For years, "know your customer" leaned on a simple assumption: a person presenting a genuine document, and a matching face, is who they claim to be. Generative AI has broken that assumption. Criminals can now create convincing fake faces, clone voices, forge documents, and stitch together entirely fictitious "people" — at scale and low cost. AI-driven identity fraud is the single fastest-growing threat to onboarding controls in 2026, and defending against it is now core to AML.
The new attack toolkit
| Attack | What it is | What it beats |
|---|---|---|
| Deepfake video | AI-generated face/video impersonating someone | Selfie and video KYC checks |
| Voice cloning | AI-synthesised voice of a real person | Phone-based verification, voice authentication |
| Synthetic identity | Fictitious person built from real + fake data | Document and database checks |
| Forged documents | AI-generated fake IDs and statements | Document verification |
| Injection attacks | Feeding fake media straight into the camera feed | Naive liveness checks |
Why traditional KYC struggles
The old model — upload a document, take a selfie, match them — assumed the document was real and the face was live. AI undermines both assumptions simultaneously. A forged document can look perfect; a deepfake selfie can match it; an injection attack can bypass the camera entirely.
Spot the warning signs
Tap the signals that should raise an AI-fraud / synthetic-identity concern, then reveal the flags.
How to defend
- Strong livenessUse robust, injection-resistant liveness detection, not a basic selfie.
- Document authenticationVerify documents against issuer features, not just appearance.
- Data corroborationCross-check identity against independent real-world records and history.
- Device & behaviourUse device fingerprinting and behavioural signals to spot farms and anomalies.
- Ongoing monitoringWatch for "bust-out" behaviour after onboarding.
- Human reviewEscalate uncertain cases to trained reviewers — don't fully automate the edge cases.
Where Probitas fits
AI can fake a face and a document, but it is far harder to fake a real person's footprint in the public record. A Probitas check screens individuals and companies against sanctions, PEP and adverse media sources and surfaces the public record, anchored to its origin — adding a corroboration layer that complements liveness and document tooling. The identity-verification stack and onboarding decisions remain yours.
AI,
What is a deepfake in the context of fraud?
AI-generated video or audio that convincingly impersonates a real or invented person. Fraudsters use deepfakes to pass selfie or video identity checks and to impersonate people in voice-based verification or authorisation.
What is synthetic identity fraud?
Creating a fictitious "person" by blending real data (often a stolen identifier such as a national insurance number) with fabricated details. Because no single real victim is immediately affected, synthetic identities can pass checks and build a footprint before being used for fraud or laundering.
Why is traditional KYC vulnerable to AI fraud?
Document-and-selfie KYC assumes documents are genuine and faces are live. Generative AI can forge documents, generate matching deepfake faces, and even inject fake media into the verification feed — undermining both assumptions at once.
How can firms defend against AI identity fraud?
With layered defences: robust liveness detection, document authentication against issuer features, corroboration against independent real-world records, device and behavioural intelligence, ongoing monitoring for bust-out behaviour, and human review of edge cases.
Why does corroboration help against synthetic identities?
Because a fabricated identity can fake a single document or face but struggles to reproduce a deep, consistent, independently-verifiable footprint across the public record. Cross-checking against that record is a strong way to expose identities that do not really exist.
Sources
This guide is written from primary sources. Each is linked below; claims in the text link to the specific reference they rely on.