Fresh survey data from Regula, a global developer of identity verification (IDV) solutions and forensic devices, shows that the line between traditional fraud and impersonation attacks has vanished. Identity spoofing, biometric fraud, and AI-powered deepfakes have already struck one in three organizations worldwide, catching up with long-standing fraud tactics like forged documents and social engineering.

Three impersonation-driven tactics now dominate the fraud playbook, each exploiting weaknesses in verification:

●      Identity spoofing (reported by 34% of organizations) — Holding up a printed photo, replaying a video, or showing a screen image to a camera. Often used to mass-open accounts for scams or mule networks.

●      Biometric fraud (34%) — Physical deceptions like fake fingerprints, silicone masks, or 3D models that outsmart biometric sensors. Favored in SIM swaps or account resets to hijack user accounts.

●      Deepfake fraud (33%) — AI-generated faces, voices, or videos to convincingly mimic or invent identities. Increasingly deployed in video-based KYC (Know Your Customer) to secure “clean” accounts for money laundering or fund movement.

These tactics now occur as frequently as traditional fraud methods: document fraud (30%), synthetic identities (29%), and social engineering scams (30%). What was once an emerging threat has gone mainstream.

Regula’s survey shows that impersonation attacks overtake traditional fraud schemes

“The key shift is that fraudsters are no longer breaking in through the back door—they’re walking straight through the front,” says Ihar Kliashchou, Chief Technology Officer at Regula. “The verification step itself has become the primary target. Criminals create fake but ‘clean’ identities that look legitimate from day one, making downstream fraud detection nearly powerless. Onboarding is now the battleground.”

Industrialized impersonation 

The bigger the attack surface, the smarter the attacks. Small businesses (<50 incidents a year) still mostly deal with forged documents. But at larger levels (250+ cases annually), nearly half of incidents involve AI-driven fraud. 

The money tells an even greater story: 40% of companies with $1M+ in fraud losses report being hit by deepfakes. For organizations bleeding $5M+, deepfakes and synthetic identities are now the top fraud vector. 

What we are witnessing is market optimization: AI tools drive higher ROI for criminals.

The defense imperative

The findings confirm a sobering truth: fraud prevention is locked in a perpetual arms race. Defenses built for yesterday’s fraud fail fast. To stay ahead, organizations need layered defenses that combine flexible identity workflow orchestration with the ability to adapt to business needs and evolving threats. By uniting multi-layered verification with a liveness-first strategy, businesses can build strong, lasting protection against increasingly sophisticated fraud.