Deepfakes Drive 20% of Biometric Fraud Attempts

The 2026 Entrust Identity Fraud Report shows that fraudulent activity reaches its highest concentration between 2:00am and 4:00am UTC, as criminal organisations coordinate attacks across time zones to exploit gaps in defence systems.

Global cybercrime networks operate around the clock, targeting financial institutions and businesses during periods when security teams are offline.

The report, which analysed over one billion identity verifications conducted across 195 countries and more than 30 industries, identifies deepfakes as responsible for one in five biometric fraud attempts.

This represents part of a broader fraud strategy, with injection attacks rising by 40% annually.

"As detection improves, fraud rings evolve, becoming faster, more organised and commercially driven," says Simon Horswell, Senior Fraud Specialist Manager at Entrust.

"Generative AI and shared tactics fuel volumes and sophistication, targeting people, credentials and systems.

"Identity is now the front line and protecting it with trusted, verified identity across the customer lifecycle is essential to staying ahead of adaptive threats."

Entrust report shows deepfake selfies increase 58%

Digital injection attacks enable criminals to spoof authentication systems and biometric verification by feeding manipulated images or videos directly into datastreams.

These attacks use deepfakes and replay methods to bypass security measures, mimicking not just documents but live-capture experiences.

The Entrust findings show that deepfake selfies increased by 58% in 2025. Criminals deploy photos of screens, photos of printouts, 2D and 3D masks, video of a video on screen and video of photo on screen to circumvent verification systems.

These techniques target the authentication infrastructure that financial services organisations rely on to onboard and verify customers.

The sophistication of these attacks stems from the widespread adoption of AI tools by fraud networks.

Criminal organisations share tactics and technology, enabling them to scale operations and adapt to detection methods as security teams implement countermeasures.

Cryptocurrency sector faces 67% onboarding fraud rate

The cryptocurrency industry experiences the highest rate of onboarding fraud attempts at 67%, driven by sign-up bonuses that incentivise mass account creation.

Payment and banking sectors face different challenges, with account takeover fraud accounting for 82% of fraudulent activity in these industries.

Account takeover fraud involves criminals gaining access to user accounts through stolen credentials, phishing, malware or social engineering. Once inside accounts, perpetrators steal funds or harvest data for subsequent attacks.

Financial institutions also contend with fraud attempts that target their authentication systems directly, seeking to bypass verification processes before account access is granted.

The banking sector faces attacks at multiple points in the customer lifecycle. Criminals attempt to create accounts using stolen or synthetic identities during onboarding, then target existing accounts through credential theft and social engineering.

This dual approach requires financial institutions to maintain security measures across both new account creation and ongoing account monitoring.

AI-powered defence systems counter AI-driven attacks

Financial institutions and businesses face mounting pressure to implement security measures that match the sophistication of AI-powered attacks.

Traditional rule-based systems struggle to keep pace with the speed and variation of modern fraud attempts, pushing organisations towards adaptive technologies.

Tony Ball, President of Payments & Identity and Incoming CEO at Entrust says: "With over one billion identity verifications conducted across 195 countries and more than 30 industries, Entrust offers unparalleled insights into how fraud operates and how to help mitigate it.

"Our global reach and deep fraud intelligence mean we're uniquely placed to drive continuous innovation and share meaningful insights for customers.

"The future of digital trust lies in layered, identity-centric strategies powered by AI, delivering fraud prevention and seamless user experiences."

National ID cards account for 46% of fraud submissions

Document fraud remains prevalent, with physical forgeries representing 47% of fraudulent submissions.

National ID cards account for nearly half of all counterfeit documents at 46%, making them the most frequently abused credentials in identity verification processes.

Digital counterfeits demonstrate sophistication that reflects the availability of AI tools to fraudsters.

Criminal networks use these technologies to create documents that can bypass automated verification systems, forcing organisations to implement multiple layers of detection.

The combination of physical and digital forgery techniques requires security teams to maintain capabilities across both domains.

Simon notes that fraud networks continuously adapt their methods based on detection capabilities.

This creates an arms race between security teams and criminals, with each side developing new techniques to counter the other's innovations.

The commercial nature of these operations means that successful methods spread rapidly through criminal networks.