Brief IA

Identity Fraud: AI Disrupts the Customer Journey

🤖 Models & LLM·Tom Levy·

Identity Fraud: AI Disrupts the Customer Journey

Identity Fraud: AI Disrupts the Customer Journey
Key Takeaways
1Identity fraud is intensifying with AI, targeting every step of the digital customer journey.
2Deepfakes and forged documents facilitate attacks, with projected losses of $17 billion by 2025.
3Account creation and takeover fraud exploit vulnerabilities in sectors like crypto and payments.
💡Why it mattersCompanies must strengthen every checkpoint to counter increasingly sophisticated and organized attacks.
Le brief IA que lisent les pros

Le brief IA que les pros lisent chaque soir

Les 7 actus IA du jour, décryptées en 5 min. Gratuit.

Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.

Choisis ton rythme

Gratuit · Pas de spam · Désabonnement en 1 clic

📄
Full Analysis

Digital Transformation and Its Challenges

Identity verification, once based on direct human interactions, has evolved with the digital age. Now, identity is the pivot of digital interactions, but this transition has paved the way for more sophisticated forms of fraud. Fraudsters explore every step of the customer journey, from registration to transactions, in search of vulnerabilities. No blind spot is overlooked by these cybercriminals who adapt their strategies to exploit weaknesses.

Artificial intelligence has amplified these threats, making attacks faster and more credible. Deepfakes and forged documents complicate biometric verifications, while phishing is automated on a large scale. Global losses due to account takeover (ATO) fraud are expected to reach $17 billion in 2025, up from $13 billion in 2024. This significant increase highlights the evolving methods of fraudsters, who are becoming increasingly sophisticated and difficult to detect.

Fraud Schemes That Align with the Customer Journey

Fraud adapts to the stages of the customer journey and the targeted sectors. Two main categories stand out: account creation fraud, attracted by immediate benefits, and account takeover, targeting existing high-value accounts. In 2025, this distinction is crucial for understanding how fraudsters operate and what their preferred targets are.

In the crypto sector, 67% of fraud occurs during account creation, motivated by sign-up bonuses. Vehicle rental presents a similar pattern, with 67% of fraud occurring during onboarding. Attackers use fake identities to temporarily access valuable assets. In these sectors, a lenient onboarding process creates opportunities to capture benefits or open accounts intended for money laundering.

The logic is quite different for takeover fraud. Here, attackers do not create new accounts—they seize existing ones. Using stolen credentials, phishing, malware, or social engineering, they invest in old, high-value accounts, allowing them to make transfers, take out loans, or access sensitive data. In the payments sector, 82% of fraud attempts occur after registration; in professional services, this figure reaches 62%. Old, high-value accounts are particularly attractive as they enable fund transfers, loans, and access to rich identity data, making them far more valuable than newly created accounts.

These data reveal two fundamental truths: first, no organization can afford to strengthen a single control point at the expense of others. Every open vulnerability becomes an invitation. Second, fraud has become professionalized. It is now organized, strategic, aimed at maximizing gains and minimizing defenses.

Prevention Must Cover the Entire Journey

If fraud can strike at every step, the response must be equally comprehensive. Organizations that deploy a coherent identity strategy throughout the customer lifecycle save an average of $8 million per year in fraud-related costs, resulting from earlier, more accurate, and above all, more systematic detection.

Three pillars structure this approach:

  1. Make onboarding a first line of defense, not just a formality
    Registration is the first opportunity to establish authentic trust and detect what is not genuine. Robust KYC or KYE processes combine identity document verification and facial recognition to confirm that the person in front is indeed who they claim to be. “Liveness” detection adds an essential layer: it distinguishes real users from synthetic identities and deepfakes, which account for about one in five biometric fraud attempts. Rigorous onboarding not only protects against immediate fraud but also reduces downstream risks associated with fraudulent accounts that may have slipped through the cracks.

  2. Secure existing accounts through continuous authentication
    Verifying identity once is no longer sufficient. The threat is ongoing, and the response must be as well. Continuous authentication, combining multi-factor authentication and biometric re-verification, protects established accounts without burdening the experience of legitimate users. Better yet, it allows for dynamic adaptation of security requirements based on contextual risk levels, rather than applying a blind static control. In the payments sector, where the majority of fraud specifically targets the authentication process, this responsiveness is not a luxury; it is a necessity.

  3. Monitor behaviors in real-time, not just identities
    A user may present a legitimate identity while engaging in fraudulent behavior. This is where real-time behavioral analysis comes into play: by cross-referencing device signals, browsing habits, login patterns, and transactional anomalies, it becomes possible to detect fraud where traditional identity checks remain silent. As AI-driven attacks gain credibility, this level of behavioral vigilance fills a critical gap in classic defenses.

The Window of Opportunity

Fraud has always followed the customer journey, shaping its contours and exploiting its blind spots. What has changed is that technology now allows defenders to do the same, provided it is used as a coherent strategy rather than a collection of isolated controls.

Organizations that treat identity as a continuous thread rather than a checkbox at the entry point will be better equipped to detect earlier, respond faster, and sustainably protect their customers. Digital trust is not decreed. It is built, at every step, with rigor and consistency.

Brief IA — L'actualité IA en français

L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.