RESTON, Va.--(BUSINESS WIRE)--

Fresh survey data from Regula, a global developer of identity verification (IDV) solutions and forensic devices, shows that the line between traditional fraud and impersonation attacks has vanished. Identity spoofing, biometric fraud, and AI-powered deepfakes have already struck one in three organizations worldwide, catching up with long-standing fraud tactics like forged documents and social engineering.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250916314726/en/

Three impersonation-driven tactics now dominate the fraud playbook, each exploiting weaknesses in verification:

Identity spoofing (reported by 34% of organizations) — Holding up a printed photo, replaying a video, or showing a screen image to a camera. Often used to mass-open accounts for scams or mule networks.

Biometric fraud (34%) — Physical deceptions like fake fingerprints, silicone masks, or 3D models that outsmart biometric sensors. Favored in SIM swaps or account resets to hijack user accounts.

Deepfake fraud (33%) — AI-generated faces, voices, or videos to convincingly mimic or invent identities. Increasingly deployed in video-based KYC (Know Your Customer) to secure “clean” accounts for money laundering or fund movement.

These tactics now occur as frequently as traditional fraud methods: document fraud (30%), synthetic identities (29%), and social engineering scams (30%). What was once an emerging threat has gone mainstream.

“The key shift is that fraudsters are no longer breaking in through the back door—they’re walking straight through the front,” says Ihar Kliashchou, Chief Technology Officer at Regula. “The verification step itself has become the primary target. Criminals create fake but ‘clean’ identities that look legitimate from day one, making downstream fraud detection nearly powerless. Onboarding is now the battleground.”

Industrialized impersonation

The bigger the attack surface, the smarter the attacks. Small businesses (