For years, financial institutions built walls around their systems – firewalls, encryption, and network monitoring designed to keep the intruder out. But in 2026, the new battleground for fraud isn’t in the network or the cloud; it’s in the individual. The fastest developing point of attack is no longer infrastructure – it’s identity.
Generative AI-driven fraud in the U.S. alone is expected to hit $40 billion by 2027, according to Deloitte. The tools of deception have been democratised, industrialised, and globalised. So as AI agents, synthetic identities and deepfakes blur the line between real and imitation, financial services must shift their focus away from ‘how do we protect our systems?’ to ‘how do we trust our people?’
The Globalisation of Fraud
Fraud has always been an international sport, but AI has made it an industry. Cyber threats often spread rapidly across regions and industries, shape-shifting thanks to advances in technology. CIFAS reported a record number of fraud cases in the first half of 2025 and pointed to the availability of AI tools as a key reason.
GBG’s Global Fraud Report found that 96% of fraud prevention professionals are concerned about the industrialisation of fraud, with 79% seeing a significant rise in sophistication over the past year. Fraudsters today are not lone opportunists; they’re coordinated, tech-savvy, and now powered by automation.
Deepfakes epitomise this shift. Using advanced generative AI techniques (including GANs and diffusion models), criminals can create hyper-realistic videos and images that mimic genuine human behaviour. Popular apps like Deep-Live-Cam and Reface offer plug-and-play capabilities that can inject fake faces into authentication systems in seconds. This isn’t a fringe risk, 71% of fraud professionals in EMEA have expressed concern about deepfake threats, while regulators like the EU are responding through frameworks such as DORA (the Digital Operational Resilience Act) which explicitly push institutions toward operational and identity resilience.
These attacks strike at the heart of trust. The questions financial institutions must now answer are deceptively simple: ‘Can I trust that the person I see on the screen is real?’ ‘Can I trust that this ID is not fake?’ The barrier of resilience is set at how confidently and quickly they can say “yes.”
Synthetic Identity: The Art of Invisible Fraud
Synthetic identities – fabricated personas built from real and fake data – represent one of the most profitable forms of digital fraud today. Deloitte estimates the average payoff from a synthetic identity fraud case in the U.S. is between $81,000 and $98,000, with fraudsters now using generative AI to make these identities eerily convincing.
Unlike stolen identities, synthetics evolve. They age in the system, build credit, and interact with institutions just like genuine customers. What makes this form of fraud particularly insidious is its invisibility. Unlike with traditional identity theft, the identity doesn’t belong to a real person, so there is no one to report suspicious activity.
That’s where behavioural identity comes in. The future of verification isn’t about what a person has (an ID) or knows (a password), but how they behave. Micro-patterns in typing rhythm, device use, and even navigation paths form part of a behavioural fingerprint that’s extremely difficult to replicate at scale. When combined with biometric and contextual data, this builds a dynamic, living model of trust – a security perimeter shaped not by static credentials, but by human nuance.
Beyond Biometrics: Building Trust Without Friction
Security works best when you barely notice it. Yet seamlessness must never mean vulnerability. That’s the paradox at the centre of modern digital finance: how do you protect without obstructing?
Biometric identity verification offers an answer. Face and voice recognition systems, combined with document authentication, are now essential tools in fighting fraud and meeting regulatory expectations. But not all biometrics are equal. As deepfake technology advances, even the most human identifiers – our faces, our voices – can be mimicked.
To defend against this, leading institutions are adopting liveness detection – technology that identifies subtle biological markers like blood flow, skin texture, and light reflection to confirm a user’s genuine presence. Passive liveness detection achieves this invisibly, verifying authenticity without forcing the customer to blink or nod into a camera. It’s the intersection of security and simplicity: frictionless defence at machine speed.
This kind of advanced biometric intelligence doesn’t just deter fraud, it strengthens customer relationships. Real-time, omnichannel verification lets people move effortlessly between digital and physical channels, while AI-driven anomaly detection flags risks before they become breaches.
Done right, identity verification becomes both a safeguard and a customer experience advantage.
A New Kind of Resilience
Throughout history, disguise has been the villain’s oldest trick. Today, AI gives that trick infinite new faces. But the same intelligence that enables deception also empowers defence.
At GBG we’ve seen firsthand how behavioural and biometric intelligence are reshaping fraud defence, shifting from static verification to continuous authentication.
Cyber resilience in finance will no longer hinge on perimeter walls or system redundancies. It will depend on the ability to recognise the genuine in a world of perfect forgeries. Behavioural, biometric and contextual intelligence – combined into a single trusted identity fabric – is the foundation of that future.
Learn more at gbg.com
- Cybersecurity in FinTech