Sumsub has released its fifth annual Identity Fraud Report 2025-2026, revealing a global “Sophistication Shift”—a new phase of digital fraud driven by AI and the professionalization of fraud-as-a-service tools.
While overall global fraud volumes are stabilizing, high-quality attacks have increased by 180% YoY. In APAC, synthetic personal data attacks—which combine fabricated identity information, including names, addresses, date of birth, identity document numbers, with high-quality synthetic identities—surged 142% YoY, now making up for 15.7% of all fraud attempts, the region’s third-largest fraud category.
The report draws on millions of verification checks and more than 4 million fraud attempts worldwide, alongside insights from Sumsub’s Fraud Exposure Survey 2025, which gathered responses from over 300 risk professionals and 1,200 end users.
Tougher enforcement across the region is also reshaping the landscape, as fraud is increasingly treated as a criminal offence. According to Sumsub’s Fraud Exposure Survey 2025, nearly two-thirds (60%) of companies in the region reported incidents to police, instead of treating fraud as a compliance issue—well above Europe’s 29%.
This heightened enforcement has also exposed the scale and organization of fraud rings across the region, with one in four individuals targeted for mule recruitment—one of the highest rates globally—highlighting the widespread of criminal recruitment in the region.
“The fraud landscape in APAC has changed faster in the past twelve months than in the previous five years combined,” said Penny Chai, Vice President, APAC at Sumsub.
“In 2025, we saw fraud rates decline across mature economies, including Singapore, Hong Kong, and South Korea — yet deepfakes and synthetic identities are rising faster than anywhere else in the world. Countries such as Bangladesh and India have seen AI-driven impersonations become the new normal.
“This shift indicates that the region’s success in combating basic scams has prompted attackers to adapt their tactics.”
Key findings from the report include:
- Top 5 jurisdictions in APAC with the largest YoY deepfakes growth: Maldives (2100%), Malaysia (408%), Mongolia (200%), Thailand (199%), and Sri Lanka (194%).
- While Singapore’s overall fraud growth rate fell by 12% YoY, deepfake incidents surged by over 158% YoY — the 6th highest growth rate in APAC —driven mainly by impersonation scams and fraudulent e-wallet registrations.
- Cambodia recorded the highest ratio of approved applicants involved in fraud networks in APAC at 17%, followed by Turkmenistan (12%), Australia (10%), India (8%), and Singapore (6%).
- In 2025, 69% of business and 53% end users in APAC reported falling victim to fraud.
- In APAC, 47% of consumers believe fraud protection should be shared equally between companies and the government, while 22% say individuals should protect themselves.
APAC’s fragmented fraud landscape
While enforcement and industry measures are strengthening, the fraud landscape in APAC remains highly fragmented, reflecting the region’s diverse digital maturity and oversight.
While some markets like Malaysia and Pakistan are experiencing rapid fraud growth amid rising digital adoption, others like Indonesia and The Philippines are showing stable but high-risk levels with rise of deepfakes and the increasing exploitation of digital platforms.
Meanwhile, jurisdictions such as Hong Kong, Singapore, Australia, and India have recorded overall declines in fraud, supported by stronger regulation, though attacks are becoming more sophisticated.
The diverging fraud trajectories across APAC highlight how much outcomes depend on policy enforcement, digital adoption speed, and attacker strategy. However, as Sophistication Shift shows, while fraud rates in some mature markets may drop, their complexity and impact continue to grow.
The next frontiers of sophisticated fraud
As verification systems evolve with these sophisticated attacks, new tactics are also emerging. In 2025, telemetry tampering surged across industries, accounting for a growing share of blocked verification attempts.
Rather than forging documents or deepfakes, fraudsters now manipulate the invisible infrastructure behind each verification, including SDKs, APIs, and device signals, to make fraudulent activity appear legitimate.
The year also saw the rise of AI fraud agents — autonomous systems that use generative AI, automation, and behavioural mimicry to carry out full verification attempts end to end. What began as isolated experiments in 2025 is expected to accelerate into a major wave by 2026, as these self-operating bots evolve to adapt their tactics in real time.
In some cases, a single agent can orchestrate a comprehensive attack chain, mixing fake-ID document generation, deepfake video submission, and human-like interaction at high speed.
Securing APAC’s Digital Future
As APAC’s digital economy continues to outpace global growth, the region has become both a prime target and a proving ground for these sophisticated attacks.
To stay ahead, organizations must adopt multi-layer verification frameworks that continuously assess device telemetry, behavioral patterns, and contextual signals to identify both advanced identity manipulation and non-human attack behaviors.
This means moving from static, one-time checks to dynamic systems that learn and adapt in real time. It’s no longer just about stopping fraud at the door, but about building trust that evolves with every interaction.
