"We are witnessing a 100-fold increase in synthetic identities and a sevenfold rise in deepfake-driven impersonations over the past 24 months," Fernanda Sottil, Senior Director of Strategy at Incode Technologies, warns — a crisp summary of how fast fraud has changed and who it threatens most.
Scale: synthetic identities and deepfakes multiplying
Generative AI is being used not only for legitimate business efficiencies but as a fraud multiplier. The source reports a 100-fold rise in synthetic identities and a sevenfold increase in deepfake-driven impersonations over the prior 24 months. Nearly half (46%) of businesses surveyed by Incode in 2025 reported an annual increase in deepfake and generative AI fraud. The effect is to enable attackers to target multiple victims at once using the same or fewer resources, dramatically increasing reach and speed.
Financial forecast and executive concern
Industry analyses cited in the source put dollar figures on the trend: Deloitte’s Center for Financial Services projects U.S. AI-enabled fraud losses could climb to $40 billion by 2027, up from $12.3 billion in 2023. Business leaders are already taking notice: an Experian report found that 72% of business leaders anticipate AI-generated fraud, including deepfakes, will be a top operational challenge in 2026. The source frames the problem as no longer a back-office technical issue but a boardroom priority for banks, fintechs, and telcos.
The 7-Day Benchmark: speed as the primary security metric
The article frames the defense challenge as an arms race and prescribes agility as the key metric. It describes a "7-Day Benchmark": a defense model must identify a new attack vector, retrain its data sets, and deploy an updated mitigation model within 7 to 10 days. The logic is simple in the source — vendors with months-long update cycles leave customers exposed while attackers iterate rapidly. The source further notes that, by some estimates, about 80% of fraud is easily detectable while the remaining 20% requires high-level expertise — the latter being where many vendors reportedly fail.
Vendor checklist: four questions procurement leaders must ask
To close the "velocity gap" between attackers and defenders, the source lays out four pointed questions executives should put to identity-verification providers:
- “How accurate is your facial recognition capability? And what third-party certifications do you hold for mobile environments?” The source recommends independent validation against standards such as iBeta Level 3 compliance on both iOS and Android and cites a claim that a top-tier solution should achieve a 0% error rate.
- “How do you measure and report your own error rates?” Demand audited metrics on false positives and false negatives for every session.
- “Do you own your technology or license it?” Ownership determines iteration speed; proprietary updates should happen in days rather than months.
- “How does your network share intelligence to flag repeat offenders?” Ask whether vendors can cross-share biometric, VPN, and network data across their client base to proactively block known fraudsters.
Deepsight, Incode, and technical defenses described
The source highlights an approach described as Deepsight — combining machine learning, behavior checks, and device checks to identify camera injections, synthetic document fraud, and to verify that a user is a real person. It also points to independent testing as an evidence measure: in a 2024 National Institute for Standards and Technology (NIST) evaluation of 158 developers using galleries of mugshot, Visa, and Border images, Incode ranked #1 out of all full solution identity verification providers. The source adds that Incode scored top marks in NIST’s Face Analysis Technology Evaluation for the lowest error and false-positive rates.
What this means for banks, fintechs, and telcos
Banks, fintechs, and telcos — named specifically in the source — are urged to move beyond periodic risk assessments. The article advises procurement and security leaders at these organizations to audit their vendor ecosystems immediately: insist on proprietary technology that can iterate in days, require top-tier independent certifications for mobile environments, and prioritize vendors that share real-time intelligence across their networks. The underlying message in the source is clear: treating identity verification as a static compliance checkbox is no longer defensible.
Enterprises face a rapidly evolving threat environment where speed, ownership of technology, and validated performance matter as much as algorithmic sophistication. The source concludes with a practical directive for executives: audit vendors now, demand fast iteration and proven certifications, and prioritize real-time intelligence sharing — or risk ceding trust, revenue, and operational continuity to fraudsters who have weaponized AI.
