Deepfakes Already Hitting Businesses as Often as Traditional Fraud, Regula Survey Finds
Fresh survey data from Regula, a global developer of identity verification (IDV) solutions and forensic devices, shows that the line between traditional fraud and impersonation attacks has vanished. Identity spoofing, biometric fraud, and AI-powered deepfakes have already struck one in three organizations worldwide, catching up with long-standing fraud tactics like forged documents and social engineering.
Three impersonation-driven tactics now dominate the fraud playbook, each exploiting weaknesses in verification:
Identity spoofing (reported by 34% of organizations) — Holding up a printed photo, replaying a video, or showing a screen image to a camera. Often used to mass-open accounts for scams or mule networks.
Biometric fraud (34%) — Physical deceptions like fake fingerprints, silicone masks, or 3D models that outsmart biometric sensors. Favored in SIM swaps or account resets to hijack user accounts.
Deepfake fraud (33%) — AI-generated faces, voices, or videos to convincingly mimic or invent identities. Increasingly deployed in video-based KYC (Know Your Customer) to secure “clean” accounts for money laundering or fund movement.
These tactics now occur as frequently as traditional fraud methods: document fraud (30%), synthetic identities (29%), and social engineering scams (30%). What was once an emerging threat has gone mainstream.
Regula’s survey shows that impersonation attacks overtake traditional fraud schemes
The key shift is that fraudsters are no longer breaking in through the back door—they’re walking straight through the front. The verification step itself has become the primary target. Criminals create fake but ‘clean’ identities that look legitimate from day one, making downstream fraud detection nearly powerless. Onboarding is now the battleground.
— Ihar Kliashchou, Chief Technology Officer at Regula
Industrialized impersonation
The bigger the attack surface, the smarter the attacks. Small businesses (<50 incidents a year) still mostly deal with forged documents. But at larger levels (250+ cases annually), nearly half of incidents involve AI-driven fraud.
The money tells an even greater story: 40% of companies with $1M+ in fraud losses report being hit by deepfakes. For organizations bleeding $5M+, deepfakes and synthetic identities are now the top fraud vector.
What we are witnessing is market optimization: AI tools drive higher ROI for criminals.
The defense imperative
The findings confirm a sobering truth: fraud prevention is locked in a perpetual arms race. Defenses built for yesterday’s fraud fail fast. To stay ahead, organizations need layered defenses that combine flexible identity workflow orchestration with the ability to adapt to business needs and evolving threats. By uniting multi-layered verification with a liveness-first strategy, businesses can build strong, lasting protection against increasingly sophisticated fraud.
Coming soon: Full report
The complete survey analysis will appear later this month in Identity Verification 2025: 5 Threats and 5 Opportunities. The report, based on a survey conducted among businesses in various industries across the US, Europe, Asia, and the Middle East, offers a comprehensive look at how identity fraud tactics are evolving and what enterprises are doing to protect digital trust.
In the meantime, explore our expert articles here:
What vulnerabilities in IDV systems do deepfakes target, and how can you prevent such attacks effectively?
What can presentation attacks look like?
What is liveness detection, and why do you need it in your IDV workflow?
What is risk-based authentication, and how does it help detect presentation attacks?