Smile ID Report Warns AI is Scaling Identity Fraud

In Short

• Smile ID says AI is changing identity fraud economics, lowering costs and helping criminals scale attacks.
• The company reports that mobile SDK signals, not images alone, blocked nearly 90% of fraud in 2025.
• Fraud is shifting from onboarding to authentication, including logins, account recovery, and high-value transactions.

What Happened

Smile ID released its 2026 Digital Identity Fraud Report, warning that AI is driving identity fraud at scale. The report is based on anonymised insights from over 200 million identity verification checks run in 2025, across 37 industries and more than 35 countries.

Smile ID argues that identity checks are no longer just a compliance step. KYC (know your customer, the process of verifying who a user is) is increasingly treated by attackers as a target inside the security stack.

One theme is deepfake and synthetic biometric fraud. Generative AI, meaning tools that can create realistic images, video, or audio, is improving the quality of fake faces and other biometric signals while lowering production costs. Smile ID says this makes repeatable, high-volume fraud campaigns more attractive than one-off document tampering.

The company also points to a shift in detection methods. Instead of focusing only on what a selfie or document looks like, it says fraud teams are relying more on “signals”, meaning device, session, and environment data that show how the capture happened. Smile ID claims nearly 90% of fraud blocked in 2025 was triggered by mobile SDK signals, up from 68% in 2024.

The report highlights “injection” attacks, where criminals try to bypass the camera and feed pre-recorded or synthetic media into the verification session. Smile ID says it saw over 100,000 injection attempts per month in 2025, linked to emulators, virtual cameras, and manipulated environments.

Why It Matters

Smile ID says authentication is now the main battleground. Fraud attempts aimed at authentication outnumber onboarding fraud by more than five to one, targeting login flows, device changes, account recovery, and transactions.

For fintechs, marketplaces, and any app with money movement, the takeaway is that identity is becoming continuous. Defending it increasingly depends on capture integrity and stronger controls after a user is already verified, not just at signup.