Identity Fraud: 3 Rising Trends To Watch in 2025

In today’s fast-shifting fraud landscape, real-time multi-signal analysis is essential. At Incode, our in-house Fraud Lab analyzes millions of identity signals daily, detecting fraud patterns as they emerge.

In today’s blog, we spotlight three rising fraud trends we’re seeing firsthand. They highlight how rapidly threats are evolving and why staying ahead means always anticipating what’s coming before it hits.

Currently we’re seeing that generative AI-powered video reenactments are becoming more prevalent, moving beyond static deepfakes to dynamic liveness spoofing.

Serial fraud is also on the rise, with LATAM and Asia showing recurring patterns of identity and biometric reusage, particularly the same faces submitted with different names, or the same credentials tied to different faces.

At the same time, organized fraud rings are onboarding real individuals, later seizing control of those accounts and reusing the same devices across multiple attempts.

These developments, explained in more detail below, reinforce the need for persistent cross-session analysis, device tracking, and real-time detection to stay ahead of increasingly adaptive fraud networks. 

Deepfakes: Video Reenactments in the USA

North American data shows increased use of liveness spoofing via animated face videos, where static images were transformed into responsive, lifelike reenactments. Investigation revealed the use of generative tools capable of synthesizing realistic movements from static images.

What began as static spoofs has now grown into full-scale video deepfakes, often paired with serial fraud or organized crime patterns, where attackers reuse devices, PII, or biometrics across multiple sessions.

• Fraud in the USA has seen growth by 0.8%, which was contributed by this emerging type of attack
• Labeling & fraud review teams must go through rounds of trainings to be able to visually detect these cases
• Passive liveness alone might be insufficient, therefore, Incode uses a multilayered approach to detect fraudulent cases.

Serial Fraud: ID & Biometrics Reuse in Latin America and Southeast Asia

Colombia and the Philippines continue to show consistent fraud patterns, particularly among organized rings that strategically reuse identity data. Two main tactics dominate:

• Biometric Reusage: The same face or selfie is submitted multiple times, each paired with different personal information—names, birthdates, or document numbers—to appear as distinct individuals.
• PII Reusage with Different Faces: Fraudsters use the same document number or name—often from real individuals with clean records—but attach different facial images, including edited, morphed, or entirely unrelated faces.

These techniques aim to bypass government validations and credit bureau checks by linking fraudulent biometrics to legitimate user data—typically from individuals with good credit or no risk flags. This significantly increases the likelihood of passing automated identity and risk screening.

By recycling trusted data, fraudsters exploit verification systems that evaluate each session in isolation. Detecting this activity requires cross-session analysis, biometric clustering, and behavioral correlation to expose patterns that wouldn’t be flagged individually.

Incode is leveraging its strong 1:N system to compare biometric and document data (Antifraud engine), which allowed us to detect all fraud of such nature.

Organized Crime: Device Reuse in Latin America

Recent investigations have revealed a pattern of coordinated onboarding activity that appears to blend legitimate user acquisition with fraudulent intent. In several cases, users were onboarded through assisted sessions in public-facing environments, potentially as part of field acquisition efforts.

While these sessions did not show signs of coercion, red flags emerged—such as repeated use of the same device, unnatural facial behavior, and tampering with ID documents. In some instances, backgrounds in ID photos included documents suggesting mass registration efforts. These tactics are consistent with fraud methods previously observed and point to organized abuse of the onboarding flow.

Further analysis by the fraud investigation team uncovered a network of credential theft and reuse. Legitimate users were onboarded, only to later have their credentials compromised and used again from the same device to open additional accounts. Many users were unaware their identities were being misused.

Device fingerprinting showed that in some cases, a single phone was used to create 10 or more accounts within a short timeframe. This combination of assisted onboarding and repeated device reuse suggests a structured fraud operation, not isolated incidents.

Why Multi-Layered Defense Is Essential

These findings reinforce a clear reality: identity fraud is evolving in sophistication, coordination, and scale. From AI-powered reenactments to structured serial fraud and device-linked account takeovers, the tactics used by fraudsters are no longer isolated or opportunistic, they’re systematic and increasingly intelligent. These results highlight the value of multilayered defenses.

Incode defends against multi-angle fraud by simultaneously analyzing multiple fraud signals to deliver a whole new level of spoofing detection. It combines multi-modal biometric checks with camera, device, and behavior trust and uses multi-frame video liveness to detect spoofing attempts while delivering a passive user experience.

Learn more about why Incode has been recognized as a leader in Identity Verification.

Author