Identity Fraud Doesn’t Look Fake Anymore, Regula Study Finds
Identity fraud is no longer defined only by fake documents or stolen credentials. According to a new study by Regula, a global developer of identity verification solutions, deepfakes now concern businesses almost as much as document fraud and identity spoofing using stolen credentials. At the same time, AI agents and automated systems acting on behalf of users are emerging as a new identity-related concern. Notably, digital interactions increasingly appear legitimate even when their origin remains unclear.
Top concerns for identity fraud in 2026, according to the Regula global study
Identity threats are converging
Regula’s The New Shape of Identity Threats study suggests that identity fraud is evolving from isolated fake artifacts toward coordinated, legitimate-looking AI-assisted behavior. Modern attacks increasingly combine deepfakes, automation, biometric impersonation, behavioral mimicry, legitimate identity fragments, and software acting on behalf of users to blend into normal digital workflows. Today’s fraud increasingly imitates trusted identity behavior rather than simply presenting fake artifacts.
This shift is already reflected in organizations’ threat perceptions. Deepfakes and AI-generated impersonation now rank nearly as high as document fraud and identity spoofing, while AI agents and automated systems acting on behalf of users are emerging as a growing identity-related concern.
Deepfake concerns are highest where digital identity flows are most mature
The Regula study reveals that concern around deepfake impersonation is strongest in countries and industries where digital onboarding and remote identity verification are already deeply embedded into everyday operations.
Singapore (42%) and the UK (41%) report the highest levels of concern about deepfake globally. So do the gaming and gambling organizations (40%) and banking and crypto industries (37%). In these sectors and markets, identity verification increasingly depends on remote interactions, biometrics, automated onboarding flows, and continuous authentication. As a result, attacks based on AI-generated faces, voice cloning, behavioral mimicry, and synthetic identity signals become operationally relevant much faster.
Trustworthy-looking signals become the new challenge
The Regula study suggests that organizations are entering a new phase of identity security, in which attacks are increasingly designed not to bypass systems directly but to operate normally within them.
This creates growing pressure on businesses to move beyond isolated verification checks toward more adaptive systems capable of correlating identity signals, validating consistency, and detecting synthetic behavior patterns over time.
Identity fraud is evolving from static fake artifacts toward synthetic, AI-powered identity behavior designed to appear trustworthy throughout the entire verification flow. The challenge for organizations is to determine whether the overall interaction itself can be trusted — whether the person behind the session is genuine, whether the behavior is authentic, and whether the identity signals remain consistent across the entire customer journey.
— Henry Patishman, Executive Vice President of Identity Verification Solutions at Regula
About “The New Shape of Identity Threats” study
The research was conducted by Sapio Research in March 2026 and is based on a survey of 850 decision-makers in fraud prevention and financial crime across seven markets: the UK, US, Germany, Singapore, UAE, Brazil, and Mexico. Respondents represent industries including banking, financial services, crypto, telecommunications, government, and gaming.
The full report includes country- and industry-level findings on AI-driven identity activity, visibility gaps, and emerging risks in digital identity verification.