The report finds that AI has rapidly reduced the cost, while increasing the scalability and quality of deepfake fraud.

In addition, as identity becomes part of the fabric of many essential applications, fraudsters increasingly attack the online ID capture pipeline itself, manipulating devices, operating systems, and verification sessions to try and bypass verification technology.

In 2025, nearly 90% of fraud blocked by Smile ID was triggered by mobile SDK signals rather than image analysis alone.

This reflects a decisive shift away from pure visual deception toward capture integrity.

How and where an identity is verified now matters as much as the image presented. In 2025, Smile ID saw more than 100,000 injection-style fraud attempts per month linked to emulators, virtual cameras, and manipulated environments, showing a shift from visual spoofing toward systematic interference with the ID verification process.

Authentication-related fraud attempts now exceed onboarding fraud by more than five times, confirming that identity risk has moved towards authentication.

Attackers are no longer focused on breaking in; they are operating within verified accounts, targeting login flows, account recovery, device changes, and high-value transactions.

AI-enabled automations allow attackers to reuse verified biometrics, take over accounts mid-journey, and move funds across platforms at scale.

This shift has transformed digital fraud from isolated cases of document manipulation into more sophisticated attacks by criminal networks abusing the structural vulnerabilities of mobile-first digital systems.

The findings are based on anonymised data from more than 200 million identity verification checks conducted in 2025 by Smile ID, spanning 37 industries in over 35 countries.

As shared infrastructure, Smile ID identifies systemic fraud patterns that transcend individual institutions. As it identifies risk and fraud signals, its machines and analysts add signals to its dynamic defense network, creating a network defence that protects all of its clients.

By leveraging a combination of traditional algorithms, controlled capture methods, and internally tuned LLMs, Smile ID’s privacy-preserving metadata surfaced hundreds of thousands of examples of coordinated abuse that otherwise may appear legitimate in isolation.

Key findings from the 2026 Digital Identity Fraud Report also include:

• Authentication fraud attempts are now 5x more common than at onboarding 
• Nearly 90% of fraud blocked by Smile ID in 2025 was triggered by mobile SDK signals, up from 68% in 2024
• Duplicate attempts those re-using stolen or fraudulent identity data, more than doubled year over year, and nearly tripled the combined prior 2023 & 2024 total.
• Deepfake-driven fraud is rising, with AI-generated biometric attacks appearing across multiple markets and industries, enabled by radically affordable tooling
• Injection attacks which bypass the camera entirely using synthetic or pre-recorded media, have been elevated to a central threat category in 2026

Mark Straub, CEO of Smile ID, said,

“Fraud is no longer a ‘KYC’ problem, it is a continuous cybersecurity challenge. AI enables fraudsters to operate at unprecedented scale and sophistication. Effective defence now requires network intelligence: By leveraging these privacy-preserving indicators throughout the customer lifecycle, we enable real-time adaptation. Identity has entered the security era, where ecosystem-wide protection is essential to safeguarding the individual.”

The Report can be found here.

As digital transactions continue to grow, the need for secure identity verification has never been more urgent.

In response, Ideco has launched its innovative Electronic Know Your Client (eKYC) solution, designed to safeguard both businesses and individuals from the rising threats of identity theft and fraud.

By providing real-time biometric verification and seamless integration with government records, Ideco’s eKYC solution plays a vital role in securing the future of identity protection.

By offering advanced biometric identification based on fingerprints and face, Ideco’s eKYC can empower every business to protect themselves and their customers against identity theft, financial crime, and regulatory non-compliance, while aligning with the global focus on identity protection and security.

The Identity Day (ID Day) Campaign seeks to gain global recognition for September 16 as Identity Day, emphasising the critical role that verifiable proof of identity plays. Despite being a basic human right and a practical necessity, this is the only day globally dedicated to identity.

The selection of September 16 (16.9) is symbolic, referencing UN Sustainable Development Goal 16.9, which aims to ensure that everyone has a legal identity, including birth registration, by 2030.

As businesses and individuals confront increasing risks of fraud, identity theft, and financial crime, Ideco has launched its Electronic Know Your Client (eKYC) solution.

This innovative tool offers reliable identity verification processes, designed to safeguard both businesses and their clients against these growing threats.

In 2020, financial institutions faced over $10.4 billion in fines for non-compliance with money laundering and data protection regulations.

Adopting eKYC reduces fraud risk by up to 50% and improves customer loyalty by up to 30%. Automation can also save up to 25% in operational costs. By 2025, it’s estimated that 80% of KYC processes will be fully digital.

Know Your Client (KYC) has evolved from a recommendation to a vital requirement for businesses, particularly those handling sensitive information.

KYC ensures that clients are who they claim to be, helping to prevent fraud, money laundering, and other illicit activities. Failure to implement robust KYC protocols leaves businesses vulnerable to reputational harm, legal risks, and financial losses.

Marius Coetzee, IDECO CEO, says industries like financial services, real estate, and automotive sales are especially susceptible to these risks. “Implementing an effective KYC system is crucial to safeguarding operations and maintaining compliance.”

With South Africa’s Protection of Personal Information (POPI) Act, businesses are required to safeguard customer data. Non-compliance with POPI can result in heavy penalties.

In an era where data breaches and cybercrime are on the rise, implementing strong identity verification procedures isn’t just optional – it’s a legal and ethical responsibility.

KYC isn’t confined to financial institutions. Sectors such as micro-lending, real estate, and motor dealerships must also adopt KYC to prevent fraud. For instance, micro-lenders need to verify borrower identities to prevent loan fraud.

Furthermore, property practitioners must confirm the legitimacy of clients before transactions and motor dealerships require proper buyer verification to avoid financing fraud.”

“The risk of fraud and identity theft isn’t limited to new customers; long-term clients can pose a risk if their identities have been compromised. Effective KYC processes ensure businesses don’t unintentionally facilitate criminal activity, protecting them from financial and regulatory consequences,” he explains.

For individuals, the consequences of identity theft can be catastrophic. Criminals may use stolen information to open accounts, secure loans, or even commit crimes in someone else’s name. Protecting your identity is crucial for avoiding not just inconvenience, but significant personal and financial losses.

Ideco’s eKYC, built on the Famoco FP200 mobile biometric device, offers a powerful solution for small and large businesses looking to mitigate risk and ensure compliance. It provides real-time customer identification using advanced fingerprint and facial recognition technology, directly interfacing with the Department of Home Affairs for verification.

Key features of Ideco eKYC include efficient onboarding, streamlining the identity verification process to accelerate customer onboarding. It ensures data accuracy by eliminating manual entry errors, while biometric technology enhances fraud prevention, safeguarding against identity theft and fraudulent activities.

The automated KYC process delivers significant cost savings by reducing operational expenses and boosting overall efficiency.

“In addition, Ideco eKYC protects sensitive customer information, fully complying with POPI and FICA regulations, and offers scalability, seamlessly integrating into existing systems to support business growth,” says Coetzee.

With over 20 years of innovation, IDECO has been a leader in providing secure and reliable identity verification systems, and the new eKYC solution continues this legacy by helping businesses meet regulatory requirements, improve profitability, and outshine the competition.

The Famoco FP200 mobile biometric device was selected for its exceptional reliability, being trusted globally for its high performance. It features full compatibility with the Department of Home Affairs’ fingerprint records, ensuring seamless biometric verification.

The device operates on a custom Android OS that is highly secure and tamper-proof, providing businesses with a safe platform.

Additionally, it comes with managed services that offer secure updates and continuous support. Businesses can also customise the branding of the device to align with their own identity, making it a versatile tool with a wide range of search functionalities to meet various needs.

Ideco eKYC provides over 15 different search functions to meet various business needs. These include identity verification, where identity numbers and related information can be confirmed, and biometric matching through fingerprint and facial recognition for accurate identification.

It also offers a “Proof of Life” function to confirm a person’s living status, along with bank account verification to validate the status of a customer’s account.

Furthermore, PEP/POI reports help identify politically exposed persons or persons of interest, while full FICA reports deliver comprehensive customer data to ensure compliance with FICA regulations.

Each transaction is linked to a unique reference number for future audit purposes. Additionally, transactions can be easily integrated into your existing FICA management or CRM systems, enabling seamless remote onboarding and KYC compliance.

Ideco eKYC operates on a token system, where businesses load their accounts and are charged only when searches are successful. This makes it a cost-effective solution for businesses of all sizes.

Coetzee says getting started with Ideco eKYC is a straightforward process that involves just six simple steps. “First, submit the application form and undergo the necessary FICA checks. Once approved, you can order your Famoco device.”

“After receiving it, activate your service and enrol authorised users. From there, you can begin using the eKYC solution as and when needed,” he concludes.

By implementing Ideco eKYC, businesses of all sizes can safeguard against fraud, protect customer data, and meet regulatory requirements – all while improving efficiency and enhancing customer satisfaction.

[Featured Image Credit]

What’s more, securing 400 million username and password combinations in bulk will earn a cybercriminal around $150.

There can be little doubt, cybercriminals have our passwords in their sights. This is particularly the case in Africa where businesses are often more prone to cyberattacks than companies anywhere else in the world.

According to one report, Nigeria ranked third in Africa, experiencing 16.7 million cyberattacks. South Africa ranked first with 32 million attacks, followed by Kenya at 28.3 million.

With weak passwords, password spraying, and phishing the entry point for most attacks, identity is the new battle ground of cyberthreats.

And for organisations looking to protect themselves, preventing an identity from being misused or stolen, is now the highest priority.

As part of the first edition of, Cyber Signals, Microsoft’s new quarterly cyberthreat intelligence brief, we take a closer look at the dangers of the rising mismatch in scale of identity-focused attacks in relation to levels of organisational preparedness.

The brief, which offers an expert perspective into the current threat landscape, aims to be a valuable resource to Chief Information Security Officers in Nigeria, as they navigate the constantly changing threat landscape.

Cyber Signals aggregates insights we see from our research and security teams on the frontlines, including analysis from our 24 trillion security signals combined with intelligence we track by monitoring more than 40 nation-state groups and 140 threat groups.

The newly released research shows that though threats have been rising fast over the past two years, there has been low adoption of strong identity authentication, such as multifactor authentication and passwordless solutions.

In fact, just 22 percent of Microsoft’s Cloud Identity Solution, Azure Active Directory, users had implemented strong identity authentication protection as of December 2021.

However, the consequences of a data breach are now front of mind for 64 percent of companies in the Middle East and Africa (MEA) according to current Microsoft-IDC research.

In fact risk experts across MEA rank cyber incidents as the second highest risk facing the region, largely because of the increase in both size and expense of data breaches.

This is helping push organisations in Nigeria to pay closer attention to digital identities. As it stands, confirming user identities with an additional layer of security is a key priority over the next six to 18 months for 60 percent of businesses in MEA.

Recognising the danger that comes with remote work and increased digitisation another 75 percent of companies in MEA are actively investing in identity and access management.

The right multifactor authentication (MFA) and passwordless solutions can go a long way in preventing a variety of threats. In fact, according to Cyber Signals, basic security hygiene still protects against 98 percent of attacks. Key recommendations for organisations looking to increase their level of security include:

Implement zero trust to reduce risk

Nation-states play the long game and have the funding, will, and scale to develop new attack strategies and techniques.

Your security team should prioritise implementing zero-trust practices like MFA and passwordless upgrades as part of a security baseline. They can begin with privileged accounts to gain protection quickly, then expand from there.

Prevent passwords falling into the wrong hands

Enabling MFA is an important weapon in fighting back. By so doing, your organisation mitigates the risk of passwords falling into the wrong hands. You can take this a step further by eliminating passwords altogether and, at the same time, eliminating administrative privileges through passwordless MFA.

Though passwords are a prime target for attacks, they’ve long been the most important layer of security for everything in our digital lives.

People are expected to create complex and unique passwords, remember them, and change them frequently, but this is highly inconvenient, and nobody likes doing that. Ultimately, a passwordless future is a safer future.

Review account privileges regularly

Privileged-access accounts, if hijacked, become a powerful weapon attackers can use to gain greater access to networks and resources. Your security teams should be auditing access privileges frequently, using the principle of least-privilege granted to enable employees to get jobs done.

Constantly verify the authenticity of users and activities

Another fundamental aspect of your security hygiene should be to thoroughly review all tenant administrator users or accounts tied to delegated administrative privileges.

This will help your organisation verify the authenticity of users and activities. Your security team should then disable or remove any unused delegated administrative privileges.

Attackers are constantly raising the bar. But leading with identity-focused solutions, including enforcing MFA, adopting passwordless solutions, and creating conditional access policies for all users dramatically improves protection for your devices and data. If identity is the new battle ground, then zero trust is the must-have weapon for fighting back.

Read more about Cyber Signals.