Dec. 02, 2025 /Mpelembe Media/ — The Sumsub Fraud Report 2025-2026 focuses on the “Sophistication Shift,” which describes the fundamental change in identity fraud from high-volume, basic attempts to fewer, more targeted, and financially damaging AI-enabled operations. This shift is driven primarily by the industrialisation of deception via generative AI, leading to an explosion in deepfakes and highly realistic synthetic identities across all major digital ecosystems. The analysis provides comprehensive regional breakdowns for Europe, Asia-Pacific, Latin America, Africa, and North America, demonstrating that even in markets where overall fraud rates are stabilising, the remaining attacks are significantly more complex and harder to detect. Survey results highlight widespread consumer exposure to social engineering, with regulated financial institutions retaining the highest levels of trust, contrasting with the trust deficit observed in sectors like social media and dating platforms. Ultimately, the report mandates a transition to advanced defense strategies, requiring global regulators and businesses alike to implement multi-modal verification and unified threat intelligence to stay ahead of autonomous AI fraud agents.
The most common third-party fraud type in 2025 is Identity Theft, accounting for 28% of the top five third-party fraud types.
Third-party fraud involves external attackers who impersonate or compromise genuine users, often relying on stolen credentials, social engineering, or automation.
A breakdown of the Top-5 third-party fraud types in 2025, based on the Fraud Exposure Survey, is as follows:
Identity Theft: 28%. This involves using stolen or fabricated personal data to impersonate victims and open accounts. Fraudsters are increasingly using AI-generated replicas of stolen data, adapting stolen identities with generative tools to make them blend seamlessly into KYC processes.
Account Takeover (ATO): 19%. This involves hijacking legitimate accounts through methods like credential stuffing, phishing, or SIM swaps. ATO is expected to evolve toward real-time, AI-assisted attacks using bots and deepfake voice/video to bypass multi-step authentication or social-engineer call centers.
Card Testing: 17%. This involves using stolen payment cards to run small trial transactions before attempting larger fraud. The scale of card testing is expected to explode with automation, as bot farms push thousands of micro-transactions across multiple merchants in seconds.
Phishing/Social Engineering Attacks: 16%.
This involves tricking victims into sharing sensitive data or authorizing fraudulent transactions. Social engineering is being supercharged by AI-generated content, such as realistic deepfake voices or tailored phishing emails.
Bot-driven Attacks: 12%.
This uses automated scripts to flood verification or login systems with high-volume attempts. Bots are becoming more human-like by integrating language models to mimic real user flows and bypass behavioral detection.
Identity theft is the leading type because third-party fraud schemes often rely on the use of stolen or fabricated personal data to impersonate victims and open accounts.
The report indicates that Zambia is characterized by a high prevalence of fraud network activity, specifically concerning the involvement of approved applicants.
Here is a breakdown of the type of fraud prevalent in Zambia, based on the provided sources:
Fraud Network Activity: Zambia recorded the highest ratio of approved applicants linked to fraud networks in the Africa region, with 37% of approved applicants involved. This signals a high concentration of potential future fraudsters within the user base.
Zambia leads the Top-20 jurisdictions in Africa with the highest ratio of approved applicants involved in fraud networks, followed by Rwanda at 34%.
Overall Fraud Rate and Growth: Zambia’s overall identity fraud rate in 2025 stood at 2.2%. The country saw a 9% year-over-year (YoY) growth in its fraud rate in 2025.
Deepfake Growth (Sophistication Shift): While the 2025 fraud rate growth was relatively modest (+9% YoY), Zambia recorded an extreme growth in deepfake attacks, with a +967% YoY growth rate. This indicates that highly sophisticated, AI-driven fraud methods are rapidly being adopted in the country, aligning with the Sophistication Shift observed globally.
In summary, the most defining characteristic of fraud activity in Zambia is its high vulnerability to organized fraud rings, suggested by the high ratio of approved applicants linked to fraud networks (37%). Furthermore, deepfake technology is rapidly becoming a prevalent method, evidenced by the near 1,000% increase in deepfake attacks.
The Sophistication Shift in global identity fraud is defined by a pivot from high-volume, low-effort attacks to fewer, more targeted, multi-layered schemes that require greater preparation and cause greater damage. This transformation is driven by several technological and tactical innovations:
Technological Innovations (AI as the Engine of Fraud)
The Sophistication Shift is largely fueled by the industrialization of Artificial Intelligence (AI).
High-Fidelity AI-Generated Identity Artifacts: Fraudsters now leverage advanced generative AI platforms to create near-perfect forgeries that bypass traditional defenses.
Document Forgeries: Tools like OpenAI’s advanced image generation create fake IDs with near-perfect detail, replicating crucial security features such as fonts, holograms, and textures that previously required specialist skills.
Synthetic Videos and Deepfakes: Next-generation text-to-video systems (like Google Veo and OpenAI’s Sora) can render entire dynamic scenes, complete with realistic facial microexpressions, lighting, and depth. These tools enable attackers to stage highly convincing deepfake liveness bypasses that mimic real people’s movements and reactions. Deepfakes are evolving from single-use fakes to adaptive, real-time tools, potentially deploying interactive avatars during liveness checks.
Industrialized Production: Fraud-as-a-service marketplaces package these AI models into ready-made production kits, allowing even low-skilled actors to generate industrial quantities of high-quality forgeries.
Autonomous AI Fraud Agents: The most advanced innovation is the emergence of AI fraud agents. These are autonomous systems capable of executing entire verification attempts end-to-end with minimal human intervention.
These agents combine generative content, scripting, and behavioral mimicry.
They can orchestrate a comprehensive attack chain, including creating a synthetic persona, submitting a deepfake video, and tampering with device telemetry.
Crucially, they can learn from failed attempts to refine their next approach, achieving adaptive persistence across platforms.
Tactical Innovations (Shifting from Content to Context)
The strategic focus has shifted from crude content manipulation to highly coordinated attacks and the manipulation of detection systems themselves.
Telemetry Tampering (The New Evasion): As document and facial checks improve, fraudsters are now targeting the underlying data pipelines (telemetry) that verification systems rely on. This means attacking the context rather than just the content.
SDK and API Manipulation: Fraudsters script verification flows, replay pre-recorded sessions, or tamper with Software Development Kit (SDK) calls to trick systems into thinking an authentic session occurred.
Device and Environment Masking: Tools such as emulator farms, virtual machines, and proxy layers are used to make the attacker appear as a “fresh” user, masking device fingerprints and location signals that would typically expose repeat fraud attempts.
Camera Feed Interference: Attackers inject synthetic frames or bypass camera APIs to feed pre-recorded or AI-generated video into what should be a live capture session.
Multi-Layered and Hybrid Attacks: Sophisticated fraud involves the combination of multiple coordinated techniques, increasing preparation and making detection far harder.
These schemes combine synthetic identities, layered social engineering, device or telemetry tampering, and cross-channel manipulation.
Examples include pairing high-fidelity AI-generated ID documents with deepfake video liveness checks or combining telemetry tampering (e.g., emulator use) with forged documents to conceal repeated attacks.
Fraud rings orchestrate operations where multiple synthetic and stolen identities interact to reinforce each other’s legitimacy.
Synthetic Identity Rings and Post-KYC Abuse: Fraudsters are increasingly establishing synthetic identity rings. These fabricated digital personas blend real and fake data and are expected to become highly networked, reinforcing credibility across platforms. These identities are often used in carefully orchestrated post-KYC abuse, moving fraud efforts downstream after the initial, successful onboarding process.
In essence, the Sophistication Shift transforms fraud from individual, easily filtered “copy-paste jobs” into an industrial threat where AI serves as the engine and telemetry tampering is the method of evasion, requiring defenders to focus on behavioral and contextual signals, rather than just static documents.
Download the free report here