April 22, 2026Synthetic identity fraud and account takeovers are surging because AI has removed the barriers that once limited their scale, and most enterprise defenses were not built to stop them.
Two reports landed this month that every financial institution should read together.
LexisNexis Risk Solutions, analyzing 116 billion online transactions, found that synthetic identity fraud increased eightfold in 2025 and now accounts for 11% of all fraud globally, making it the fastest-growing fraud type in the world.
PYMNTS Intelligence found that unauthorized-party fraud, driven by credential theft and account takeovers, now makes up 71% of fraud incidents and dollar losses, a sharp reversal from last year.
These aren’t new threats. They’ve been eroding trust and draining revenue for decades. What’s changed is the accelerant.
Why is synthetic identity fraud so hard to detect?
Synthetic identity fraud occurs when a criminal blends pieces of information belonging to multiple consumers to craft a fake identity. It’s a long con, building credit history, establishing trust, then cashing out. The patience required used to limit its scale.
Generative AI removed that constraint. Fraudsters are investing time in learning technologies such as generative AI to create sophisticated synthetic identities at speed and at volume, complete with fabricated historical backup data that passes conventional checks.
Account takeover follows the same logic. Fraudsters don’t need to defeat MFA outright, they only need to persuade legitimate users to defeat it for them. Stolen credentials, intercepted OTPs, SIM swaps, social engineering: the attacker presents as the legitimate account holder because they’ve acquired the keys.
In both cases, the question no system is asking clearly enough is: is this the actual person?
The numbers that should concern you
The numbers that should concern you
- 8× increase in synthetic identity fraud in 2025
- 71% of all bank fraud incidents now driven by account takeover and credential theft
- 68% of financial institutions have increased fraud detection spending, yet about one in five institutions, especially smaller and regional banks, operate without advanced capabilities and that gap is widening
- 216% increase in login attack rate in e-commerce, where fraudsters work to gain control of customer accounts
Why is the contact center the highest risk point for fraud?
Contact centers have become the new front door for fraud, just as the IT help desk has long been the front door for internal compromise. In both cases, the attacker’s weapon is not malware first, but manipulation: social engineering designed to exploit trust, urgency, and human process. The difference now is that these attacks are being supercharged by AI.
Fraudsters can sound more convincing, more personalized, and more scalable than ever before, using cloned voices, real-time conversational AI, and rich personal data harvested from breaches and digital exhaust. What was once the domain of opportunistic scammers has become a professionalized, technology-enabled threat vector aimed directly at the people, systems, and workflows that authorize access, move money, and change customer records.
Why is knowledge-based authentication no longer enough?
Knowledge-based authentication was already weak. In a world where data breaches have exposed vast personal information at scale, it’s effectively redundant. OTPs are intercepted. Passwords are purchased. Device signals are spoofed.
And the attacks are getting smarter. Bots can now mimic genuine human actions, such as how we move a cursor around a login screen, with a high degree of plausibility to fool the latest fraud detection tools.
The one thing that cannot be bought from a breach, intercepted in transit, or fabricated at scale is the voice of the person who actually holds the account.
How do you verify identity in real time without adding friction?
ValidSoft’s Voice Identity Platform (VIP®) was built on one principle: guaranteed identity. Not assumed identity. Not probable identity. Guaranteed.
We’ve been doing this long before AI fraud became an industry headline. Here’s what that means in practice:
Voice Biometrics, passive, real-time, continuous authentication that verifies the living person speaking, not the credentials they present. A voiceprint is a mathematical representation of a person’s unique physical makeup, it cannot be reverse engineered, is quantum safe, contains no PII and is worthless if stolen in a breach, shared, or intercepted. Every transaction is cryptographically bound to the verified user.
Voice Verity® Deepfake Detection, our patented, continuous, passive, deepfake detection technology distinguishes live human speech from AI-generated audio in real time. No enrolment required. No friction. Active from the first word of every call.
Fraudster Watchlists, known bad actors are flagged automatically before they cause damage, across your contact center, IVR, and digital channels.
VoiceMFA™, device + spoken digits + unique voiceprint, combined into a single spoof-proof credential. More secure than any OTP solution on the market.
Synthetic Identities and Account Takeovers at Scale
AI has given fraudsters capabilities that were once out of reach. The scale, speed, and sophistication of synthetic identity fraud and account takeover have all accelerated as a result.
But the vulnerability they exploit isn’t new. It’s the same gap that has always existed: organizations authenticating what someone knows or has, rather than verifying who they are.
ValidSoft closes that gap, using AI and voice biometrics to protect organizations from threats that have been around for years, and from the AI-powered evolution of those threats happening right now.
Identity is the perimeter. If you can’t guarantee who you’re talking to, nothing else in your security stack matters.
For CEOs, the strategic implication is clear: the contact center must now be treated as a critical security control point, not simply a service channel. Knowledge-based authentication is effectively dead in this environment. Personal details, passwords, memorable information, and one-time challenge questions are too easily stolen, guessed, bought, or socially engineered to provide meaningful assurance.
“If attackers can convincingly impersonate a customer or employee, traditional point-in-time authentication collapses. The organizations that will stay ahead are those that recognize that trust must be established continuously throughout the interaction by confirming that the caller is real, that they are the right person, and that any action taken is securely bound to that verified identity. In the AI era, service and security can no longer be separated.” Founder & Executive Chairman, Pat Carroll.
Is It Human? Is It the Right Human; Is the Outcome Legitimate? ValidSoft knows™
