Impersonation, emulators and ecommerce lead sophisticated fraud trends

Online fraud rates have held above 4 percent for the third year in 2025, according to new research from Veriff, but detecting it is getting harder. Impersonation remains the most common type, with one in 25 identity verification attempts online an attempt to pose as someone else, the company’s research shows.

Veriff’s Identity Fraud Report 2026 highlights the shift to more sophisticated attempts, including emulator attacks that mimic devices to bypass security measures like device intelligence and behavioral biometrics. It also shows ecommerce marketplaces are the most frequent target for fraud, with a rate of 19.2 percent in 2025.

The company has been emphasizing the point about the sophistication of fraud attacks, as have others in the industry like Sumsub and Veridas.

Stopping them comes down to answering three key questions, Veriff says. Is the customer or employee real? Does the customer or employee bring value or cost to your organization? Has the answer to either of the first two questions changed?

The answers are provided through selfie biometric onboarding with liveness detection and a government-issued ID, cross-linked risk analysis and biometric authentication, respectively.

The boom in sophisticated fraud has already driven a massive spike in authentications carried out by Veriff.

The report breaks down digital identity fraud data from the year, looks into impacts in the financial services, online retail and other sectors. It reviews regional differences in fraud patterns and offers predictions for the year ahead.

“Across industries, online fraud attempts are clearly continuing their sharp upward trajectory, with our latest findings coming on the heels of two consecutive years of 20 percent increases,” says Ira Bondar-Mucci, fraud platform lead at Veriff. “In addition, we’re seeing a clear trend of fraudsters deploying increasingly sophisticated attack methods as they move away from older techniques that are now more conspicuous.”

Veriff has also published a series of white papers and reports on fraud threats with Biometric Update, making its Fraud Index for 2025, UK Fraud Industry Report, Future of Finance, Identity Fraud Report 2025 and “Future of e-Commerce Report 2025” available for free with registration.

UK gov’t plans tour to fix argument to public on national digital identity

UK government officials have admitted that the initial attempt to communicate a new policy for introducing national digital identity was flawed, and ministers will do penance in the form of a tour across the nation to engage with the public.

The public consultation planned for 2026 will include meetings between government MPs and voters to go beyond the normal consultation process, PublicTechnology reports.

The public consultation was originally slated to begin this year, but has been delayed by Cabinet Office taking over the process from the Department for Science, Innovation and Technology (DSIT), according to the report.

And the government has a lot of explaining to do. PublicTechnology points out that the government is aware that it did not make a convincing enough case for how the digital ID will help reduce illegal immigration.

Subsequent communication about public services fueled claims of a sprawling, overreaching and costly big-government project.

Ping Identity GTM CTO Alex Laurie notes in a column for Tech Monitor that the 1.8 billion pound (roughly US$2.4 billion) cost figure estimated by the OBR should be measured against the £200 million fraud costs the UK economy every year. Then there is the loss of productivity from all the time and effort wasted on inefficient, manual and paper-based identity checks for everything from home rentals to public service access.

Laurie, as a professional, moves on quickly to the real issues around database and data sharing architecture, data minimization and cryptography. But his main point will bear both repeating and further explanation.

The government has said it doesn’t recognize the OBR’s cost figure, because not enough about the system’s design has been decided.

As Frank Hersey of MLex points out on LinkedIn, Cabinet Office Parliamentary Secretary Josh Simons said explicitly during a Monday Parliamentary Committee hearing that “we are building this vital public good for our country, not outsourcing it and not leaving it to private companies.”

Chief Secretary to the Prime Minister Darren Jones told digital identity industry representatives including TechUK, the Association of Digital Verification Professionals (ADVP) and the Age Verification Providers Association (AVPA) last week that the consultation will be fully open, and that no final decisions have yet been made.

Someone is off-message.

Hungarian IDV acquisition attracts suspicion over alleged government ties

FaceKom, the identity verification company used by the Hungarian national digital identity program, has been acquired by major local IT and telecom group, 4iG Informatikai (4iG IT). The deal is now attracting attention among media outlets and political watchers due to the companies’ relationship with Prime Minister Viktor Orbán.

The acquisition was announced on Tuesday, with 4iG IT signing an agreement to purchase 100 percent of FaceKom pending regulatory approvals.

FaceKom is known for its facial biometrics-based identity verification, video-based customer identification (eID) and kiosk software. The company was commissioned to identify citizens as part of the government’s Digital Citizenship Program (DÁP).

4iG IT says that the acquisition would help integrate digital identification and authentication solutions into its products, allowing Know Your Customer (KYC) compliance for remote customer identification. The company is currently planning expansion in the Western Balkans and in Central and Eastern Europe.

“Our aim is to introduce FaceKom’s innovative technological solutions to new markets by leveraging 4iG Group’s international presence, and to further strengthen our position in high-value-added, software-based services,” says Gábor Radó, CEO of 4iG Informatikai Zrt.

Recent 4iG’s purchases, however, have been raising questions over the company’s reported links to the Hungarian government, which has been accused by critics of enriching political allies, family, and loyalists through state resources and public contracts.

In June, the Hungarian government announced it was selling a large stake in its defence industry to 4iG in a deal that could be worth up to 212 million euros (US$248.7 million). Lawmakers and legal experts have highlighted that the deal represents yet another sale of state assets to allies of Prime Minister Orbán. The deal could also potentially breach several EU rules, including state aid regulations, according to investigative outlet Follow the Money.

4iG chairman and majority investor Gellért Jászai is known for his ties to Orbán and was invited as part of his entourage to Donald Trump’s Mar-a-Lago resort after the 2024 U.S. presidential election.

FaceKom itself may have undisclosed connections with Hungarian leadership.

The company’s previous owner is Equilor Fund Management, owned by the Central European Opportunity Private Equity Fund (CEOM), which is managed by financial services company Equilor. While CEOM has no direct links with Orbán, local media investigations have discovered links with companies owned by the Prime Minister’s son-in-law, István Tiborcz.

One of Hungary’s richest men, Tiborcz was probed for fraud by EU authorities in 2017 after a company he co-owned was awarded tens of millions of euros to upgrade street lights across Hungary.

Neurotechnology wins UIDAI child fingerprint authentication challenge

The latest biometrics challenge held by the Unique Identification Authority of India shows the improving viability of fingerprint matching for children.

UIDAI received 2,106 applications for the Biometrics SDK Benchmarking Challenge 2025, which used a long-term fingerprint dataset made up of children enrolled between 5 and 10 years old and then resamples after 5 to 10 years. UIDAI call it “a rare and scientifically valuable dataset that demonstrates UIDAI’s commitment to evidence-based evaluation and global best practices.”

The challenge focussed on fingerprint authentication, and was launched earlier this year in collaboration with IIIT-Hyderabad.

Neurotechnology, Innovatrics and Bengaluru-based Ooru Digital Pvt Ltd. were selected for the final evaluation, and finished in that order. Neurotechnology recorded an AUC (area under the curve) of 0.99, and an EER (equal error rate) of 0.02, with an FMR (false match rate) of 0.02 at both 1 in 1,000 and 1 in 10,000 FNMR (false non-match rate) thresholds. Innovatrics scored an AUC of 0.99, an EER of 0.03 and FMR of 0.04 at both thresholds. Ooru had an AUC of 0.54 and an EER of 0.54.

UIDAI is also planning to invite the international research and development community to participate in SDK Benchmarking Competitions in other modalities, with face and iris biometrics coming soon. The face match challenge will test age invariance for subjects between 5 and 18 years old.

London Police facial recognition expansion casts wide net

London’s Metropolitan Police have a new community crime-fighting strategy that expands the use of facial recognition and other technologies to catch the city’s “most harmful offenders,” and apparently thieves on e-bikes.

Live facial recognition use will be expanded across all London boroughs. Pilots of operator-initiated facial recognition and cameras fixed to “street furniture” will continue. Retrospective facial recognition capabilities will “continue to grow,” but so will public engagement to build trust. First-responder drones will be deployed across the city for to rapidly reach incidents.

The Met says “officers will expand the use of technology and data to target London’s most harmful offenders” under the plan, which aligns with priorities at the national level.

But a rash of thefts involving people riding e-bikes and e-scooters has London residents “particularly concerned,” according to the announcement. The Independent reports these concerns are largely related to phone thefts.

Two accounts of operations to seize e-bikes and a quote on the Met’s crackdown on them and e-scooters follows.

Facial recognition “has many uses and it will pick up people that speed, so it will pick up people on e-bikes and in all sorts of situations,” Metropolitan Police Commissioner Mark Rowley told The Independent.

Further details are offered in the “New Met for London Phase 2 2025-2028” plan, which extends the strategy of its 2023 predecessor. A new Law Enforcement Data Service (LEDS) will be launched around the beginning of 2027, in part to give Met Police instant identity verification capabilities through facial recognition and other biometrics.

High scale, low confidence

Home Office announced a plan to expand police use of facial recognition across the UK last week, as well as to consider making images from the national passport and driver’s license databases available to police.

There are already more than 19 million custody photos in the police national database (PND). Home Office licensed facial recognition software from Cognitec in 2020 for searches against the PND, but has never updated it.

Now the Guardian and Liberty Investigates have revealed that an NPL assessment commissioned by Home Office showed police officials potential problems with bias in the system in September, 2024.

The demographic differentials of facial recognition algorithms (including from Cognitec) as assessed by NIST were publicly available even before Home Office licensed the software, so any suggestion that they were previously unaware of the issue only introduces more questions.

In response to the NPL’s findings, the National Police Chiefs’ Council (NPCC) ordered the confidence threshold for matches to be raised so that false matches would be filtered out, reducing bias, but police forces complained that the change led to too few leads. NPCC documents show potential matches fell from 56 percent of searches to 14 percent.

The NPCC said police found the change meant “a once effective tactic returned results of limited benefit.”

“Evidence is mounting as to why it is crucial we have robust safeguards in place before this powerful and intrusive technology is expanded any further,” says Liberty Policy and Campaigns Officer Charlie Whelton. “For too long, police forces have set the terms, and we are now seeing the real-life consequences.”

World ID keeps concert tickets from scalpers and bots as Credentials expand

World’s attempt to branch out into digital identity beyond “proof of human” and show its potential benefits in real-world applications has expanded, with new countries and a new use case, respectively.

World ID is being used to keep scalpers and their bots out of concert ticket sales for Latin music star Ricardo Arjona.

The company says in its announcement that automated traffic made up 86.5 percent of the total on major ticketing sites in 2024.

Reserved tickets to November shows in Arjona’s native Guatemala were sold exclusively to World ID bearers.

And World ID Credentials, launched at the company’s “A New World” event in October, 2024, has rolled out in more countries.

Credentials is a feature that allows World ID holders to use the app as a digital wallet, loading in government-issued ID documents to prove things about themselves other than that they are an individual person.

A blog post from the company suggests using it to provide a zero knowledge proof for age verification.

The Credentials are now available in Argentina, Chile, Colombia, Costa Rica, Japan, Malaysia, Mexico, Panama, Singapore, South Korea, Taiwan, the United Kingdom, and the United States. World says they will expand to accept identity documents from more countries “in the near future.”