Building trust at scale: How to prevent ecommerce fraud in 2026

Anna-Kristina Rätsep — Fri, 30 Jan 2026 18:12:09 +0000

In recent years, online shopping has become a vital part of global retail, transforming how consumers and businesses interact. What once took place in physical stores now happens across digital storefronts, accessible 24/7. The convenience, speed, and variety offered by online retail have redefined the customer experience, from groceries to electronics to digital goods. However, this growth has also led to a rise in challenges like e-commerce fraud. How to

With over five billion internet users worldwide, the number of online shoppers continues to rise. This growth is driven by better internet access, advances in mobile tech, smarter payment gateways, and personalized shopping powered by data. In 2024, retail e-commerce sales surpassed $4.1 trillion globally, and the trend shows no signs of slowing. With innovations like same-day delivery, AR-powered shopping, and secure payment options, e-commerce is evolving to be more dynamic and customer-focused than ever. However, this surge has also paved the way for increasingly sophisticated fraudulent activities.

As ecommerce continues to expand, decision-makers in marketplaces must know how to prevent ecommerce fraud without sacrificing customer experience. This guide explains what ecommerce fraud looks like in 2026, why it’s growing, the most common fraud types that marketplaces face, and practical, modern strategies – grounded in layered security, risk-based authentication, and continuous monitoring – that reduce fraud risk while protecting conversion rates and customer trust.

Ecommerce was the number one industry to suffer at the hands of authorized fraud scams, and by a considerable margin: more than 18 times the global average.

Ira Bondar Fraud Platform Lead Veriff

What is ecommerce fraud and why is it growing?

Ecommerce fraud refers to criminal or abusive activity that targets online merchants, their payments, customer accounts, and reputation. It includes payment fraud, account takeover, identity misuse, and chargeback abuse. Ecommerce fraud isn’t a single threat – it’s a collection of tactics targeting payments, accounts, and customer trust.

Fraud is growing because digital commerce keeps innovating and onboarding new customers and payment flows. Criminals quickly adapt to new channels, automation tools, and data leaks. In addition, the increasing velocity of online transactions and global marketplaces raises the attack surface while regulatory and privacy changes reshape how identity signals are shared – forcing fraud teams to rethink detection and verification strategies.

Business leaders should treat ecommerce fraud as a strategic risk that can erode margins, increase operational costs, and damage brand trust if not managed proactively. The cost of reactive remediation – chargebacks, refunds, legal defense, and reputational harm – often far outweighs the investment in prevention.

Common types of ecommerce fraud businesses face

Understanding specific attack types helps risk teams design defenses that are accurate and customer friendly. Below are the primary categories marketplace decision-makers should watch for.

Payment and card-not-present fraud

Card-not-present (CNP) fraud happens when criminals use stolen card data to place purchases without presenting the physical card. CNP fraud remains one of the highest-cost vectors for online merchants because it often results in chargebacks and lost inventory. Payment fraud also includes synthetic identity fraud – where attackers combine real and fabricated identity elements to create usable accounts – and mule accounts used to launder stolen funds.

As ecommerce grows, fraud follows – adapting quickly to new technologies, channels, and consumer behavior. This dynamic is evident in how automated bot farms and credential-stuffing tools have scaled attempts to test stolen card numbers and credentials across merchant sites.

Account takeover and credential abuse

Account takeover fraud occurs when unauthorized actors gain control of a legitimate customer account to make purchases, redirect shipments, or commit identity theft. Account takeover fraud often leverages credential-stuffing, phishing, and data broker leaks.

Account takeover fraud is particularly damaging for marketplaces because it undermines trusted buyer and seller relationships. Detecting account takeover requires monitoring for unusual access patterns, device inconsistencies, changes in shipping or banking preferences, and risky behavior that differs from the account’s historical baseline.

Friendly fraud and chargebacks

Friendly fraud (also called chargeback fraud) happens when a legitimate cardholder disputes a valid purchase – either intentionally (to get a refund while retaining goods) or unintentionally (due to confusion about billing descriptors or subscription renewals). Chargebacks are costly: they carry fixed dispute fees, lost revenue, operational overhead, and potentially higher processor rates.

Strong customer communication, clear billing descriptors, and proactive dispute evidence collection are vital to reducing friendly fraud without adding friction to genuine customers’ experiences.

Key warning signs and high-risk behaviors to watch for

Fraud teams should build a clear view of signals that elevate risk. Typical warning signs include:

Multiple declined transactions followed by a single large approval from the same IP or device fingerprint.

Shipping to high-risk or recently changed addresses, especially with expedited delivery requests.

Mismatched billing and shipping regions combined with inconsistent device or browser fingerprints.

New accounts making large or high-value purchases shortly after creation.

Repeated login attempts, password resets from unfamiliar locations, or simultaneous sessions from geographically distant IPs.

Multiple chargebacks from a single customer or card number across several merchant accounts.

Monitoring behavioral baselines and flagging deviations helps separate low-risk customers from high-risk transactions that warrant step-up checks. Because not all risk is equal, high-risk transactions should trigger step-up authentication while trusted customers move through checkout with minimal friction.

Why advanced fraud prevention is a competitive advantage

Advanced fraud prevention does more than reduce losses: it protects customer data, preserves user experience, and enables growth in new payment flows and geographies. When implemented well, fraud prevention becomes a differentiator – a source of customer trust that can improve conversion and reduce churn.

Layered, intelligent defenses let merchants accept more legitimate business while rejecting fewer good customers. That balance is crucial: overly aggressive blocking damages conversion and customer lifetime value, while permissive rules invite fraud and higher operational costs. Strong payment controls stop many fraud attempts before they ever reach fulfillment.

Modern fraud prevention platforms combine device signals, identity verification, transaction risk scoring, behavioral analytics, and (ML) learning models trained on diverse, recent data. Those systems should integrate with business rules and human review workflows to tune for each marketplace’s unique risk profile. Importantly, as fraud tactics constantly evolve, prevention strategies must adapt through ongoing analysis, updated security measures, and flexible detection models.

Best practices to prevent e-commerce fraud

Ecommerce has become the backbone of global retail, but with rapid growth comes rapidly evolving fraud risks. From account takeovers and refund abuse to increasingly sophisticated authorized fraud powered by AI and deepfakes, online merchants and marketplaces are facing threats that traditional controls can no longer stop. To protect revenue, customers, and brand trust, leading ecommerce organizations are shifting toward a layered, identity-first approach, combining AI-driven identity verification, biometrics, and ongoing authentication throughout the user journey. By verifying that users are real, trusted, and remain the same over time, businesses can reduce fraud without adding unnecessary friction, creating safer digital experiences that support both growth and customer confidence.

A good security system isn’t there to make life difficult. It’s there to help the business grow—safely, fairly, and efficiently.

Andrea Rozenberg Country Manager, Brazil Veriff

Taking the next step toward smarter fraud prevention

For marketplace decision-makers in the U.S., U.K., Brazil, Mexico, and Colombia, executing a pragmatic fraud strategy means three concrete steps:

Assess: Conduct a rapid risk assessment of your current checkout flows, seller onboarding, dispute resolution, and data retention practices. Identify where most losses and false positives occur and map those to specific fraud vectors.

Pilot: Implement a pilot that layers identity verification, device intelligence, and risk-based authentication on a portion of traffic. Use A/B testing to measure conversion impacts and tune thresholds. Start with higher-risk geographies or product categories where fraud is concentrated.

Scale: Once pilots reduce chargebacks and false positives without harming conversion, roll controls out incrementally. Document playbooks for new threat patterns, and maintain a continuous improvement loop for models and rules.

Prevention is ultimately more cost-effective than remediation. Stopping fraud before fulfillment prevents inventory loss, chargeback fees, and brand damage. It also protects customer data and reinforces trust – critical advantages in competitive marketplaces.

To execute these steps, marketplaces should evaluate vendors and partners on several criteria: breadth of signal coverage (global device and identity signals), model freshness and adaptability, integration ease, compliance posture, and demonstrable results on false positives and chargebacks.

Effective ecommerce fraud prevention relies on a layered approach rather than a single solution, combining the right technologies, clear policies, and continuous monitoring to stay ahead of threats. Strong security measures protect personal information and credit card numbers, reinforcing customer trust while reducing chargebacks and the impact of data breaches.

When selection and implementation are done well, fraud prevention becomes a strategic enabler – allowing marketplaces to expand payment methods, enter new markets, and offer frictionless experiences to trusted customers while keeping fraud costs in check.

Protect your ecommerce business with modern, risk-based fraud prevention that verifies customers accurately without adding unnecessary friction. Explore how advanced identity and fraud detection solutions can help you reduce risk while maintaining a seamless checkout experience.

The post Building trust at scale: How to prevent ecommerce fraud in 2026 appeared first on Veriff.

Six key online fraud trends to watch in 2026

Anna-Kristina Rätsep — Wed, 17 Dec 2025 14:58:23 +0000

Online crime is evolving at an alarming pace. This article explores global online fraud trends, the risks posed by emerging technologies, and the opportunities for businesses to strengthen their defenses.

As fraudsters become more sophisticated, businesses and consumers face increasingly complex threats. From impersonation fraud to emulator and injection attacks, the landscape of online fraud is constantly shifting. Drawing on insights from the 2026 Identity Fraud Report, we project the following online fraud trends to dominate in 2026 and provide actionable strategies to combat them.

1. Impersonation fraud: The dominant threat

Impersonation fraud accounted for over 85% of all fraud attacks in 2025, making it the most prevalent form of online fraud. This method involves using stolen or falsified identity information to pose as someone else, often with counterfeit documents.

Despite its dominance, impersonation fraud has grown significantly more sophisticated in 2025, with fraudsters increasingly leveraging AI-generated deepfakes, synthetic identities, and document manipulation techniques to bypass traditional verification methods. This evolution—from high-volume, low-sophistication attacks to targeted, technologically advanced schemes—underscores the critical need for businesses to adopt advanced identity verification systems incorporating facial biometrics, behavioral analytics, and AI-powered document validation to detect and prevent these emerging threats.

2. Adversary-in-the-Middle (AiTM) attacks: A declining but persistent risk

Both physical and digital AiTM attacks saw significant declines in 2025, with physical attacks dropping by 34% and digital attacks by 66%. However, these attacks remain a concern due to their complexity. Fraudsters increasingly deploy ready-made phishing kits that intercept login credentials and session cookies in real time, allowing them to bypass traditional multi-factor authentication (MFA) by relaying user interactions to legitimate sites. These attacks often leverage AI-generated phishing emails with flawless grammar and formatting, making them harder to detect.

To counter this, businesses must move beyond conventional MFA methods, which can be circumvented through session token capture or MFA fatigue attacks. Instead, they should adopt phishing-resistant MFA solutions, or certificate-based authentication. These technologies cryptographically bind the authentication process to the legitimate domain, enabling the system to distinguish between real and fake login pages.

3. Document fraud: A mixed trend

While document fraud saw a 13% year-on-year decline globally, it remains a significant issue in regions like North America, where it accounted for 20% of all fraud in 2025. The rise of digital identity wallets adds a new layer of complexity, as businesses must now verify both physical and digital IDs.

Organizations should invest in advanced document verification technologies and conduct regular training to recognize different types of forgery attempts.

4. Emulator and injection attacks: A growing concern

While threats like AiTM are declining, other technical attack vectors are gaining ground—particularly emulator and injection attacks, posing a significant threat to businesses. Emulator attacks involve fraudsters using software to mimic legitimate mobile devices, allowing them to bypass device-based detection systems. These attacks often target financial services, where fraud rates were 30% higher than the global average in 2025.

To effectively prevent injection attacks, organizations should adopt an advanced, AI-powered defense framework that holistically analyzes behavioral patterns, biometric liveness, device authenticity, and temporal dynamics during identity verification. By evaluating the integrity of user interactions across multiple modalities—such as facial movements, document handling, and interaction timing—these systems can detect injected media and distinguish between genuine human activity and automated manipulation. This integrated, intelligence-driven approach ensures robust protection against sophisticated fraud attempts while maintaining seamless user experiences.

5. AI and automation: A double-edged sword

AI is transforming the fraud landscape, enabling both fraudsters and businesses to innovate. Fraudsters use AI to create deepfakes and launch large-scale attacks, while businesses leverage AI-driven algorithms to detect anomalies and reduce false positives.

To stay ahead, businesses must invest in advanced AI-powered anti-fraud solutions and comply with evolving regulations like the EU AI Act, which enforces strict rules for high-risk systems.

6. E-commerce: A prime target

E-commerce platforms experienced a net fraud rate of 19.2% in 2025, nearly five times the global average. The expansion of real-time payment systems has exacerbated the problem, enabling faster, irreversible fund transfers that fraudsters exploit. This sector remains highly vulnerable due to its reliance on lightweight fraud defenses.

To combat this, businesses must move beyond basic defenses and adopt comprehensive fraud prevention strategies. These include advanced behavioral analytics, device and network fingerprinting, real-time transaction monitoring, and AI-driven risk scoring to detect anomalies indicative of scams.

Regional online fraud trends in 2025

The 2026 Identity Fraud Report highlights notable regional differences in fraud patterns:

North America: Document fraud accounted for 20% of all fraud, emphasizing the need for advanced verification technologies.
EU and UK: Impersonation fraud increased by 2.3 times, requiring biometric authentication and multi-factor verification.
Latin America: Fraud attempts rose by 32%, the highest regional increase, underscoring the need for real-time monitoring and international collaboration.

How businesses can stay ahead

To combat these evolving threats, businesses must adopt a proactive approach to fraud prevention. Key strategies include:

Facial Biometric Verification: Authenticate users securely and prevent unauthorized access.
Behavioral Analytics: Detect unusual patterns and mitigate risks in real-time.
Machine Learning Algorithms: Enhance fraud detection and reduce false positives.
Fraud Intelligence: Leverage enriched insights and RiskScores for effective decision-making.

The post Six key online fraud trends to watch in 2026 appeared first on Veriff.

Veriff Identity Fraud Report 2026: Key highlights & trends

Ignacio Puglisi — Wed, 10 Dec 2025 11:44:07 +0000

Today, we are excited to launch the Veriff Identity Fraud Report 2026. This report represents our most comprehensive analysis to date, offering an in-depth examination of the evolving landscape of online fraud. Based on extensive global customer data collected over the past year, it provides detailed insights across industries, regions, fraud types, and use cases.

Veriff’s AI-powered systems and fraud prevention teams intercept thousands of fraudulent attempts daily. This scale of data reveals clear patterns: whether analyzed by region, industry, or method, one fact remains constant. Online fraud continues to be a persistent and growing threat to digital businesses. The rise of AI has further escalated this challenge, enabling fraudsters to operate more efficiently and at scale.

The barriers to entry for online fraud are lower than ever. Accessible, cost-effective tools have fueled the growth of “fraud-as-a-service,” making it a rapidly expanding industry.

This report equips you with the knowledge to navigate these escalating risks. It offers actionable insights into verifying customer identities, ensuring your business can confidently distinguish trustworthy, valuable users in an increasingly complex digital environment.

Key takeaways: The state of fraud in 2026

The following key data points provide a comprehensive overview of the current fraud landscape, illuminating the primary risks and evolving trends impacting both businesses and consumers.

1. The overall fraud challenge remains constant

The net fraud rate, the sum of all fraud types combined, remains high. In 2025, 4.18% of all verification attempts were fraudulent. That means one in every 25 attempts involved someone pretending to be someone else.

2. AI is increasing the danger

While the overall fraud rate held steady, the nature of the attacks shifted. Digitally presented media was 300% more likely to be either entirely AI-generated or otherwise altered compared to last year. While AI-powered fraud still represents a small fraction of the total, it is growing at an alarming rate.

3. Impersonation fraud dominated

Impersonation fraud amounted to more than 85% of all fraudulent attempts we saw this year. This type of fraud has increased considerably in both volume and sophistication.

4. Document fraud is dropping

In a positive turn, document fraud (physically altering or counterfeiting documents) saw a 13% year-over-year drop. This suggests fraudsters are realizing that modern verification systems are difficult to defeat with fabricated physical documents and are shifting tactics.

5. E-commerce platforms were the worst hit

The online marketplace vertical faced the bleakest picture out of any industry, with sophisticated criminal networks increasingly targeting these platforms due to their high transaction volumes and complex ecosystems involving multiple third-party sellers. E-commerce sites saw a net fraud rate of 19.2% in 2025—nearly five times the global average.

6. Financial services remain in the firing line

The financial services industry saw a net fraud rate of more than 5.5%, a significant and worrying increase from the previous year. The “rich pickings” in this sector continue to make it a primary target for sophisticated and relentless fraudulent activities.

Secure your business for 2026

The Fraud Report 2026 makes one thing clear: the threat is evolving, but so are the defenses. Veriff is building the infrastructure for trust online, helping you comply with regulations, fight sophisticated fraud, and achieve growth on a global scale.

Don’t let your business become a statistic in next year’s report.

Talk to us today to discover how Veriff can help you combat online fraud.

The post Veriff Identity Fraud Report 2026: Key highlights & trends appeared first on Veriff.

MoneyLIVE highlights: Balancing security & seamless banking

Anna-Kristina Rätsep — Wed, 10 Dec 2025 11:11:16 +0000

The world of payments is evolving at a pace, and customers increasingly demand seamless, instant experiences. At the same time, fraud is rising across the industry, pushing companies to stay one step ahead. How can financial institutions deliver the smooth user experience customers expect while maintaining robust security?

This was the central question at a recent fireside chat at MoneyLIVE Payments Europe. The discussion featured Gareth Murray, Head of Financial Crime Risk at Monzo Bank, and Geo Jolly, Lead Product Manager, Biometrics at Veriff. They explored the current fraud landscape, the delicate balance between user experience and security, and the future of authentication in digital banking.

Here are the key highlights from their insightful conversation.

The modern fraud landscape in banking

The scale of financial crime is staggering. Gareth Murray pointed out a startling statistic: in the UK, fraud now accounts for 40% of all crime. The threat is no longer a distant possibility but a prevalent risk that affects a growing number of people. And it’s not just about financial loss, the emotional impact of fraud is also considerable. Monzo research revealed that 83% of people affected by scams said the emotional cost was worse than losing the money. This makes preventing fraud all the more important to minimise financial and emotional harm to the customer.

The discussion highlighted two main dimensions of this challenge: volume and sophistication.

Volume: The rise of simple scams

On one end of the spectrum, banks are dealing with a high volume of relatively simple scams. Purchase scams, often originating from social media marketplaces, are among the most common. A customer pays for goods that never arrive, falling victim to a straightforward but effective fraudulent scheme.

Sophistication: AI-powered attacks

On the other end, fraud is becoming increasingly sophisticated. Organized, industrial-scale players are leveraging advanced technology to execute complex romance and investment scams. This is where AI-generated deepfakes and synthetic identities come into play.

Geo Jolly noted that Veriff’s Fraud Index Report 2025 shows a significant rise in AI-based attacks, with around 78% of survey respondents encountering at least one deepfake in the past year. While many of these are currently “shallow fakes”, where a real person’s video is manipulated with voiceovers or mouth overlays, the technology is rapidly advancing. As AI improves, it will become nearly impossible for the human eye to distinguish a deepfake from a genuine video, making robust technological solutions essential.

Gareth added that while complex synthetic identity creation is less common in the UK due to strong credit bureau networks, the constant evolution of technology requires banks to stay one step ahead.

Balancing friction and flawless experience

A core challenge for any bank is striking the right balance between security and user experience. Fraud prevention can introduce friction, frustrating legitimate customers.

The conversation revealed that “friction” is not a one-size-fits-all concept. Some customers welcome extra security steps, as it makes them feel more protected. Others prioritize speed and convenience.

Monzo has several layers of protection that are active by default for all customers. These include industry-first features such as Call Status and Undo Payments. Monzo also uses machine learning to do even better customer risk assessments, credit decisioning, and real-time fraud detection.

For customers who want enhanced protection, Monzo also offers opt-in security features, such as:

Known locations: Customers can set specific physical locations where they need to be when making bank transfers or savings withdrawals over their chosen limit.
Trusted contacts: Customers can ask a trusted friend or family member to double check any bank transfers and savings withdrawals over a chosen limit, to act as a “second pair of eyes” to prevent potential fraud.
Secret QR codes: Customers receive a personalised, highly-secure QR code that’s stored on a different device or printed, and which they need alongside their phone to approve a payment or savings withdrawal over their chosen limit.

These opt-in features empower users to control their own security levels, turning a potential point of friction into a valuable, trust-building tool.

The role of data in authentication

When does a payment journey require extra security? The answer lies in data. Both speakers emphasized the importance of a multi-layered approach to authentication that relies on numerous data signals to assess risk in real-time.

Instead of subjecting every user to a high-friction process like a liveness check, banks can use passive signals to build confidence. These can include:

IP address and location data
Device information and history
Behavioral biometrics (how a user holds their phone or types)

Geo Jolly shared an interesting anecdote where a large-scale account takeover attack was identified because every device involved in the fraudulent sessions reported a 100% battery status, a clear indicator of an organized device farm. This highlights how even seemingly minor metadata can be a powerful tool in fraud detection.

When risky signals are detected, such as a new device, an unusual location, or an IP address associated with previous fraud, the system can then introduce a “step-up” authentication measure. This could be a passive liveness check, an active challenge, or even a review by a human agent. This risk-based approach ensures that friction is applied intelligently.

The future of authentication and industry collaboration

Looking ahead, the discussion turned to the future of authentication. Gareth Murray predicted that the industry will move toward giving customers more control over their digital identities. This involves leveraging banking data more effectively to create secure, portable identity solutions that customers own and manage.

Another critical theme was the need for greater industry collaboration. Fraud is not a competitive advantage; it’s a collective, industry-wide problem. Banks, telcos, social media companies, and technology partners must work together to share data and insights to combat fraud more effectively. Breaking down the silos that prevent data sharing is essential for building a more secure ecosystem for everyone.

As Geo Jolly concluded, building trust is a shared responsibility. By combining advanced technology, rich data signals, and cross-industry collaboration, the financial sector can create a future where seamless experiences and robust security go hand in hand.

Key takeaways

Fraud is evolving: Financial crime ranges from high-volume, simple scams to highly sophisticated, AI-driven attacks.
Personalize security: Give customers control over their security settings. Opt-in features can build trust and cater to individual preferences for enhanced security with more friction.
Use data intelligently: A multi-layered, risk-based approach to authentication is key. Use passive data signals to keep journeys seamless for legitimate users and apply friction when risk is high.
Collaboration is crucial: Fraud is an industry-wide problem that requires an industry-wide solution. Sharing data and insights between institutions is vital to protecting customers.

The conversation at MoneyLIVE Payments Europe made it clear that building a trusted and secure digital banking environment is a dynamic and ongoing challenge. By embracing technology, empowering customers, and working together, financial institutions can successfully navigate this complex landscape.

The post MoneyLIVE highlights: Balancing security & seamless banking appeared first on Veriff.

Emulator and injection attacks: Emerging threats to digital businesses in 2026

Anna-Kristina Rätsep — Fri, 05 Dec 2025 09:02:43 +0000

Among the numerous tactics fraudsters employ, emulators and injection attacks have emerged as significant threats to the integrity of digital ecosystems. Both of these techniques allow fraudsters to bypass traditional detection systems, making them a serious concern for enterprise fraud professionals. This article delves into what emulators and injection attacks are, how they operate, and why they pose such a severe threat to digital businesses.

Emulators: simulating devices to deceive systems

At its core, emulators simulate the behavior of legitimate devices, such as smartphones or computers, to commit fraud. Emulators are powerful tools commonly used in software development to test applications across different devices and operating systems without needing physical hardware. However, fraudsters have weaponized this technology to launch deceptive activities at scale.

How emulator fraud works

Fraudsters use emulators to mimic the behavior of real users, allowing them to manipulate apps, websites, or payment systems in ways that are difficult to detect. And, because they can be automated, the scale at which fraud can be committed is potentially huge. By simulating different devices, fraudsters can make a device look like multiple devices (device farms) or emulate a specific device to appear to be a genuine device to commit fraudulent activities. For example:

Account takeover (ATO): Using emulators it is possible to mimic genuine user sessions and bypass security measures to gain access to accounts.
Payment fraud: Once an account has been accessed it is possible to conduct unauthorized transactions through emulated devices, often avoiding detection due to the sophistication of the emulated environment.
Bot attacks: Once a weakness has been identified it is possible to execute large-scale, automated fraud campaigns that mimic human behavior across various devices.
Multi-accounting and bonus abuse: Being able to fraudulently access systems at scale by using emulators to mimic multiple devices allows fraudsters to create multiple accounts to take advantage of sign-up bonus or free bets in gaming, crypto, or currency exchange platforms.

What makes emulator fraud particularly dangerous is its ability to bypass traditional detection systems that rely on device fingerprinting or behavioral biometrics, and the fact you can do this at scale. Since emulators can spoof a range of legitimate device characteristics (such as operating system versions, IP addresses, and user-agent strings), many security tools that focus on recognizing unique device traits are rendered ineffective.

Injection attacks: manipulating sessions to gain access to systems

While emulator attacks focus on simulating devices, injection attacks are a type of fraud where a malicious actor injects false or synthetic data into the identity verification flow to bypass the system and gain unauthorized access to the service.

How do injection attacks work?

Injection attacks can occur when fraudsters use techniques like emulators, virtual cameras, or other methods to inject false biometric data, such as fake facial images, or false document data, such as fake documents generated with self-serve fraud tools, into the verification process.

The goal of these injection attacks is to convince fraud-prevention systems that the injected data is legitimate, allowing the fraudster to bypass security measures and gain access to services. For example, a fraudster may use a deep fake video or synthetic identity to inject false facial images into an onboarding verification flow, tricking the system into thinking it’s a legitimate user.

Stay ahead of online fraud threats

The digital landscape is evolving, and so are fraud tactics. Learn about the six major trends shaping online fraud today and how you can protect your business.

Why emulator and injection attacks are serious threats

Both emulator fraud and injection fraud are highly sophisticated techniques that can have devastating consequences for digital businesses. Here’s why they represent such a significant threat:

1. Evasion of traditional fraud detection systems

Both emulator fraud and injection fraud are adept at bypassing conventional fraud prevention mechanisms. Emulator fraud can evade device fingerprinting, IP blocking, and CAPTCHA tests by mimicking human behavior. Similarly, injection fraud targets vulnerabilities in a system’s code, bypassing security mechanisms that rely on predictable behavior or structural integrity.

2. Scalability and automation

One of the most dangerous aspects of these fraud types is their scalability. Fraudsters can use emulators to control hundreds, if not thousands, of virtual devices simultaneously, allowing them to commit fraud at scale. Injection fraud, on the other hand, can automate attacks across multiple systems, exploiting vulnerabilities in real-time, often without immediate detection.

3. Increased risk to sensitive data

Emulator and injection fraud can expose vast amounts of sensitive customer data, from personal information to financial details. For businesses, this not only poses direct financial losses but also regulatory and reputational risks, especially in the age of data privacy regulations like the GDPR and CCPA.

4. Undermining customer trust

When businesses fall victim to these types of fraud, it’s often the customers who bear the brunt. A compromised digital experience, particularly when it involves the loss of personal data or financial fraud, can lead to long-term damage to a brand’s reputation. Customers expect businesses to safeguard their data and financial assets, and any breach of that trust can lead to lost revenue and customer attrition.

5. Costs of remediation

Both emulator and injection fraud can be costly to remediate. Once an attack has occurred, businesses often need to invest heavily in forensic investigations, patching vulnerabilities, and compensating affected customers. Additionally, regulatory fines for failing to protect customer data can be substantial, compounding the financial impact of these attacks.

Defending against emulator and injection fraud

While emulator and injection fraud present serious challenges, enterprise fraud professionals can mitigate the risks with a multi-layered security approach:

Behavioral analytics: Instead of relying solely on device-based detection methods, businesses can use behavioral analytics to monitor for suspicious activity patterns, such as unusual transaction volumes or irregular login times.
Code auditing and vulnerability testing: Regularly auditing application code and conducting penetration tests can help identify and patch vulnerabilities before they can be exploited.
Machine learning algorithms: Machine learning-based fraud detection systems can help identify anomalous behavior across both emulated devices and manipulated code, even as these techniques evolve.

Web application firewalls (WAFs): Deploying WAFs with advanced threat detection capabilities can help defend against injection fraud by blocking suspicious inputs or known attack vectors in real-time.
IP and device fingerprinting: This involves analyzing various attributes of the device and the network used to access the online service, such as the browser type, operating system, screen resolution, location, etc. These attributes can generate a unique identifier linking multiple accounts to the same device or IP address.
Email analysis: This involves checking the validity and uniqueness of the email address used to register or log in to the online service. Some indicators of suspicious email addresses are disposable or temporary emails, emails from unknown domains, emails with random or similar usernames, etc.
Face authentication: This involves biometric analysis of the user’s face and facial movements to ensure true presence during the account creation or verification process. This, together with the velocity abuse and multi-accounting prevention, can help reduce the risk of users creating multiple accounts using fake or stolen identities.
AI-driven algorithms: This involves using machine learning and artificial intelligence to monitor and analyze the behavior and patterns of the users on the online service. This can help detect anomalies, such as multiple accounts placing similar bets on the same events, multiple accounts writing fake reviews or feedback, multiple accounts abusing promo codes or coupons, etc.

Conclusion: Staying ahead of the fraudsters

Emulator fraud and injection fraud are rapidly evolving tactics that pose significant risks to digital businesses. Their ability to bypass traditional security measures, scale effortlessly, and cause extensive damage makes them formidable adversaries for enterprise fraud professionals. By understanding how these threats operate and implementing robust, multi-faceted defenses, businesses can stay one step ahead and protect their digital ecosystems from these increasingly sophisticated forms of attack.

In today’s fast-paced digital environment, staying informed and agile is the key to defending against the ever-evolving world of cyber fraud.

SQL injection (SQLi): Inserting malicious SQL code into queries to manipulate databases.
Cross-site scripting (XSS): Injecting scripts into web pages to steal data or hijack sessions.
Command injection: Executing arbitrary system commands through vulnerable applications.
Code injection: Injecting and running arbitrary code in a vulnerable system.
LDAP injection: Manipulating directory service queries with malicious LDAP code.

FAQ (Frequently Asked Questions)

What is an injection attack?

An injection attack occurs when an attacker sends malicious code into a system to alter the way commands are processed, often leading to unauthorized access or data manipulation.

What are the common types of injection attacks?

SQL injection (SQLi): Inserting malicious SQL code into queries to manipulate databases.

Cross-site scripting (XSS): Injecting scripts into web pages to steal data or hijack sessions.

Command injection: Executing arbitrary system commands through vulnerable applications.

Code injection: Injecting and running arbitrary code in a vulnerable system.

LDAP injection: Manipulating directory service queries with malicious LDAP code

What are some examples of emulation attacks?

Device emulation: Attackers emulate a trusted device to bypass authentication and access protected networks.

Application emulation: Malicious actors replicate software applications to exploit vulnerabilities.

Network emulation: Mimicking network protocols to intercept or manipulate data transmissions.

The post Emulator and injection attacks: Emerging threats to digital businesses in 2026 appeared first on Veriff.

California data privacy trends & compliance action points for financial services

Anna-Kristina Rätsep — Wed, 26 Nov 2025 13:29:00 +0000

California’s data privacy laws, particularly the California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA), are transforming how businesses, including in the financial services sector, handle personal data.

Financial services (FinServ) firms must be prepared to comply with these regulations, as they manage sensitive consumer data such as account information, credit histories, transaction records but also Social Security numbers and data used for their customer’s authentication.

Here are key trends and practical action points to help financial services organizations stay compliant with these evolving laws.

1. Expanded consumer rights

California residents have the right to:

Opt out of the sale of their personal information.
Request corrections to inaccurate personal data.
Limit the use and disclosure of sensitive information, including financial records and Social Security numbers.

Action Point:
Implement a data request portal where consumers can easily exercise these rights. This portal should allow users to opt out of data sales, request corrections, and limit data usage.

Ensure requests are “verifiable,” confirming the consumer making the request is the one whose data is being processed.

2. Broader scope for businesses

Businesses subject to these laws include those with:

Over $25 million in annual revenue.
Selling or sharing the personal data of 100,000 or more California residents.
Deriving more than 50% of their annual revenue from selling consumer data.

Action Point:
Audit your data collection and sharing practices. Track the volume of personal information your business handles to determine if it falls under CCPA/CPRA requirements.

Remember, California regulates both selling (for monetary or other valuable consideration) and sharing (even without monetary exchange). Ensure third-party data processor relationships are compliant.

3. Sensitive personal information and data protection

CCPA explicitly defines sensitive data to include mail, email, text messages, Social Security numbers, identification documents, and financial account data. Financial services firms, which handle large amounts of such sensitive information, must ensure its protection.

Action Point:
Enhance your data security measures, keeping California’s broad scope of sensitive data in mind. Invest in encryption, anonymization, and data minimization techniques to safeguard consumer data.
Limit the use of sensitive data unless essential for business operations, and ensure consumers can control how their sensitive data is used.

4. Automated Decision-Making Technology (ADMT)

The CPPA has introduced stricter regulations on the use of ADMT, particularly when it replaces or significantly influences human judgment. Businesses must:

Allow consumers to opt out of ADMT usage for significant decisions.
Ensure human reviewers can understand, evaluate, and override ADMT outputs.

Action Point:
Audit your use of ADMT to ensure compliance. Implement clear opt-out mechanisms and train personnel to manage ADMT processes effectively.

5. Mandatory risk assessments

Businesses engaging in activities like selling or sharing personal information, processing sensitive data, or using ADMT must conduct detailed risk assessments. These assessments should:

Identify risks associated with data processing activities.
Document and address compliance gaps.

Action Point:
Develop a robust framework for conducting and documenting risk assessments. Regularly review and update these assessments to align with evolving regulations.

6. Annual cybersecurity audits

The CPPA now requires annual cybersecurity audits conducted by qualified professionals. These audits must:

Assess compliance with data security measures, including encryption, access controls, and incident response.
Provide detailed reports and remediation plans for any identified gaps.

Action Point:
Engage qualified auditors to evaluate your cybersecurity program. Maintain detailed records of audits and remediation efforts for at least five years.

7. Regulatory enforcement

California is unique in its regulatory approach, with both the California Attorney General and the California Privacy Protection Agency (CPPA) enforcing privacy laws. Non-compliance can result in significant penalties.

Action Point:
Conduct regular compliance assessments to ensure adherence to CCPA and CPRA. Respond promptly to consumer requests and continuously improve privacy practices.
Consider appointing a Data Protection Officer (DPO) or a dedicated data privacy team to manage compliance efforts effectively.

8. Compliance deadlines

ADMT compliance: January 1, 2027.
Risk assessments: December 31, 2027.
Cybersecurity audits: Staggered deadlines based on annual revenue, starting April 1, 2028.

Conclusion: Preparing for continuous evolution

For financial services firms, compliance with the CCPA and CPRA is not just about ticking boxes—it’s about ensuring data transparency, enhancing consumer trust, and staying ahead of regulatory changes. With the California Privacy Protection Agency taking a lead in enforcement, it’s essential to implement these practical steps now to avoid penalties and ensure seamless data privacy compliance.

For further information, explore these resources:

By taking action now, financial service companies can safeguard sensitive information, build trust with consumers, and maintain compliance with California’s data privacy laws.

The post California data privacy trends & compliance action points for financial services appeared first on Veriff.

AI fraud detection: How startups and SMBs can stay ahead

Anna-Kristina Rätsep — Fri, 21 Nov 2025 09:00:00 +0000

The essential guide to AI fraud detection for small and growing businesses

AI fraud detection empowers startups and SMBs to fight online fraud with speed, accuracy, and trust. Learn how modern solutions reduce risk, boost security, and support business growth.

Key takeaways

Reduce losses: AI fraud detection significantly reduces financial losses and reputational damage by catching fraud in real time.
Build trust: For startups and SMBs, a secure and smooth user experience is critical for building customer trust and loyalty.
Stay competitive: Scalable AI tools allow smaller businesses to access enterprise-level security without the high cost, enabling them to compete safely.
Adapt continuously: Machine learning models constantly adapt to new and evolving fraud patterns, keeping your business protected against future threats.

What is AI fraud detection?

AI fraud detection is the use of artificial intelligence and machine learning to analyze user behavior, verify identities, and identify fraudulent activities in real time. Unlike rule-based systems that only check for known fraud patterns, AI models learn from vast datasets to spot subtle anomalies and new threats that humans would miss. For a startup or SMB, this technology acts as a powerful, automated defense system that protects revenue and builds a foundation of digital trust.

The key benefits for businesses include:

Increased accuracy: AI drastically reduces “false positives”—the incorrect flagging of legitimate customers—improving user experience and conversion rates.
Enhanced speed: Decisions are made in seconds, not hours, allowing for instant and secure user onboarding.
Proactive defense: Machine learning algorithms predict and identify emerging fraud tactics before they cause significant damage.

Why startups and SMBs need AI fraud detection

Small businesses are often seen as easy targets by fraudsters who assume they lack sophisticated security measures. The cost of fraud for these companies isn’t just financial; it can be catastrophic. A single significant security breach can lead to devastating financial losses, regulatory fines, and irreparable damage to customer trust.

According to a report from Gartner, the sophistication of fraud is increasing, making manual review processes and outdated systems ineffective. AI fraud detection levels the playing field. It provides startups and SMBs with an affordable, scalable way to protect their platforms without needing a large, dedicated fraud prevention team. This allows them to focus their limited resources on innovation and growth, confident that their business is secure.

How AI fraud detection works

AI fraud detection works by using machine learning models to analyze thousands of data points in real time and distinguish between legitimate and fraudulent behavior. The process is continuous and adaptive.

Data analysis: The AI model processes information from various sources, such as user device data, biometrics, ID documents, and transaction behavior.
Pattern recognition: It identifies patterns consistent with known fraudulent activities, like document tampering, synthetic identities, or account takeover attempts.
Anomaly detection: More importantly, it flags unusual activities that deviate from normal user behavior, even if the pattern is entirely new. For example, it might spot a user trying to log in with multiple identities from the same device.
Continuous learning: With every verification, the AI model refines its understanding of both legitimate and fraudulent patterns. This self-improvement loop means the system gets smarter and more effective over time.

Explore this infographic to see how AI fraud detection works.

How Veriff helps startups and SMBs fight fraud

For startups and SMBs, choosing the right fraud prevention partner is critical. Veriff provides a powerful, AI-driven fraud detection engine designed to help smaller businesses grow securely and with confidence.

Veriff’s solution combines multiple layers of AI-powered analysis to stop fraud at the source. This includes advanced document authenticity checks, biometric matching, and liveness detection to ensure that every user is who they claim to be. Our machine learning models are trained on a massive global dataset, allowing them to recognize fraud patterns from around the world and adapt instantly to new threats. This means your business is protected not just from today’s fraud, but from tomorrow’s as well. By automating the verification process, Veriff helps startups and SMBs reduce manual workloads, cut operational costs, and onboard legitimate customers faster, creating a secure environment for sustainable growth.

“Veriff’s AI-powered solution helped us reduce fraudulent sign-ups by over 90% while improving our good user approval rate. It’s security we can trust as we scale.”
— Head of Operations, Fintech Startup

“Veriff’s AI-powered solution helped us reduce fraudulent sign-ups by over 90% while improving our good user approval rate. It’s security we can trust as we scale.”

Case study: How a small e-commerce platform reduced fraud

SaaS Production partnered with Veriff to protect a computer hardware e-commerce marketplace. The platform was struggling with costly chargeback fraud. By integrating Veriff’s AI-powered identity verification, fraudulent sign-ups were blocked instantly. Within months, the marketplace eliminated chargeback fraud, saving thousands in losses and restoring customer trust. Read the case study.

More examples of Veriff’s impact

Fintech lender: After introducing Veriff, a fintech startup halved its loan-default rates by catching synthetic identity fraud at onboarding. Read case study
Payments platform: Veriff integrated in just two weeks, enabling faster onboarding, stronger compliance, and a 50% reduction in manual work. Read case study
Cryptocurrency exchange: Using Veriff’s anomaly detection, the platform detected and blocked a bot-driven account farming operation before users could monetize illicitly gained accounts. Read case study

AI Fraud detection’s impact across industries

AI-powered fraud detection isn’t just for fintech or e-commerce. Its reach spans a wide array of industries:

Financial services/fintech: Stopping money laundering, detecting account takeovers, and ensuring compliance with complex regulations.
Travel and hospitality: Preventing fraudulent bookings, fake reviews, and payment scams.
Healthcare: Flagging insurance scams, duplicate policies, and identity misuse.
Education and Edtech: Authenticating exam-takers and verifying student identities to prevent cheating and financial aid fraud.
Gig economy and marketplaces: Protecting against fake worker profiles, payout fraud, and account takeovers.
Gaming and gambling: Preventing bonus hunting, multiple account fraud, and underage access.

Each industry faces unique challenges—AI’s flexibility and adaptability makes it the ideal foundation for scalable security.

The future of AI in fraud detection

The future of fraud detection is autonomous and predictive. As technology evolves, experts at firms like McKinsey predict that AI systems will become even more adept at anticipating fraud before it happens. For startups and SMBs, this means security solutions will become more efficient, requiring less human oversight while providing even stronger protection. Building a foundation with a forward-thinking AI partner is essential for staying ahead of the curve and ensuring long-term security and success.

Conclusion: Grow your business with confidence

Fraud is a persistent threat, but it doesn’t have to be a barrier to growth. AI fraud detection offers startups and SMBs a powerful and accessible way to protect their revenue, build customer trust, and scale their operations securely. By leveraging machine learning, businesses can move from a reactive to a proactive security posture. Implementing a robust solution like Veriff allows you to focus on building your business, knowing you have a world-class defense system working for you around the clock.

Frequently Asked Questions (FAQs)

What is AI fraud detection?

AI fraud detection is the use of machine learning algorithms to analyze data and identify fraudulent activities in real time. It helps businesses prevent financial losses and protect their customers by spotting unusual patterns and verifying user identities with high accuracy.

How does AI detect online fraud in real time?

AI systems analyze thousands of data points per transaction or sign-up, including device information, user behavior, and biometric data. They compare this information against known fraud patterns and historical data to make an instant decision, blocking suspicious activities before they are completed.

Why is AI fraud detection critical for startups and SMBs?

Startups and SMBs are prime targets for fraudsters. AI provides an affordable and scalable defense that doesn’t require a large security team. It protects revenue, prevents reputational damage, and allows small businesses to compete securely with larger enterprises.

What features should a business look for in an AI fraud detection tool?

Look for a tool with high accuracy in detecting fraud while minimizing false rejections of good customers. Key features include scalability, easy API integration, real-time analytics, and support for global compliance standards.

How accurate are AI fraud detection systems compared to manual checks?

AI systems are significantly more accurate and faster than manual checks. They can process vast amounts of data without human error or bias and can identify complex, new fraud patterns that manual reviewers would likely miss.

How does Veriff use AI in fraud prevention?

Veriff uses a multi-layered AI approach that includes document authenticity analysis, biometric matching, liveness detection, and device and network analytics. Our models are continuously trained to identify and block emerging fraud threats, ensuring a secure onboarding process for our clients.

Generative AI can identify fraudulent activities, but also create convincing counterfeit documents, which can fool traditional ID verification methods. Fraudsters are evolving faster than ever, making it critical for startups and SMBs to use advanced identity verification solutions that go beyond manual checks.

Historical data plays a crucial role in training AI systems to detect fraud and fake documents. By analyzing previous cases of fraud and non-fraud, these systems can improve the precision of risk rules and optimize fraud prevention strategies.

Veriff’s insights on document fraudemphasize the importance of leveraging AI-based document verification systems that can detect even the most sophisticated forgery techniques.

The post AI fraud detection: How startups and SMBs can stay ahead appeared first on Veriff.

UK BNPL regulations to protect consumers by 2026: Key insights.

agustina.bustinduy@veriff.net — Wed, 27 Aug 2025 14:18:00 +0000

Introduction

The Buy Now, Pay Later (BNPL) trend is on a remarkable growth trajectory in the United Kingdom, with transaction values projected to exceed $60 billion by 2029. This growth highlights the increasing adoption of flexible payment solutions across the UK, cementing its position as a key player in the European payments landscape. However, while the transaction volume is rising, the UK’s share of BNPL transactions in Europe is expected to see a slight decline, reflecting the rapid expansion of BNPL adoption in other European markets. As this payment method continues to revolutionise consumer spending, businesses must innovate and adapt to meet evolving customer expectations.

BNPL services are transforming how consumers shop and pay, offering flexibility and convenience that appeal to a rapidly growing audience. In the UK, this payment trend is especially popular among younger, tech-savvy shoppers who are reshaping retail and eCommerce landscapes.

As new consumer protection regulations are slated for 2026, it’s more important than ever for businesses to grasp these changes and stay competitive in a shifting market.

Let’s examine what the new rules mean, their implications, and how businesses in financial services can adapt to stay ahead.

Understanding the new BNPL rules

The UK government, in collaboration with the Financial Conduct Authority (FCA), is introducing strict measures to regulate the BNPL sector. The UK government has initiated steps to regulate Buy-Now, Pay-Later (BNPL) products to enhance consumer protection. A consultation on the proposed regulations was launched on 17 October 2024 and concluded on 29 November 2024.

The government is set to introduce the final legislation to Parliament in early 2025. Once approved, the Financial Conduct Authority (FCA) will work on developing and finalising detailed rules, with the new regulations projected to come into force in 2026.

Under these regulations, BNPL providers will be required to carry out affordability checks and provide clearer loan agreement details to help prevent consumers from falling into unmanageable debt. Consumers will also benefit from enhanced rights, such as the ability to claim refunds under Section 75 of the Consumer Credit Act, and the option to raise complaints with the Financial Ombudsman Service. In summary, the new BNPL rules, expected to take effect in 2026, aim to improve transparency, protect consumers from excessive debt, and ensure greater accountability within the BNPL sector.

Key provisions include:

Mandatory FCA authorisation

All BNPL providers will be required to secure authorization from the Financial Conduct Authority (FCA), ensuring they meet regulatory standards.

Stronger affordability checks

Lenders must conduct rigorous affordability assessments to ensure customers can manage repayments.

Enhanced transparency

Clear terms and conditions will be mandatory, ensuring customers fully understand the costs and risks associated with BNPL agreements.

Complaints handling process

BNPL providers will need to implement accessible mechanisms for addressing consumer complaints, including access to the financial ombudsman service.

BNPL has surged in popularity, with millions of UK shoppers relying on it for convenience and financial flexibility. However, concerns over unregulated lending practices, hidden fees, and growing consumer debt have put the spotlight on the sector.

The new regulations aim to:

Protect consumers

Safeguard shoppers from spiraling into unmanageable debt by ensuring they can afford repayment plans.

Ensure fair practices

Hold BNPL providers accountable for transparent and ethical operations.

Foster trust

Build confidence among consumers, fostering a more sustainable BNPL ecosystem.

BNPL has surged in popularity, with millions of UK shoppers relying on it for convenience and financial flexibility. However, concerns over unregulated lending practices, hidden fees, and growing consumer debt have put the spotlight on the sector.

BNPL providers can now defend themselves against highly coordinated, persistent, and pervasive bad actors by utilizing AI-driven identity verification solutions.BNPL providers can now defend themselves against highly coordinated, persistent, and pervasive bad actors by utilizing AI-driven identity verification solutions.

Chris Hooper Director of Brand Veriff

Implications for financial institutions

The new BNPL regulations will have a profound impact on financial institutions that offer BNPL services or partner with BNPL providers. Here’s what institutions in the financial services sector need to consider:

Partnership compliance

Financial institutions partnering with BNPL providers must ensure their partners are FCA-authorized and adhere to the latest regulatory standards. Non-compliance could expose institutions to significant reputational damage and legal liabilities, making thorough due diligence a priority.

Operational adjustments

Lenders and financial institutions may need to adapt their operational processes, including integrating additional disclosures, affordability checks, and transparency measures into their customer onboarding and payment workflows. These updates are essential for maintaining compliance while ensuring a smooth user experience.

Customer education

It is crucial to educate customers on the implications of the new rules. Providing clear, accessible information on affordability checks, repayment terms, and other regulatory requirements can build trust and enhance customer relationships.

Potential impact on business performance

Stricter affordability checks could lead to a decline in BNPL approval rates, potentially impacting revenue streams. Financial institutions may need to diversify their offerings by exploring alternative payment solutions, such as direct installment loans or partnering with multiple BNPL providers, to maintain competitive advantage and minimize disruption.

How financial institutions can prepare

To effectively navigate these regulatory changes, financial institutions should take proactive steps, including:

Stay updated

Regularly monitor announcements from the FCA and government bodies to stay informed about evolving BNPL regulations.

Evaluate BNPL partnerships

Conduct a thorough assessment of your current BNPL providers to ensure compliance with the new standards.

Enhance compliance measures

Collaborate with legal, compliance, and operations teams to integrate the necessary regulatory adjustments seamlessly.

Invest in team training

Educate employees on the regulatory changes and their implications to ensure they can provide accurate information to customers and clients.

Conclusion

The new BNPL regulations represent a transformative shift in creating a more transparent and consumer-focused framework within the financial services industry. While these changes may introduce initial challenges, they offer financial institutions an opportunity to strengthen consumer trust, enhance transparency, and foster long-term customer loyalty.

By proactively aligning with these new requirements, financial institutions can continue to offer compliant, secure, and user-friendly payment solutions that meet both regulatory expectations and customer needs.

At Veriff, we’re dedicated to supporting financial institutions as they adapt to these regulatory changes. Discover how our advanced identity verification solutions can help ensure compliance, reduce risk, and protect your customers in a rapidly evolving regulatory landscape.

The post UK BNPL regulations to protect consumers by 2026: Key insights. appeared first on Veriff.

Fight against fraud in the digital age: Insights from Web Summit Rio 2025

agustina.bustinduy@veriff.net — Wed, 07 May 2025 18:05:00 +0000

At Web Summit Rio 2025, Veriff’s CEO Kaarel Kotkas emerged as a leading voice in the global fight against fraud, delivering keynote insights on both the Centre Stage panel “Scamdemic: Fintechs Fight Against Fraud” and a fireside chat “Can We Trust a Fully Digital Government?”.

The timing couldn’t have been more strategic—Veriff also announced the opening of its new hub in São Paulo, investing over R$17 million (~$3M USD) to expand in Latin America. As reported by Canal Executivo, Noticias Agora, and Startups BR, this move strengthens Veriff’s regional presence, reinforcing its mission to deliver secure, scalable identity verification and fraud prevention solutions tailored to the complexities of the LatAm financial services ecosystem.

The first panel, led by moderator Kimberley Waldron, included valuable perspectives from Kaarel Kotkas (CEO of Veriff), Lucas Vargas (CEO of Nomad), and Rodrigo Tognini (CEO of Conta Simples). In contrast, the second session a Fireside Chat titled “Can We Trust a Fully Digital Government?” featured a conversation between our own Kaarel Kotkas and Brittany Kaiser, widely recognized as a whistleblower of the Cambridge Analytica case, formed into a documentary The Great Hack by Netflix. Together, they examined the complexities and opportunities surrounding data ownership, digital identity, and the growing influence of technology in modern governance.

As fraud grows smarter and more sophisticated across Latin America, this blog explores how Veriff is helping financial institutions stay ahead with AI-native, multi-layered identity verification, strategic regional expansion, and a culture of collaboration. Let´s dive in.

Fraud is evolving and so must financial institutions

Fraud is always evolving and becoming more complex, especially in financial institutions, where fraudulent transactions and identity theft are on the rise. During the “Scamdemic” panel, Kaarel warned:

“The identity verification and fraud prevention approach that was fit yesterday, ain’t fit tomorrow. Fraudsters are fast, and they’re scaling up with access to powerful tools like AI.”

In Brazil, where biometric databases have been compromised, relying solely on government-issued data is no longer viable. Veriff addresses this by deploying a multithreaded IDV system that incorporates liveness checks, behavioral analysis, device fingerprinting, and 1,000+ data points per verification session to ensure real identities are verified — and fraud losses are minimized.

São Paulo opening: a strategic leap into Latin America

With Brazil at the epicenter of digital transformation, Veriff’s investment in the region marks a pivotal moment. According to Valor Agregado, the São Paulo hub is Veriff’s launchpad for further LatAm expansion.

“We’re at an inflection point in LatAm,” Kaarel noted. “Digital growth is accelerating, but so is fraud. Our goal is to bring accurate, secure, and seamless IDV experiences that help financial service providers grow responsibly.”

From digital wallets to the explosive rise of Pix (Brazil’s instant payment platform), the region’s tech evolution demands agile and adaptive fraud detection tools. Including IDV early in the payment flow – before transaction finalization – has proven effective in reducing fraud.

The alarming scale of fraud in Brazil

Veriff’s Brazil Fraud Industry Pulse Survey 2025 reveals a troubling picture:

30% of Brazilian companies report over 11% of their IDV sessions are fraudulent.
70% of experts observed a year-over-year spike in online fraud.
69% saw increased use of AI by fraudsters.
79.5% say customers demand stronger fraud protection measures.

Consumers agree: 91% want ID and selfie verification, and 85% believe facial recognition is more secure than passwords. This landscape requires not just tools, but education, strategy, and collaboration.

Fraudsters share tips and tactics in online communities. The financial services industry must be just as cooperative by sharing patterns, adapting fast, and building defenses together.

Kaarel Kotkas CEO Veriff

Why AI is crucial but needs guardrails

AI and machine learning (ML) have revolutionized identity verification. At Veriff, these technologies enable real-time decisions, detect deepfakes, and analyze data across massive device networks. But over-reliance on AI is risky.

“Self-supervision isn’t enough. AI still needs a human in the loop,” Kaarel said. “We must keep user well-being and ethics at the center.”

Veriff’s hybrid model pairs automated decision-making with human oversight to avoid false positives and reduce customer churn. This approach ensures that contact information, biometric data, and document verifications are processed with maximum accuracy and minimal friction.

Building a multi-layer fraud prevention ecosystem

To truly combat fraud, Veriff advocates a holistic approach—combining video-based authentication, device integrity checks, and facial biometrics into one streamlined experience. Here’s how Veriff stands apart in the LatAm market:

Video-first verification: Harder to spoof than selfies, more effective in validating real users.
Device network analysis: Tracks suspicious behavior patterns to catch synthetic identities.
Compliance-readiness: Supports businesses in staying ahead of rapidly changing regional regulations.
Comprehensive document and Identity Verification: 12,000+ government-issued document types supported across 230+ jurisdictions, enabling cross-border expansion.
For financial institutions struggling with false declines, Veriff’s solution streamlines onboarding by gathering just enough information to be secure—without overburdening the user. This detection and prevention method lets good customers in, and fraudsters out.

The role of education and collaboration

Social engineering scams have surged post-pandemic. Panelists agreed: fintechs must do more to educate users and protect their accounts.

“This isn’t just about technology,” Kaarel emphasized. “It’s about culture. We need shared responsibility, collaborative ecosystems, and fraud prevention strategies tailored to the user base.”

Veriff’s 2025 Identity Fraud Report found that in 1 in 20 verification attempts, someone tried impersonating someone else. The majority of these attacks targeted financial services, with impersonation fraud leading at 77%.

Final word: Trust begins with verification

In a world built on digital trust, fintechs, governments, and consumers all face the same three questions:

Is this person really who they claim to be?
Is this person trusted?
Is this still the same person behind the account?

The answer begins with a powerful, layered identity verification system. As Veriff expands its LatAm footprint, it’s setting a new standard in the fight against fraud—helping organizations reduce risk, comply with evolving regulations, and build trust in every transaction.

“If you want trust,” Kaarel said, “you need to verify.”

Fraudsters need high barriers. Good customers need a smooth journey.

Kaarel Kotkas CEO Veriff

The post Fight against fraud in the digital age: Insights from Web Summit Rio 2025 appeared first on Veriff.

Deep dive: Exploring the latest account takeover fraud statistics [2025]

agustina.bustinduy@veriff.net — Wed, 16 Apr 2025 12:39:25 +0000

In 2025, account takeover (ATO) fraud has surged into one of the most dangerous and rapidly evolving threats facing digital businesses. As fraudsters weaponize data breaches, generative AI, and social engineering, user accounts across financial services, eCommerce, social media, and gaming platforms are at unprecedented risk.

Account takeover (ATO), where cybercriminals gain control of online accounts using stolen credentials, and multi-accounting, the creation of multiple accounts to exploit promotions or bonuses, saw significant growth in 2024. According to Veriff Identity Fraud Report 2025, ATO incidents rose by 13% compared to 2023, while multi-accounting cases increased by 10% year-over-year.

What is account takeover fraud?

Account takeover fraud (ATO) is when fraudsters gain access to a customer’s account without their permission, a type of identity theft. Any online account can be targeted, with the potential for huge financial damage.

In committing ATO fraud, a criminal actor will go through two steps. First, the fraudster gains access to the victim’s account by deploying stolen account information or information they’ve bought.

Once a fraudster has gained access, they will make non-monetary changes to the account. These include:

Changing the victim’s personally identifiable information,
Requesting a new card
Adding an authorized user
Changing the password

The fraudsters can then make a series of unauthorized transactions that appear legitimate. Alternatively, they may sell the confirmed account or the customer’s data to someone else.

Utilizing these illicitly obtained credentials on a large scale constitutes credential stuffing. Credential stuffing is one of the most common techniques for taking over user accounts. Credential stuffing is dangerous to consumers and enterprises because of the ripple effects of these breaches. One of the other challenges is the common practice of users utilizing identical passwords and usernames/emails across multiple platforms. If these credentials are compromised through means such as a database breach or phishing scheme, inputting these stolen credentials into numerous other websites can potentially grant an attacker access to those accounts as well.

ATO in 2025: Key trends and findings

The Veriff Fraud Report 2025 reveals critical insights into how the ATO threat is evolving:

In 2024, account takeovers and multi-accounting surged, with cybercriminals exploiting stolen credentials and promotions. Account takeover cases increased by 13% compared to 2023, and multi-accounting saw a 10% increase year-on-year.
1 in 3 attacks leveraged AI-generated deepfakes or synthetic data to bypass detection
Session hijacking and synthetic identity fraud were commonly paired with ATO tactics
LATAM and US regions faced the sharpest increases, especially in financial and gaming sectors

Why is ATO rising so fast?

Credential stuffing at scale

Hackers use leaked credentials from past data breaches to fuel bots that test login combinations across countless platforms. This process is fast, automated, and highly effective, especially when users reuse passwords.

Weak or outdated MFA

Many organizations still rely on SMS-based multi-factor authentication (MFA), which can be easily bypassed through SIM swapping. Without robust identity verification, these vulnerabilities are prime targets for attackers.

AI-driven fraud techniques

Cybercriminals have turned to generative AI to enhance their tactics, creating realistic deepfakes, mimicking legitimate user behavior, and spoofing biometric data. Traditional detection methods are quickly becoming ineffective against these advanced techniques.

Recent reports show a staggering 2,100% rise in fraud attempts involving deepfakes over just three years. Criminals are no longer limited to phishing or stolen credentials—they’re now leveraging AI-generated audio and video impersonations to outsmart even the most advanced verification systems.

Forge identification documents

Spoof biometric systems like facial and voice recognition

While the financial industry bears the brunt, this growing threat impacts all sectors. Combating synthetic identity fraud demands multi-layered defenses, including AI-enhanced liveness detection, real-time behavioral monitoring, and cross-industry fraud intelligence sharing.

Identity infrastructure gaps

Outdated fraud detection systems and fragmented verification processes leave gaps that fraudsters exploit, particularly in industries rapidly adapting to digital transformation.

Techniques behind ATO attacks

Cybercriminals in 2025 employ increasingly advanced techniques to execute account takeover (ATO) fraud at scale. Phishing and spear phishing campaigns impersonate trusted brands or individuals to trick users into revealing their login credentials, while AI-enhanced credential stuffing uses machine learning to automate and optimize password-guessing attempts across multiple platforms. Meanwhile, malware and device hijacking tactics like keyloggers and remote access trojans silently collect sensitive data or hijack user sessions.

According to Veriff Ifentity Fraud Report 2025, one of the most dangerous evolutions in this space is emulator-based ATO, where fraudsters use sophisticated software to mimic real devices, bypassing traditional security measures like device fingerprinting and behavioral analytics. These emulators allow attackers to simulate trusted environments, making unauthorized access appear legitimate, and enabling high-volume, stealthy takeovers that can lead to severe financial and reputational damage.

A parallel and increasingly prevalent threat is Business Email Compromise (BEC) — a rapidly expanding ATO subtype. As highlighted in recent findings, BEC schemes exploit compromised or spoofed business email accounts to manipulate employees, particularly within finance teams, into authorizing fraudulent transactions. Common tactics include domain spoofing, social engineering, and fake invoices or wire transfer requests. These attacks are surging in frequency and sophistication, with BEC losses estimated to have reached billions globally in 2025. The scale of this threat underscores the urgency of implementing strong ATO prevention strategies, including robust email authentication, vigilant employee training, and multi-factor authentication.

In 2024, account takeovers and multi-accounting surged, with cybercriminals exploiting stolen credentials and promotions. Account takeover cases increased by 13% compared to 2023, and multi-accounting saw a 10% increase year-on-year

Ira Bondar Fraud Platform Lead

The rising cost of inaction: Account takeover fraud in 2025

Account Takeover (ATO) fraud continues to be a significant and escalating threat, resulting in substantial financial losses worldwide. Recent data underscores the severity of this issue:

Global financial impact: In 2023, ATO fraud led to nearly $13 billion in losses, marking an increase from $11 billion in 2022. Sift+1SpyCloud+1
Projected future losses: By 2025, financial losses from ATO fraud are projected to reach $17 billion globally. VPNRanks+1IDStrong+1
Rising incidence rates: The frequency of ATO attacks surged by 24% year-over-year in 2024. SpyCloud

These figures highlight the critical need for robust cybersecurity measures and proactive strategies to mitigate the growing risk of ATO fraud.

Combating ATO in 2025: Veriff’s best practices

Building trust goes beyond merely protecting accounts—it’s about safeguarding digital identities at every touchpoint. By leveraging machine learning to assess transaction risk, detect anomalies, and profile user behavior at scale, IDV providers like Veriff offer an essential line of defense against the complex, AI-enhanced ATO attacks that are surging across digital commerce. As fraud techniques become more evasive, the consolidation of AI talent and technology in the fraud prevention space reflects an industry-wide push to stay one step ahead. Veriff offers advanced solutions like AI-powered identity verification, enabling accurate fraud detection and risk scoring during onboarding and high-risk interactions. With biometric authentication enhanced by liveness detection, users gain secure, automated access to digital services while preventing deepfakes, spoofing, and account takeovers. Behavioral analytics monitor patterns such as device usage and location changes to detect anomalies in real time, while fraud intelligence networks help flag emerging threats across regions. Additionally, educating customers on strong password practices, phishing awareness, and the importance of multi-factor authentication ensures a more secure digital ecosystem.

Veriff has unveiled the latest enhancements to its Biometric Authentication solution, expanding its product offering.

Key features of the Biometric Authentication solution update include:

Increased conversion – Improved image resolution for better face-matching accuracy and enhanced detail capture in biometric templates.
Improved fraud detection – Analysis of 30+ risk signals across behavioral, device and network parameters improve accuracy and the ability to combat more sophisticated fraud attempts.
Deepfake and synthetic media detection – Veriff improved face liveness checks for synthetic and AI-generated media detection.
User identity-based authentication – another step towards user-centric digital identity to ensure a secure and seamless user experience.
Actionable insights – With more detailed insights, customers are equipped with specifics about what took place during the authentication journey.

User authentication can be a cumbersome process, with some fintech customers completing an average of five different authentication sessions, which introduces friction and negatively impacts the experience,” says Hubert Behaghel, Veriff CTO. “We’ve augmented our Biometric Authentication solution to make it more efficient, user-centric and secure. Our solution adapts to individual user behaviors, ensuring authentication for the users themselves rather than just a session. This level of biometric authentication is one step forward on our journey to one reusable digital identity.

Hubert Behaghel Vice President of Engineering Veriff

Veriff’s role: Trust at the core of digital identity

ATO fraud challenges businesses to rethink identity as the new security perimeter. That’s why Veriff has built a modular, AI-enhanced identity verification and fraud prevention ecosystem that’s:

Trusted by global fintechs and digital banks
Built for flexibility across high-risk industries like gaming and financial services
Scalable across LATAM, EMEA, and the US with 12,000+ documents supported in 48 languages
Designed for conversion and growth, with fraud detection rates rising up to 90% in some cases

Strengthening ATO fraud defenses through Biometric Verification

In a time when Account Takeover (ATO) fraud is surging—up 13% year-over-year according to theVeriff Identity Fraud Report 2025—Kueski’s partnership with Veriff highlights the growing importance of secure and user-centric identity verification. As fraudsters increasingly use AI-generated deepfakes, stolen credentials, and emulator-based attacks to exploit financial services, Kueski’s integration of Veriff’s biometric and behavioral risk assessment technologies is helping to safeguard user accounts at scale. This collaboration not only reduces friction for legitimate users but also reinforces defenses against evolving ATO threats, ensuring trust remains at the core of every interaction.

We have been partnering with Veriff since 2020 to address identity verification and to acquire valuable additional information to integrate into our fraud controls. Fraud challenges are very dynamic, new patterns arise frequently, and the existing ones change very fast, so close communication, high collaboration and effective responsiveness between Veriff and Kueski have been critical to helping us evolve.

SVP OF CREDIT RISK KUESKI

Building a safer internet starts with trust

Veriff exists to restore trust online, enabling businesses to scale with confidence and users to feel secure at every interaction. In a world where ATO fraud is evolving rapidly, proactive defense is no longer optional—it’s essential.

🔎 Ready to dive deeper into the latest fraud trends?
Download the Veriff Fraud Report 2025 to uncover what’s next and how to prepare.

The post Deep dive: Exploring the latest account takeover fraud statistics [2025] appeared first on Veriff.

Veriff

Building trust at scale: How to prevent ecommerce fraud in 2026

What is ecommerce fraud and why is it growing?

Common types of ecommerce fraud businesses face

Payment and card-not-present fraud

Account takeover and credential abuse

Friendly fraud and chargebacks

Key warning signs and high-risk behaviors to watch for

Why advanced fraud prevention is a competitive advantage

Best practices to prevent e-commerce fraud

Taking the next step toward smarter fraud prevention

Six key online fraud trends to watch in 2026

1. Impersonation fraud: The dominant threat

2. Adversary-in-the-Middle (AiTM) attacks: A declining but persistent risk

3. Document fraud: A mixed trend

4. Emulator and injection attacks: A growing concern

5. AI and automation: A double-edged sword

6. E-commerce: A prime target

Regional online fraud trends in 2025

How businesses can stay ahead

Veriff Identity Fraud Report 2026: Key highlights & trends

Key takeaways: The state of fraud in 2026

1. The overall fraud challenge remains constant

2. AI is increasing the danger

3. Impersonation fraud dominated

4. Document fraud is dropping

5. E-commerce platforms were the worst hit

6. Financial services remain in the firing line

Secure your business for 2026

MoneyLIVE highlights: Balancing security & seamless banking

The modern fraud landscape in banking

Volume: The rise of simple scams

Sophistication: AI-powered attacks

Balancing friction and flawless experience

The role of data in authentication

The future of authentication and industry collaboration

Key takeaways

Emulator and injection attacks: Emerging threats to digital businesses in 2026

Emulators: simulating devices to deceive systems

How emulator fraud works

Injection attacks: manipulating sessions to gain access to systems

How do injection attacks work?

Stay ahead of online fraud threats

Why emulator and injection attacks are serious threats

1. Evasion of traditional fraud detection systems

2. Scalability and automation

3. Increased risk to sensitive data

4. Undermining customer trust

5. Costs of remediation

Defending against emulator and injection fraud

Conclusion: Staying ahead of the fraudsters

What is an injection attack?

What are the common types of injection attacks?

What are some examples of emulation attacks?

California data privacy trends & compliance action points for financial services

1. Expanded consumer rights

2. Broader scope for businesses

3. Sensitive personal information and data protection

4. Automated Decision-Making Technology (ADMT)

5. Mandatory risk assessments

6. Annual cybersecurity audits

7. Regulatory enforcement

8. Compliance deadlines

Conclusion: Preparing for continuous evolution

Stay Ahead of Data Privacy Compliance!

AI fraud detection: How startups and SMBs can stay ahead

The essential guide to AI fraud detection for small and growing businesses

Key takeaways

What is AI fraud detection?

Why startups and SMBs need AI fraud detection

How AI fraud detection works

How Veriff helps startups and SMBs fight fraud

Case study: How a small e-commerce platform reduced fraud

More examples of Veriff’s impact

AI Fraud detection’s impact across industries

The future of AI in fraud detection

Conclusion: Grow your business with confidence

Secure Your Business

Frequently Asked Questions (FAQs)

What is AI fraud detection?