News Summary:
-
Entrust 2026 Identity Fraud Report reveals fraud continues to rise in both scale and sophistication as fraudsters leverage AI.
-
Deepfakes are linked to every one in five biometric fraud attempts, with injection attacks increasing 40% year-over-year.
-
National IDs targeted, physical counterfeit and digital forgeries dominate, and psychological manipulation is increasing.
Entrust, a global leader in identity-centric security solutions, released its seventh annual Identity Fraud Report for 2026. The report examines global trends, tactics, and techniques used in identity fraud over the past year, providing actionable insights to help businesses protect their customers and operations.
Also Read: CIO Influence Interview with Duncan Greatwood, CEO at Xage Security
Generative AI and shared tactics fuel volumes and sophistication, targeting people, credentials, and systems.
Deepfakes and injection attacks on the rise
New data reveals deepfakes account for one in five biometric fraud attempts, and instances of deepfaked selfies increased by 58% in 2025. Other fraud tactics across biometric systems include photo of a screen, photo of a printout, 2D and 3D masks, video of a video on screen, and video of photo on screen.
This rise in deepfakes is part of a broader trend of increasingly sophisticated attacks driven by injection attacks, which surged 40% year-over-year. Injection attacks enable fraudsters to bypass live capture processes by feeding manipulated images or videos directly into verification systems. When combined with deepfakes, these sophisticated techniques can convincingly mimic users and live capture experiences, making detection difficult without robust, multi-layered fraud prevention.
Fraud across the customer lifecycle
The report also highlights trends in when fraud happens during the customer lifecycle and how it varies by industry and business models. Sectors offering sign-up bonuses, such as cryptocurrency, face the highest rates of onboarding fraud, accounting for 67% of fraud attempts. Meanwhile, industries with valuable, long-standing accounts, such as payments and digital-first banks, experience higher rates of account takeover (ATO) fraud, accounting for 82% and 55% of fraud attempts targeting the authentication process, respectively. ATO fraud involves hijacking existing user accounts, typically through stolen credentials, phishing, malware, or social engineering, to steal funds or harvest sensitive data.
Social engineering and psychological manipulation
Building on the technical threats, the report also reveals how fraudsters are increasingly targeting individuals through psychological manipulation. By using tactics such as phishing, impersonation, and coercion, fraudsters are convincing victims to use their genuine identity, hand over sensitive data, or transfer funds.
Additional key findings from the 2026 Identity Fraud Report include:
- Physical and digital document fraud: In 2025, digital forgeries made up 35% of document fraud – up from a 29% average between 2022 and 2024. Overall, there’s a higher volume of physical counterfeits (47%), but typically the sophistication of digital forgeries is higher, driven by the online availability of AI tools.
- National ID cards most exploited: National ID cards accounted for nearly half (46%) of all fraudulent document submissions globally. Fraudulent national IDs are most prevalent in EMEA (45%) and APAC (60%), whereas AMER experiences more fraudulent driver’s licenses (37%).
- Peak activity after hours: Modern fraud operations are highly organized and global in scale, making fraud a 24/7 business. Data from Entrust reveals that fraud attempts peak between 2:00 am and 4:00 am UTC, when defenses in many regions are offline.
- Fraud on repeat: Fraudsters often use a “rinse and repeat” strategy, recycling fake details across multiple fraudulent identity documents. Commonly used elements include names such as Jon Doe, document numbers like A12345678, and birthdates including October 16, 1986.
“As detection improves, fraud rings evolve, becoming faster, more organized, and commercially driven,” said Simon Horswell, Senior Fraud Specialist Manager at Entrust. “Generative AI and shared tactics fuel volumes and sophistication, targeting people, credentials, and systems. Identity is now the front line, and protecting it with trusted, verified identity across the customer lifecycle is essential to staying ahead of adaptive threats.”
“With over 1 billion identity verifications conducted across 195 countries and more than 30 industries, Entrust offers unparalleled insights into how fraud operates and how to help mitigate it,” said Tony Ball, President of Payments & Identity and Incoming CEO at Entrust. “Our global reach and deep fraud intelligence mean we’re uniquely placed to drive continuous innovation and share meaningful insights for customers. The future of digital trust lies in layered, identity-centric strategies powered by AI, delivering fraud prevention and seamless user experiences.”
Catch more CIO Insights: The CIO’s Role In Data Democracy: Empowering Teams Without Losing Control
[To share your insights with us, please write to psen@itechseries.com ]
