For a long time, financial fraud was mostly a technology problem. Someone stole your password, cloned your card, or broke into your account. The solution was better locks: stronger encryption, two-factor authentication, smarter detection software. The assumption underneath all of it was that you, the customer, were real and that verifying you were actually at the keyboard was enough.
Artificial intelligence is dismantling that assumption. It is now possible to generate a convincing human voice, a realistic face, a fabricated identity document, and a plausible transaction history, all without a real person involved at any stage. Fraud is no longer just about breaking into accounts. Increasingly, it is about inventing the account holder from scratch.
The fraud problem that has no real victim to report it
The numbers are starting to reflect how serious this has become. U.S. unsecured credit losses tied to synthetic identity fraud reached approximately $2.94 billion in 2025, up from $1.8 billion in 2020, and are projected to exceed $3.1 billion in 2026, according to Mitek Systems published in June. The same research found that 84% of fraud executives now consider synthetic identity fraud a high or moderate risk to their onboarding processes, and the problem is growing at roughly 16% a year.
What makes synthetic identity fraud particularly difficult to catch is the absence of a victim. Traditional identity theft hurts a real person whose information was stolen, and that person eventually notices and reports it. Synthetic identities, built by combining real data fragments with fabricated information to create a persona that belongs to nobody, produce no victim and no complaint. The fraud can run for months, sometimes years, before anyone realizes the customer was never real.
More AI:
- Goldman Sachs has blunt message for AI stock investors
- Microsoft CEO sends a blunt warning on AI and the tech ecosystem
- The next AI infrastructure race has nothing to do with chips
Jialiang Chang, Director of Security Engineering and Senior Audit Partner at CertiK, puts the core problem plainly. “It’s getting harder to trust digital identities. As AI-generated voices, images, and videos become more realistic, banks and other financial companies will have a tough time knowing if they are dealing with a real customer or a scammer,” he told TheStreet.
Generative AI has made building these identities considerably easier. What once required specialized skills and significant effort now takes minutes. About 40% of financial institutions are already seeing higher attack rates linked to AI, and most expect the problem to grow, CFO Dive reported.
Michael Heinrich, CEO and co-founder of 0G Labs, distills the shift to one line. “AI has made identity itself cheap to forge. Deepfaked voices and video already defeat the verification methods banks leaned on for decades,” he told TheStreet.
Why the obvious fix creates a different problem
The financial industry’s natural response to all of this has been to collect more. More biometric data, more behavioral signals, more identity verification at onboarding. Banks and payment companies are pouring money into facial recognition, voiceprint authentication, and continuous monitoring systems designed to catch fraud that one-time document checks miss. The logic is hard to argue with: if fraudsters can fake a document, require something harder to fake.
The problem is that this approach builds a different kind of risk. Every centralized database of biometric data is a target, and unlike a password, a stolen fingerprint or facial scan cannot be reset after a breach. The institution collecting all of this is not just protecting customers from fraud. It is also accumulating a liability that will last indefinitely.
Chang is direct about where this line should be drawn. “Banks and financial companies definitely need better security, but that shouldn’t be an excuse to collect as much personal data as possible,” he said.
The deeper concern is that biometric collection may be solving the wrong half of the problem. Centralized databases of faces and voiceprints, once breached, represent a permanent exposure that no patch can fix. The question is whether verification can happen without institutions needing to store the underlying biometric data at all, a technical approach that would separate the act of checking identity from the act of keeping it.
Morsa/Getty Images
What comes after biometrics, and who is at risk if it goes wrong
The concept gaining real traction is proof-of-human systems: technologies designed to verify that someone is a living individual without requiring them to hand over extensive personal data. The urgency is new even if the idea is not. As AI-generated identities become cheaper and more convincing, the ability to confirm a human is on the other side of a transaction starts to look less like a feature and more like foundational infrastructure. Many institutions are already rethinking their onboarding processes because point-in-time verification is no longer reliable against synthetic identities, the Thomson Reuters Institute noted.
But Heinrich sees the challenge going somewhere further still. As AI systems become capable of executing financial transactions on behalf of users, managing investments, initiating payments, interacting with brokerages, the question of who is on the other side of a transaction becomes even more complicated. “The bigger shift is that it is not only proof-of-human, it is proof-of-agent. As AI agents start to move money, every agent needs a verifiable identity plus a clear chain of who owns it and what it is authorized to do,” he added.
The problem that cannot be patched
Financial institutions have navigated technology disruptions before. Online banking, mobile payments, digital lending: all of it required significant adaptation and the industry managed. The difference with AI-driven identity fraud is that the core problem is not a vulnerability that can be fixed with a software update. It is a permanent shift in what fraud looks like and in who can afford to commit it at scale.
The cost of deception has fallen. The quality of impersonation has risen. The tools required to build a convincing synthetic identity are widely available and continuing to improve. Institutions still debating whether to treat this as a priority problem are already behind the ones that have moved past that question and are now working on the answer.
Related: Microsoft CEO sends a blunt warning on AI and the tech ecosystem