Synthetic identity fraud in the age of AI: Why payments needs a global, risk-based response

Synthetic identity fraud is rising fast, with deepfakes and AI-driven crime exposing gaps in global AML/KYC. New defences are urgent.

Synthetic identity fraud blends real and fabricated personal data to create convincing fake personas, and it’s no longer a fringe issue but a mainstream one. In 2024, reported cases surged by 60%, now representing 29% of all identity fraud. According to the Payments Association’s ‘Financial Crime 360 Report 2025′, 48% of industry respondents name identity fraud as their most common threat, and 64% cite deepfakes as their top AI-driven fraud concern. This isn’t just a “problem”: it’s a seismic shift in how fraud is being executed.

Fraud is already the number one challenge facing the payments sector, flagged by 72% of respondents. AI-enabled crime ranks second at 58%, showing just how quickly criminals are operationalising advanced technologies to bypass even the most robust defences.

The cracks fraudsters exploit

A patchwork of global AML and KYC regulations gives fraudsters room to manoeuvre. Criminal networks don’t respect borders; they actively exploit mismatched standards and fragmented enforcement. The same report shows that just 54% of professionals believe UK fraud regulation is fit for purpose, and over half rate policy effectiveness below satisfactory levels. These gaps aren’t just theoretical, but they are being weaponised in real time by fraudsters.

Even firms with full regulatory compliance remain vulnerable. Deepfake injection attacks can now mimic facial features with frightening precision, passing document verification but fooling systems that rely on static, rule-based approaches. Yet 64% of organisations still rely on rules-based monitoring as their primary defence, a method that is expensive to maintain and slow to adapt.

Why traditional defences are not enough

Static systems struggle in a dynamic threat landscape. The Financial Crime 360 data shows that only 22% of organisations report full readiness for AI and machine learning in fraud prevention, despite over half planning to invest in these technologies. This readiness gap means criminals may be advancing faster than the very tools designed to catch them.

False positives are another operational drag, damaging customer trust and wasting investigative resources. High-quality data capture, robust biometric checks, and the ability to differentiate between victims and perpetrators are essential safeguards.

The case for a risk-based, perpetual, and collaborative approach

To counter AI-enabled synthetic identity fraud, three priorities stand out:

1. Risk-based orchestration: Start with low-friction checks like device, IP, and email intelligence that can escalate dynamically to document verification, facial matching, and certified liveness testing when risk triggers are met. This ensures genuine customers enjoy a smooth experience while suspicious actors face greater scrutiny.
2. Perpetual KYC: Identity verification should be ongoing, not “one-and-done.” People’s risk profiles change — a previously low-risk individual might later become a PEP or appear on a sanctions list. Continuous monitoring ensures evolving risks are caught early.
3. Global collaboration: Public–private partnerships, like CIFAS in the UK, prove the value of intelligence sharing. Expanding this model internationally is critical. The report shows that data sharing is a top vendor request, yet legal and technical silos still hold the industry back.

The future: faster, smarter, more dangerous

The Financial Crime 360 findings highlight a sector at a crossroads: 49.7% of organisations plan to increase fraud prevention spending in the next year, acknowledging that threats are accelerating faster than current defences. Identity deepfakes, automated data harvesting, and AI-powered phishing will only grow in sophistication. Without unified global standards and interoperable detection systems, the industry risks a permanent game of catch-up.

What must payments professionals do now?

• Implement dynamic, layered verification to balance friction and fraud control.
• Invest in perpetual monitoring to catch changes in real time.
• Push for harmonised global AML/KYC standards and cross-border data sharing.
• Educate customers about synthetic identity and deepfake threats to build resilience.

Fraud prevention comes down to a single truth: proving the person is the genuine owner of the identity they present. In the AI era, that’s harder than ever to prove. The payments sector has the influence, technology, and collaborative potential to close the gaps. The question is whether we will act fast enough.