A deepfake attempt now happens every five minutes. Not hypothetically. Not in a lab. In production environments, targeting live platforms, trying to pass verification checks that millions of real users go through every day.
That single stat — pulled from Regula’s 2024 identity fraud report — explains why the entire identity verification industry is being rebuilt in real time. What used to be a compliance checkbox buried in the onboarding flow has become the single most important piece of digital infrastructure any platform operates.
The Threat Landscape Has Fundamentally Changed
The numbers from 2024 and early 2025 are genuinely alarming.
| Threat Type | Growth Rate | Source |
| AI-generated deepfakes (Europe) | +900% at start of 2025 | Sumsub |
| Synthetic identity fraud | +378% in Q1 2025 | Sumsub |
| Companies hit by audio AND video deepfakes | 49% (up from 29-37% in 2022) | Regula |
| Digital document forgeries | +244% year-over-year | Regula |
| Deepfake attempt frequency | Every 5 minutes | Regula |
This isn’t the old world of stolen passwords and phished credentials. The attack surface shifted. Bad actors now run human fraud farms. They deploy bots built on generative AI. They create synthetic identities — fabricated people who pass basic validation checks but have zero real-world footprint.
Traditional document uploads catch none of this. A static selfie compared against a static ID photo? That worked in 2020. In 2026, it’s a liability.
The Regulatory Response: Three Frameworks Reshaping Verification
Governments aren’t sitting this one out. Three major regulatory shifts are converging simultaneously.
1. EU Digital Identity Wallet (eIDAS 2.0)
The EU Digital Identity Framework Regulation came into force in 2024. The mandate is clear: every EU member state must offer at least one digital identity wallet to all citizens and residents by 2026.
What this means in practice:
- Individuals can securely store and share verified identity documents digitally
- Platforms can verify claims (like “this person is over 18”) without seeing unnecessary personal data
- Cross-border verification becomes standardized instead of fragmented
Gartner’s projection: over 500 million smartphone users globally will rely on digital identity wallets for verifiable claims by 2026. Europe is the first region forcing the infrastructure into existence, but others are following. Turkey already claims 99% digital ID coverage among adults. Brazil reports 90%+ registration rates.
2. UK Online Safety Act
From July 2025, any service hosting pornographic content must implement “highly effective age assurance” to prevent minors from accessing it. Ofcom confirmed enforcement will expand beyond adult platforms to include user-generated content, live streaming, dating services, and social platforms.
The ripple effect hit every regulated sector. Gambling operators faced reinforced expectations from the UK Gambling Commission, which now requires verified age and identity before permitting any gambling activity — not after.
3. Global AML/KYC Tightening
The Financial Action Task Force (FATF) reported that 75% of jurisdictions were only partially or not at all compliant with their requirements for virtual asset service providers. That gap is closing fast. Crypto platforms, fintech apps, and cross-border payment services are all under increased pressure to match the KYC standards traditionally reserved for banking.
The Technology Keeping Up
The identity verification industry responded with a fundamental architectural shift: perpetual KYC.
Old model? Verify once at signup. Done.
New model? Continuous monitoring. Re-verification triggered by behavioral changes, transaction anomalies, ownership updates, or external data feeds like sanctions list changes.
What Modern Identity Verification Stacks Look Like:
Layer 1 — Document Verification
- OCR-powered data extraction from IDs and passports
- AI forensic analysis detecting tampered documents
- NFC chip reading for machine-readable travel documents
Layer 2 — Biometric Verification
- Face matching (selfie vs. document photo)
- Liveness detection (preventing printed photos, video replays, masks, and injection attacks)
- Behavioral biometrics (how a user types, swipes, holds their phone)
Layer 3 — Ongoing Monitoring
- Perpetual KYC with real-time data feeds
- AI-driven risk scoring analyzing device fingerprints, IP patterns, and transaction velocity
- AML screening against sanctions, PEP lists, and adverse media databases
Layer 4 — Passwordless Authentication
- Passkeys (pushed aggressively by Apple, Google, and Microsoft throughout 2025)
- Biometric login replacing passwords entirely
- Device-bound credentials eliminating phishing attack vectors
Financial institutions using end-to-end verification platforms report 2-4x higher onboarding completion rates with significant drops in false positives and cart abandonment. The technology isn’t just about security anymore — it directly impacts conversion rates.
How Different Industries Are Adapting
The pressure looks different depending on the sector, but the direction is identical everywhere.
| Industry | KYC Requirement | Current State |
| Banking & Fintech | Full KYC/AML compliance, ongoing monitoring | 69% adopted eKYC by 2024. Deepfake detection now standard. |
| Gambling & iGaming | Age + identity verified BEFORE activity | UK Gambling Commission enforcing pre-play verification. Platforms like 1xbet login registration implementing multi-step flows balancing compliance with user experience. |
| Crypto & DeFi | Rapidly aligning with traditional finance standards | HM Treasury confirming identity verification will match banking-level requirements. |
| Social & Dating | Age assurance mandated under Online Safety Act | Ofcom expanding enforcement to UGC platforms, live streaming, dating apps. |
| E-commerce | Risk-based verification for high-value transactions | Video KYC adoption growing for luxury/high-ticket purchases. |
The gambling sector is worth highlighting specifically. Remote gambling operators can no longer rely on delayed verification — the “verify later” model is dead in most regulated markets. The registration flow itself has become the compliance checkpoint, and operators that make it frictionless while maintaining rigor are seeing measurably better retention.
The Market in Numbers
The investment pouring into identity infrastructure tells its own story.
- Global digital identity market: $64.44 billion (2025) → $145.80 billion (2030) at 17.74% CAGR
- eKYC market specifically: $805.8 million (2024) → $3.56 billion by 2033
- Video KYC market: Expected to reach €323.7 million by 2026, surging to €877 million by 2033
- Total KYC spend worldwide: Growing 140% over the next five years from a $9.2 billion base
Leading platforms in the space — Sumsub, Onfido (now Entrust IDV), Ondato, iDenfy, ComplyAdvantage — are all racing to integrate AI-powered fraud detection with low-friction user experiences. The winners won’t just be the most secure. They’ll be the ones who verify in seconds without making the user feel like they’re going through airport security.
What This Means Going Forward
Three things to watch through 2026:
Perpetual KYC becomes default. One-time verification at signup is being replaced by continuous identity monitoring across every regulated sector. Re-verification triggers will be automated and data-driven.
Digital identity wallets go mainstream. The EU mandate ensures infrastructure rollout across 27 member states. Once the wallets exist, every online platform — from betting to banking to age-gated content — will integrate with them.
Deepfake arms race intensifies. As detection improves, so do the attacks. AI-generated synthetic identities that fool current liveness checks are already in development. The verification industry is in a permanent state of escalation.
