation leaves gaps. Attackers operate at machine speed, and every manual step gives them room to move. Slow reviews and fragmented workflows increase exposure.
Training programs fall short
Employee training appears strong on paper. In practice, most programs stop at awareness. Staff learn what deepfakes are but do not learn how to respond when one passes through a system.
A smaller group uses adversarial drills or ML driven exercises. Another group has no structured training at all. In both cases, teams remain unprepared for fast moving AI generated threats.
Teams say they need the opposite: simulations, continuous exposure to evolving attack methods, and training that builds reflexes instead of passive awareness.
Identity verification moves toward a larger role
Identity verification is expanding beyond a technical checkpoint. Firms expect it to integrate across customer service, marketing, operations, and product teams. Verification is becoming part of the customer experience and part of how companies manage trust.
The report points to a shift from scattered tools to coordinated systems. Organizations juggle too many vendors and too many workflows that do not connect. Integration gaps, uneven user experiences, and slow handoffs give attackers places to hide. A unified orchestration layer appears as the most consistent requirement across industries.
Identity verification is being rebuilt into trust infrastructure. Fraud and risk leaders face the task of consolidating systems and advancing automation while staying aligned with regulatory expectations. The organizations that accomplish this first will shape the next phase of digital trust.