Sumsub has published its Fraud Exposure Survey 2025, concluding that fraudsters are moving beyond money grabs into large-scale identity takeovers.
The report compares internal identity verification and user activity data from 2026 and 2025, with data from 2023 taken into account in certain cases. Sumsub analysed 4 million fraud attempts and surveyed both consumers and companies, including 1,200+ end-users from Latin America, North America, Europe, Asia, Africa, and the Middle East, as well as 300+ fraud and risk professionals from companies of diverse sectors, including banking, crypto, payments, e-commerce, trading and iGaming.
Financial loss remains significant, with 84% of fraud cases in the APAC region involving social media and government portal account control now, reflecting a shift in how scammers operate. Powered by AI and fraud-as-a-service tools, these schemes are becoming fewer, but carefully planned and resource-intensive attacks that deliver greater damage.
Statistics from the APAC region
As identity fraud shifts to a new era of sophistication, Sumsub found two distinct categories, including first-party fraud, where the verified user is the perpetrator, and third-party fraud, where external attacks exploit victims or impersonate them. The APAC is responding with stricter regulations against fraud, with Singapore enacting the Protection from Scams Act in 2025 that can freeze or limit scam-linked accounts.
The study found that 53% of APAC consumers experienced fraud in 2025, with phishing and weak passwords being the main weak points. More than half of consumers reported an encounter or possible encounter with deepfakes online, reflecting the increasingly convincing nature of synthetic media. This led to social media account takeover, stolen funds, individuals tricked into sending money, and a compromised government portal. This led to 89% of consumers choosing providers with rigid anti-fraud systems.
When it comes to businesses, 69% of them experienced fraud in 2025, with the leading schemes being synthetic identity fraud, chargeback abuse, deepfakes to bypass verification, and application fraud. Regarding third-party attacks, firms faced identity theft, card testing, account takeover, and bot-driven attacks. Firms failing to protect consumers may face financial losses and consumer churn.
Sumsub believes that human weakness enables digital crime, amplified by AI-driven social engineering, with deepfake-enabled calls, emails, and impersonations weaponised for targeted fraud. Scammers target identities, as this unlocks more monetisation paths. Bad actors hijack verified accounts through SIM swaps, phishing, stolen credentials, and more to inherit trusted data from completed KYC checks, allowing them to move funds, change account information, and add payment methods.
These attacks happen through cross-border fraud rings where synthetic and stolen IDs interact, reinforcing each other’s legitimacy. Businesses project that the trend will accelerate, with 88% expecting more AI-powered fraud, and 55% expecting a rise in organised attempts. This is why 63% of businesses support stricter regulations, believing that compliance is key to safeguarding growth and reputation.
