Dive into the world of fraud with the What The Fraud? podcast! 🚀 Today’s guest is Ilya Brovin, a growth strategist from Sumsub. Join Tom and Ilya as they explore the latest insights from the annual Identity Fraud Report and uncover the most significant changes in fraud trends over the past year.
TOM TARANIUK: Hello and welcome back to series two of “What The Fraud?”, a podcast by Sumsub where digital fraudsters meet their match. I’m Thomas Taraniuk, currently responsible for some of our very exciting partnerships here at Sumsub, the global digital verification platform helping to verify users, businesses and, of course, transactions as well.
Welcome to a special episode of “What The Fraud?”! Today, we’re diving into the findings of Sumsub’s annual Identity Fraud Report with our guest, Chief Growth Officer at Sumsub, Ilya Brovin.
Each year, Sumsub analyzes millions of verification checks. This year we’ve surveyed over 1000 end users and talked to more than 200 fraud risk professionals to paint a complete picture of what’s happening in the world of fraud. Our report isn’t just statistics—it’s a trusted resource referenced by organizations like Interpol, The Wall Street Journal, Microsoft, and CNBC.
We’re releasing this year’s insights during Identity Fraud Awareness Week (November 17–23), making it the perfect time to explore strategies for 2025 and beyond. Ilya, who leads Sumsub’s product strategy and investor relations with a strong background in finance and tech-driven services, is here to break it all down for us.
Ilya, welcome to the show! How’s everything going on your side?
ILYA BROVIN: Thank you, Tom, it’s a pleasure to be here. It’s going good.
TOM TARANIUK: That’s great to hear. Let’s start with some context for our listeners. What’s the main purpose of the Identity Fraud Report and what has Sumsub uncovered this year?
ILYA BROVIN: So we monitor users behavior from the time they onboard with our clients all the way to the ongoing interaction. And we deal with identity fraud globally, and we try to protect it every step of the user’s journey. So we know how tricky it can be. And there are lots of different fraud types that are happening in different industries, different locations. And we do see a lot of those happening as we are helping our clients to protect against this. So we wanted to share in this report the latest fraud trends. We wanted to talk about the defenses that businesses can have around it. And that’s why we divided our report into two main sections:
And so we obviously wanted to share a lot of the data that we see throughout our work.
TOM TARANIUK: So we both read the report. And I mean, from my perspective, it’s much more detailed than 2023. Without giving too much away, Ilya, can you share some of the biggest areas of change you’ve noticed compared to last year’s report?
ILYA BROVIN: Sure. I think the the first thing that comes to mind is that, you know, fraud is no longer limited to just professionals, right? To expert criminals. It’s become much easier to conduct. And we’ll talk about this later. And also deepfakes are now part of everyday life. They are now account for about 7% of all types of identity fraud, which I think is a huge figure, actually, for a type of attack vector and technology that’s kind of really been available to a mass market for just over a year.
TOM TARANIUK: Most definitely.
ILYA BROVIN: And this is something we see frequently: fraud doesn’t stop at onboarding. Onboarding is just one phase of the journey where fraudsters can engage in their activities. However, the primary objective for most fraudsters is to gain access to a business or position themselves to commit fraud after they’ve completed onboarding.
This is why we emphasize the importance of ongoing monitoring.
Lastly, there’s a noticeable shift in attitudes, particularly among regulators, towards fraud. Regulators are increasingly placing both the regulatory and financial responsibility for fraud’s impact on businesses, emphasizing that they are in a position to address these issues effectively.
TOM TARANIUK: You mentioned some insightful numbers there, including the 7% for deepfakes. But one figure that stood out for me was the 67% of companies which reported a fraud increase from 2023 to 2024. So why do you think fraud continues to rise so steeply in this case?
ILYA BROVIN: Look, I think there are three main factors to think about:
TOM TARANIUK: Got you. Well, do you think education is a double-edged sword because we’re talking about democratization of access to these services? So fraudsters are getting educated, but also the individuals who are maybe on the defensive are not getting educated enough to clean up, let’s say, their protective measures.
ILYA BROVIN: Look, education is undoubtedly a major factor in reducing and controlling fraud rates. However, as I mentioned, the measures required to protect oneself are constantly growing, making it increasingly difficult for the average user—or even the average business—to stay ahead of emerging fraud trends. It’s always a tug of war: fraudsters continuously develop new techniques, and businesses, with the support of companies like Sumsub, must work tirelessly to counter them.
Raising awareness is essential. Both individuals and businesses need to understand the current fraud landscape and what actions they should take. Additionally, educating employees and users about potential threats and prevention strategies plays a pivotal role in building robust defenses.
TOM TARANIUK: Absolutely. I agree on that. We’ve discussed a few points like that in previous episodes, but we’d love to address the fraud-as-a-service aspect of this. I mean, fraudsters seem to be treating their operations almost like businesses like these enterprises, which they’re targeting and trying to go after and circumvent their, let’s say, their fraud barriers. So they’re also investing in tools, infrastructure to scale their activities. But why has it been so easy this year to get started? And what makes the fraud-as-a-service so appealing to them?
ILYA BROVIN: As I said, fraud has become way cheaper to execute nowadays. You can pay a few dollars for for an app that can create deepfakes, realistic deepfakes with images, video, voice and so that’s democratized access to fraud tremendously.
Suggested read: What Are Deepfakes?
Then you also have technology reaching regions with lower levels of income and less economic stability. That basically pushes more and more people from those countries to participate in fraud, as this is a quite a lucrative activity for them individually, as well as for people who organize these networks. So speaking about networks, more and more fraud is actually not done individually by a single fraudster, or even like the fraud itself is not an action of an individual person. We see more fraud rings or fraud networks, with multiple people being engaged in fraudulent activity. It’s much harder to detect. But yeah, so it’s become much easier to organize people across different places to participate in fraud in an organized way.
Suggested read: Fraud Rings: A Dangerous Trend Businesses Should Be Aware Of
And, you know, just in terms of give you an example of economics, we’ve estimated that, you know, for an expense of about $1,000 per month that you’ve spent on conducting fraud the damage that fraudster can cause to businesses is like upwards of $2.5 million. So it’s a huge ROI in financial terms. And obviously, this means that a lot of people are lured into participating in that activity.
TOM TARANIUK: Definitely. I mean, at the end of the day, there’s a lot of businesses that I know which are trying to make access to digital services more equitable. But when we’re talking about making access to digital fraud services like creating IDs, like creating deepfakes more, more equitable, I think it’s a double edged sword. It’s a bit difficult to sort of combat that, right? But I would love to move on, Ilya, to maybe examine the types of fraud identified in the report, like fake IDs and deepfakes. Why are they becoming so common?
ILYA BROVIN: One factor, as we discussed, is the easy access to technology that enables the creation of deepfakes. That’s one key point. Another interesting aspect is how this challenges the traditional notion of trust. Historically, the idea was, “If you can see it, you can believe it.” Seeing something with your own eyes was considered the ultimate proof of truth.
Bringing this concept into the online world, that principle held until the proliferation of advanced technology like deepfakes. For example, in Germany, laws around remote identification rely on live video interviews, as seeing someone live fosters a sense of trust. Fraudsters are targeting this foundation of trust because, if you can manipulate or fake that “proof,” it undermines one of the most fundamental ways we verify identity.
This is why fraud is increasingly moving in this direction. The idea that “what you see is true” is no longer reliable online. Deepfakes exploit this vulnerability by effectively faking personalities. This trend is growing globally, with South Korea experiencing a staggering 735% year-on-year increase in deepfake incidents.
Deepfakes are not just a financial fraud issue. They are increasingly affecting other sectors, including media, public opinion, and elections. Surveys indicate that in many countries, over 80% of people express concerns about the impact of deepfakes on election integrity. The reason is simple: when people see a person moving, talking, and seemingly saying something, they instinctively believe it’s true. But now, that trust is being eroded. This, I believe, highlights why there’s so much focus from fraudsters on deepfakes—it’s an area where they can exploit trust at its core.
TOM TARANIUK: The political side is scary, right? Especially now that we’ve gone through the elections and we don’t know how much has been impacted. Deepfakes aren’t the biggest problem in identity fraud, though. Fake documentation makes up about 50% of cases from what we’ve seen. Fraudsters are experts in creating these documents. Now, it seems you mentioned the democratization of access to these softwares, these technologies for minimal prices and maximum ROI. So what trends other than what we’ve discussed are consistent with last year’s report, would you say?
ILYA BROVIN: Yeah, you mentioned documents. Obviously that’s the main fraud vector. There are technologies to not just augment documents and change photos or text on them, but actually create fully synthetically generated documents. There was a case, quite a known case of a website called Only Fakes, where you can for $15 create. I’m not sure it was unlimited or a large number of faked synthetic documents, which are quite hard to detect for systems that are not yet ready to detect that. So that’s why you actually need a lot of traffic, and you need to see a lot of fraud to be able to catch the fraud. So for sure, document fraud remains the leader.
Another type of fraud that is quite prevalent is chargeback fraud. You know, it’s a type of first party or friendly fraud when people are objecting or refusing to acknowledge that they made some transactions. So that’s a big type of fraud, which is actually quite hard to detect. It’s not so much about identity fraud, but certainly, we’ve figured that over 50% of businesses face this type of fraud.
Suggested read: 4 Ways to Protect Your Business from Chargeback Claims
And account takeover is probably the other very prevalent trend. And that’s one of the types of fraud that you can only monitor post-onboarding, because somebody has created an account, but then somebody has stolen it, somebody else has stolen it. So you need to really understand what is the behavior of the original user and how it’s different from the behaviour of a fraudster to be able to detect it.
Suggested read: Account Takeover Fraud: Prevention and Protection
TOM TARANIUK: Organized operations like fraud networks and money muling often involve groups executing coordinated attacks together. And from the point of view of targeting multiple platforms and, of course, diverse industries on a global scale why are we seeing more of this and what can we do on the defense side that we discussed earlier to stop it and protect these businesses?
ILYA BROVIN: Well, let’s first talk about why I think at one point I mentioned, obviously, technology access in lots of less developed countries meant that, you know, it’s much easier to involve and engage individuals from those countries in this type of behavior. These attacks are also much harder to detect especially at onboarding stage, as we discussed before. And so that’s what why fraudsters also want to use them. So because a lot of times they involve real people. Onboarding with real documents that just effectively selling their accounts, for example. And we’ve actually found that in the first quarter of this year, about 1%—one in every 100 users—was involved in some sort of a network. I mean, I find it a staggering statistic, actually. It might be obviously skewed by the client base of our client, the user base of our clients, but still, we see a lot of that. As I said, they’re very hard to detect at the onboarding stage because these are real people. And especially they’re prevalent in such regions as APAC. Seven out of ten countries that are most prone to be involved in fraud networks are in APAC. One type of those fraud attacks is money muling—it is when a real person creates an account with their own documents, but then they let somebody else use that account.
Suggested read: What’s Money Muling? Understanding Red Flags and Why Businesses Should Be Concerned
So that will remain a dominant strategy. But funnily enough or not, finally, you know, it’s not just people from developing countries that are selling their KYC credentials. We see that happening in developed countries as well. So the only way to fight this—is to actually monitor the user behavior, or account behavior in that case, because you don’t know who is doing that after onboarding.
This is where I believe the industry is moving: the need to integrate systems that evaluate individuals both during onboarding and throughout their subsequent activity. Historically, these areas have been treated as separate domains within businesses. Onboarding has typically been managed by compliance and product teams, while monitoring post-onboarding behavior has often been handled by entirely different teams using different systems.
The challenge lies in connecting these disparate data points. Stitching the data together in a way that helps prevent fraud has been incredibly difficult because of these siloed approaches.
That’s why, when we design our products, everything is built on the same platform. This ensures that any data we collect during onboarding can be seamlessly used later to monitor an individual’s activity. This unified approach enables us to detect fraudulent networks by connecting users across onboarding and transactional activities, even when the connections might initially seem unrelated. For example, we can link individuals based on device fingerprints, locations, selfie templates, or other seemingly disconnected data points. This ability to piece together these connections isn’t limited by industry or geography. We can identify fraudulent behavior across industries, countries, and clients. This is crucial because fraudsters often operate simultaneously across multiple verticals and target numerous clients at once.
Ultimately, this interconnected approach is the only way to effectively combat fraud at scale. But as we’ve discussed, it’s an ongoing tug of war. Fraudsters innovate constantly, and we must develop tools to counter their tactics just as quickly.
TOM TARANIUK: Definitely the case, I’d agree—especially when it comes to our solutions. As we discussed earlier, piecing together all the information is essential. Having a bird’s-eye view is valuable, but it’s equally important to be reactive. For example, setting up behavioral triggers and conditions allows you to take immediate action. These triggers might prompt a KYC recheck or a bank card verification if suspicious activities like account takeover (ATO) attempts are detected. I think this proactive approach is critical.
On the first point you raised, you mentioned APAC as a high-risk region. That’s a fascinating insight from the report and the industry data. Could you share more about what makes this region particularly vulnerable to these types of attacks?
Suggested read: 7 Fraud Trends in the APAC Region in 2024
ILYA BROVIN: Look, it’s a big region. There are countries with lower levels of economic development and government control, and economic stability. And also it’s quite digitally savvy actually, because lots of countries in that region jumped through couple of generations of development of financial systems to something that is mobile-first, remote-first. And obviously, those two factors create sort of a very fertile ground for fraud. So some of the numbers that we have in the report: Europe at 150% growth, APAC—120% growth, Africa is leading at almost 170%. LATAM and North America are all growing at sort of 120 to 140% growth. So that’s something to watch out. But obviously regions with less economic stability and resource availability are more prone to be involved.
TOM TARANIUK: Definitely the case. I mean, those numbers are staggering. Ilya, of course, you know that we do work across so many different industries and mobility marketplaces, banking, fintech, payments all the way to crypto and iGaming, of course, but these sectors are different. I’d say different in the way that some are hit harder than others in terms of fraud. So would you be able to help me break down which industries are most targeted, and why they might be most exposed to identity fraud?
ILYA BROVIN: The statistics that we show in the report for 2024 is that dating is the number one, closely followed by online media: so about 7%. So dating was about 9%, and online media—about 7%. Then: banking, insurance, video gaming, crypto and transportation.
Overall, fraud growth rates in the dating sector were an 265%—more than three and a half times higher than in online media, which saw a growth rate of 180%. Why is this the case?
Here’s my perspective: in financial services, there’s regulation. Businesses are required to perform specific types of checks, and compliance officers or other professionals are trained to anticipate fraud and remain vigilant. In contrast, non-regulated segments like online media and dating lack these safeguards. In these spaces, users often don’t suspect they might be defrauded and are frequently in vulnerable positions. This makes them prime targets for scams. It’s why romance scams, in particular, have become such a prevalent and concerning trend.
Suggested read: Detecting Romance and Dating Scams: A 2024 Guide for Dating Platforms and Their Users
I actually gave an interview to CNBC on this same topic around February, which is when we observed a significant spike in this type of fraud. Online media, including streaming services and social media, is also highly susceptible to fraud, though the types of fraud vary. In online media, for example, we frequently see “friendly fraud” or first-party fraud. This includes behaviors like account sharing or abusing certain benefits, such as sign-up bonuses. Interestingly, this is often tied to organized fraud networks, as these activities are commonly carried out by groups of individuals.
Beyond online media, the two biggest sectors impacted by fraud remain banking and insurance, along with fintechs. These industries continue to be major targets simply because that’s where the money is.
TOM TARANIUK: To sort of touch on the points around the offence factor or these industries being targeted perhaps separately and some regions maybe being more susceptible. But I’d also like to touch on the defence aspect highlighted earlier with fraud now on the rise. What can companies do to protect themselves at the end of the day? And what would you recommend as like a key strategy to help them protect themselves?
ILYA BROVIN: Great question. We highlighted this in last year’s report. And again, this trend we see in this report: the majority of fraud happens after onboarding.
TOM TARANIUK: Education, as we mentioned earlier, is a super important part for employees and the general audience, the audience listening here today as well. But what could you tell me on the regulatory side? You touched on it a moment ago. Are there any changes from 2024 to 2025 that our audience should be aware of?
ILYA BROVIN: What’s particularly interesting is how the responsibility for fraud losses has evolved. Historically, it was either individuals or merchants who bore the financial burden of fraud. However, regulators have increasingly recognized that financial institutions, which enable payments, are better positioned to protect against and control fraud.
As a result, in many countries, regulation has shifted the financial responsibility for fraud onto the financial institutions involved. For example, in the UK, a new law that took effect on October 7 requires banks and payment service providers to compensate victims of fraud up to £85,000 per person.
That said, certain types of fraud remain challenging to detect, even for banks. Take APP (Authorized Push Payment) fraud, for instance. This occurs when a user is tricked into providing transaction confirmation codes, leaving banks unaware of what happened behind the scenes. Nevertheless, by making financial institutions responsible for such losses, the regulation encourages them to focus more on prevention—a move I think is very prudent.
On a broader scale, the EU’s AI Act, while not specific to fraud, addresses critical issues like how AI is used in both perpetrating and combating fraud, as well as how personal data is protected in these systems. As AI becomes more central to the fight against fraud, having a clear regulatory framework in which to build these systems is increasingly important.
TOM TARANIUK: Do you think these regulations or the work that these regulators are putting in will be enough? Or do companies need to go above and beyond what’s required to remain protected, both themselves fiscally for the bottom line to make, to keep their licenses, but also to protect their user base as well?
ILYA BROVIN: The regulation is never the end goal, right? It usually establishes the least common denominator, the minimum level of what you have to do to protect your users. Obviously, businesses care about their reputation and their long-term viability will be proactively investing in systems and doing, as you said, and going above and beyond what’s required in the law. But nevertheless, I think, in some cases, regulators need to get involved and change the rules and create the right incentives as well. Because in a competitive world not all businesses would be investing enough, especially if their competitors are not doing the same if it’s not required. So I think having the level playing field for everybody is actually a good thing.
TOM TARANIUK: So there’s a lot of measures that companies can put into place. And obviously the regulators are setting the very basic baseline that they should do. But in saturated markets, when we’re looking at iGaming and gambling online, or fintech, where the stickiness is really essential, when a KYC journey is a little too long, customers may jump off and go to the next best alternative as a solution or digital service. So how imperative is it for companies to choose measures which would protect their users and their company, versus making it short and sweet to obviously onboard as many users as possible?
ILYA BROVIN: That’s a great question, and ultimately, it’s a business decision for any company. When we talk about KYC or onboarding, sometimes it’s a matter of seconds—like 10 or 20 seconds versus 50. In reality, I think there will be a shift in focus from simply optimizing for ease and conversion rates to placing more emphasis on the robustness of the systems.
From a risk perspective, there are many methods available to securely identify individuals without introducing additional friction. In fact, some of these methods can actually reduce friction. For example, non-documentary methods, where people are identified through records in government databases, don’t require users to submit physical documents. This journey is often much simpler—no need to worry about poor lighting, bad connections, or glare on photos. You don’t have to retake your photos multiple times. Instead, you authenticate through a service that’s familiar to you, which brings another advantage.
These non-documentary methods are often local rather than global. So, if you’re from a particular region, you’re offered a method you’re already familiar with. In many cases, this creates a win-win situation: it’s faster, more convenient, more secure, and trusted by users.
Suggested read: Documentary vs Non-Documentary Verification (2024)
Therefore, security doesn’t always mean more friction. Sometimes, it can actually mean less.
TOM TARANIUK: Amazing to hear. Looking ahead earlier, I mean we talked about a lot of these trends now, but would you be able to give our audience a summary of what trends you see, as companies and consumers need to look out for?
ILYA BROVIN: Look, I think actually the trends will be sort of a continuation expansion of the trends we’ve seen actually over a couple of years. Obviously, we’ve talked about AI and deepfakes being a big driver of fraud; money mules will continue to be a sort of a very noticeable fraud vector. And but also lots of attacks will become more hybrid involving more than one attack vector, and therefore will be harder to detect. So I don’t think there will be something groundbreakingly new, but I think the proliferation and the complexity of these attacks will become much higher.
TOM TARANIUK: Definitely the case. But do you think there is a bright side? I mean, there’s a buzzword here that we just keep throwing around—AI. But it is being used more and more for the defense methodology, which we discussed. Are you excited on for well, for companies to be well, to be using and using AI to combat fraud more frequently.
ILYA BROVIN: Yes, absolutely. We say we use AI to fight AI, right? And that same tool gives you a lot of power to detect fraud, violations in real time or near real time and be very accurate, and also do it much more efficiently and at scale. So for sure, at the same time as providing tools for fraudsters, it provides tools and defenses for the businesses. So that’s that’s one bright side.
I’ve mentioned the acknowledgement that businesses need to move to using more secure methods, which can actually be simpler and more secure, like Non-Doc. So I think that that is much more being asked by clients of ours.
And the last one we talked about is regulation. I think the fact that regulators are recognizing the effects of fraud and how big of a societal issue it’s becoming, and they’re focusing on this and introducing regulations to create a level playing field and a minimum standard of protections for consumers and businesses, is a good development as well.
TOM TARANIUK: Great. Thank you, Ilya. All very important points to take on as the audience. And of course, companies which are protecting themselves not only today but in 2025, as new new trends arise, new fraud methods need to be implemented. And of course, new regulations set a new baseline. Thank you for joining us today, Ilya. But we do have one more thing to cover, which is the quick fire questions. So these are going to be a surprise. And I’m very I’m looking forward to these. They are a surprise to both of us. So when choosing a digital wallet, do you go for more features or better security?
ILYA BROVIN: Probably security.
TOM TARANIUK: It’s got to be security, I think, as well. But number two: strong passwords or biometric authentication?
ILYA BROVIN: Both.
TOM TARANIUK: Both? No. You got to pick one.
ILYA BROVIN: I like biometric. It’s very secure. The passkey functionality I’ve been transferring everything to it.
TOM TARANIUK: Makes it easier on. I think secure as well. Is online fraud more about technology flaws or human error?
ILYA BROVIN: Again, both. But I think technology allows to exploit the human errors.
TOM TARANIUK: Definitely the case. It’s a good answer actually. What’s one habit you rely on to stay safe online?
ILYA BROVIN: Very good question. I accept the fact that there’s a lot of fraud happening. You know, you’ll get hacked and stuff. And so I just basically try to separate what needs to be secure and keep it secure. And then the rest, you just have to sometimes take it as a fact of life.
TOM TARANIUK: There’s too many accounts, you know, just copy the same password even though it’s a bit risky. But if you could have any other career, Ilya, other than the one that you’re currently in, what would you be doing? I’ve heard, pilot?
ILYA BROVIN: I did want to be a singer when I was a child.
TOM TARANIUK: But right now, you still want to be a singer.
ILYA BROVIN: I probably wouldn’t pick it for a professional career, but yes, that’s probably. Music is an area, especially classical music.
TOM TARANIUK: Fantastic to hear. Well, thank you, Ilya. All great answers, I think.
ILYA BROVIN: Thank you.
TOM TARANIUK: What a great episode today with Ilya from Sumsub! I’d like to touch on a few key takeaways from today’s discussion. We broke it down into two main categories: defense and offense—basically, the attacks we face and how we can protect users.
On the offense side, we explored a very industry-specific approach, highlighting how some sectors experience significantly higher levels of fraud than others. We mentioned online media and dating services, but this issue is also geographically diverse, with APAC leading the charge in fraud cases. At the same time, AI is increasingly being used globally, both to combat fraud and to challenge businesses’ compliance and fraud prevention systems.
With that, we’re seeing a massive rise in APP fraud, chargebacks, and other issues like account takeovers. What’s critical here is that these attacks aren’t just isolated—they’re happening within organized fraud networks. It’s now essential to spot who’s connected to whom and where the relationships lie in the data. Furthermore, businesses are often targeted from multiple angles at once, which highlights the need for a hybrid defense approach.
When it comes to defending businesses, as Ilya mentioned, artificial intelligence plays a crucial role in piecing together the relevant data to spot and prevent fraud.
While global regulations can set a baseline for protecting businesses, we need more comprehensive frameworks to support digital services and onboarding processes. Education is key—setting the right expectations around what’s required and why it’s necessary. There are measures that may increase friction, but ultimately, they reduce the risk of users falling victim to scams or exploitation.
To fight back against the offensive tactics of these criminal groups, businesses need multiple layers of defense. So, to businesses listening, don’t sacrifice robust compliance frameworks for the sake of faster onboarding. Do it smarter, and of course, do it with Sumsub.
Thank you for joining me today on “What The Fraud?” I hope you’ve walked away with plenty of actionable insights to protect your business from the rising fraud trends of 2025 and beyond.
