Identity verification systems are struggling with synthetic fraud
Fake and expired IDs keep showing up in routine customer transactions, from alcohol purchases to credit card applications. The problem shows up most often in industries that depend on fast onboarding and remote transactions, where identity checks rely heavily on scanned documents and automated workflows.
Intellicheck analyzed nearly 100 million identity verification transactions collected through its cloud-based verification service during 2025. The company said the dataset covers about half of the adult population in the U.S. and Canada.
Across all transactions, 97.85% of IDs passed verification on average. That number hides major differences by industry and use case, with some sectors showing much higher failure rates.
The report separates failures into two main categories, expired IDs and failed IDs. Expired IDs can indicate operational issues, stolen credentials, or poor customer hygiene. Failed IDs can indicate attempted fraud or synthetic identity activity.
“In talking to CEOs across multiple market verticals, I find the biggest misconception is the assumption that if the ID looks real it is real,” Bryan Lewis, CEO at Intellicheck told Help Net Security. “This false sense of security defies the reality.”
Lewis also argued that organizations sometimes respond to identity fraud by adding friction across the entire customer base.
“Because they don’t know what is available they overcomplicate,” he said. “Complication means you can treat the 99.5% of good people as if they are the .5% who are bad.”
What counts as a failed ID
The report lists several reasons an ID can fail. Examples include barcodes missing hidden authorization data, barcode data that does not match the printed information on the license, and uploads that appear to be digital copies. The report also includes biometric mismatch checks, where identity verification systems detect that the person presenting the ID photo does not match the person attempting the transaction.
The researchers tied the growth of synthetic identity fraud to the increasing use of AI tools, which can generate convincing fake documents that pass casual inspection.
“The biggest risk I see in the next 12 to 18 months is the growing and advancing use of AI. AI is creating fake people, fake voices, and fake documents. Bad actors are using these capabilities to open accounts, take over existing accounts, and impersonate real people in places like bank branches,” Lewis said.
Alcohol sales remain a top fraud channel
Alcohol retail saw the highest rate of failed identity verification in Intellicheck’s dataset, with 15.1% of retail alcohol ID checks failing. The report found that alcohol-related fraud attempts were far more common in traditional retail settings than in channels where customers expect stricter ID enforcement, such as delivery services or stadium and event sales.
Cannabis transactions showed a much lower failure rate, which researchers linked to consumer behavior and access patterns that reduce the need for underage buyers to present IDs at regulated retail points of sale.
Online-only banks show elevated risk
Financial institutions remain a major target for identity fraud due to access to credit, account funding, and cash movement. A successful fraudster can monetize a single fake or synthetic identity for tens of thousands of dollars before detection, making the sector a frequent target.
Online-only retail banks recorded the highest rate of failed identity verification among the financial institution categories in Intellicheck’s dataset. The report also found elevated failure rates across businesses serving underbanked consumers, including check cashing, payday lending, subprime lending, and lease-to-own services. More traditional banking channels, along with buy now, pay later providers and title insurance, showed lower levels of failed verification activity.
Researchers connect higher fraud activity in underbanked financial services to limited credit history, which reduces the effectiveness of traditional risk scoring.
Lewis said identity verification teams need to focus on leading indicators, not downstream financial losses.
“I believe the metric that should be tracked the closest by vertical is the identity verification failure rate,” he said. “By the time losses materialize, it’s too late. You have already fallen victim.”
He pointed to first payment defaults as one example, where fraudsters open accounts using fake identity credentials and never make a payment.
“Now look at that scenario from the point of view of a bank, a car dealership or a title insurance company,” Lewis said. “It’s staggering.”
Retail credit cards create high-volume exposure
Retail branded credit cards had a 1.6% failure rate. That number appears small compared to other categories, yet the report describes it as a major loss driver because the volume of retail credit card verifications reaches tens of millions of transactions.
Fraudsters use fake or stolen identities to open new accounts and request account lookups tied to existing customers. The report describes account lookups as a pathway for account takeover attempts. Card-not-present account lookup attempts used fake IDs four times as often as attempts to open new accounts.
Lewis said organizations often underestimate the impact of a seemingly low failure rate when the transaction volume is high.
“In our data, a 2.15% failure rate may sound small at first glance but dig a little deeper, and the enormity of the impact becomes apparent,” he said. “Look at that failure across tens of millions of transactions. That represents hundreds of thousands of potential fraud attempts.”
Lewis added that fraud exposure also extends beyond direct financial loss.
“And let’s not forget that underlying these numbers are real clients and when you break the bond of trust, you are now seeing a multiple in losses,” he said.
Password resets are becoming a fraud gateway
Password resets have become a growing identity verification use case, driven by account takeover threats tied to email and social media accounts.
Intellicheck reported a 158% year-over-year increase in password reset verification transactions. The failed identity verification rate in that category was 2%. Email account takeover can give attackers access to private messages, password reset workflows, and multi-factor authentication codes delivered through email.
AI-driven fraud pushes verification beyond templates
AI tools are being used to produce synthetic IDs that are difficult for humans to spot. Lewis said attackers are already using AI and large language models to generate documents that can bypass basic checks.
“AI and LLM can create fake ID’s that can easily pass the templating test, old methods don’t work and ID verification service providers can’t rest on their laurels,” Lewis said. “For example, continuing to use templating as a viable solution is short-sighted.”
He said identity verification systems need layered controls and real-time decisioning.
“Technology solutions must be multi-layered and provide real-time results,” Lewis said.
Lewis also said the regulatory response will likely focus on document security and data protection expectations.
“Adding additional security to ID documents will become paramount,” he said. “We are also seeing increasing scrutiny on Capitol Hill in Washington, D.C. where legislators are asking pointed questions about how data is being collected and used and how it is being protected.”
Download: Strengthening Identity Security whitepaper