Sumsub has released its latest Identity Fraud Report 2025-2026, highlighting a significant escalation in advanced fraud techniques across the Asia-Pacific region as AI-driven attacks become more sophisticated. The company said global fraud volumes are stabilising, but higher-quality attacks are increasing sharply, with APAC emerging as one of the fastest-changing regions.
APAC sees rapid increase in synthetic identities and deepfakes
According to Sumsub, synthetic personal data attacks in APAC jumped 142% year on year, now accounting for 15.7% of all fraud attempts in the region. These cases involve creating fabricated identities by combining invented details such as names, addresses, dates of birth, and identity document numbers with high-fidelity digital assets. Sumsub described this trend as part of a wider “Sophistication Shift”, in which fraudsters are moving away from basic scams towards AI-enhanced identity manipulation.
The findings are based on millions of verification checks and more than four million fraud attempts recorded globally. Responses from over 300 risk professionals and more than 1,200 consumers were also incorporated.
The report noted that enforcement across APAC has intensified, with 60% of companies reporting fraud incidents to police rather than treating them as compliance matters. Sumsub said this effort has exposed the breadth of organised fraud rings in the region, including widespread attempts at mule recruitment. One in four people reported being approached for such activity, one of the highest rates worldwide.
Penny Chai, Vice President for APAC at Sumsub, said the pace of change is unprecedented. “The fraud landscape in APAC has changed faster in the past twelve months than in the previous five years combined. In 2025, we saw fraud rates decline across mature economies, including Singapore, Hong Kong, and South Korea, yet deepfakes and synthetic identities are rising faster than anywhere else in the world. Countries such as Bangladesh and India have seen AI-driven impersonations become the new normal. This shift indicates that the region’s success in combating basic scams has prompted attackers to adapt their tactics.”
Sumsub identified five APAC jurisdictions with the largest year-on-year deepfake growth: Maldives at 2,100%, followed by Malaysia at 408%, Mongolia at 200%, Thailand at 199%, and Sri Lanka at 194%. Singapore experienced an overall decline in fraud of 12% but saw deepfake cases increase by more than 158%, largely linked to impersonation scams and fraudulent e-wallet registrations.
Cambodia recorded the highest ratio of approved applicants later found to be involved in fraud networks at 17%. Turkmenistan, Australia, India, and Singapore followed. The company added that 69% of APAC businesses and 53% of consumers reported falling victim to fraud in 2025. Almost half of consumers in the region believe that fraud protection should be a shared responsibility between companies and government, while 22% believe individuals should protect themselves.
Fragmented readiness across diverse markets
Sumsub noted that APAC’s fraud landscape remains uneven due to variations in digital maturity, regulatory enforcement, and the pace of technology adoption. Markets such as Malaysia and Pakistan are experiencing fast-rising fraud volumes as more services move online, whereas Indonesia and the Philippines are seeing stable but high-risk environments driven by increased deepfake activity and the misuse of digital platforms.
By contrast, more mature jurisdictions including Hong Kong, Singapore, Australia, and India have recorded overall declines in fraud levels. Sumsub said stronger regulation and greater public awareness contributed to these improvements, although the remaining attacks tend to be more sophisticated, highly targeted, and technologically advanced. The company stressed that differing policy approaches and the speed of digitalisation continue to shape regional outcomes.
Rise of telemetry tampering and AI-driven fraud agents
The report also observed new methods emerging as verification systems adapt. Telemetry tampering has become significantly more common, with attackers manipulating back-end signals such as SDKs, APIs, and device fingerprints to disguise fraudulent behaviour as legitimate activity. These attempts accounted for a growing share of blocked verification cases last year.
Sumsub also flagged a rise in autonomous AI fraud agents capable of orchestrating full attack chains. These systems can generate fake identity documents, create deepfake videos, complete verification flows, and mimic human interactions. What began as isolated experiments is expected to become widespread by 2026 as fraudsters automate more complex behaviours.
Looking ahead, Sumsub said organisations must rely on multi-layer verification frameworks that analyse device telemetry, behavioural data, and contextual patterns. The company argues that verification can no longer function as a one-off process but must evolve dynamically in response to changing risk signals. It said the priority is not only preventing fraud at the point of onboarding but also maintaining trust across every interaction.
