The global digital infrastructure in 2026 has reached a critical inflection point where the traditional concept of identity has been fundamentally decoupled from physical reality. Accelerated by generative AI, machine-scale automation, and a highly professionalized fraud-as-a-service economy, identity exploitation is no longer characterized by isolated security breaches. Instead, we are witnessing the systemic industrialization of identity exploitation.

According to Constella Intelligence, the volume of breached personal data surged by 186% in early 2025. More alarmingly, the total volume of records surged by 135%, correlating an average of 429 billion attributes—such as home addresses, phone numbers, and professional hierarchies—to create a massive “Identity Density Gap”. Attackers are synthesizing data from hundreds of disparate breaches to create high-fidelity, autonomous impersonation profiles.

To understand the current threat landscape and the necessary evolution of identity assurance, we must analyze the findings from six of the world’s leading fraud and identity indexes, alongside supporting data from global security and verification leaders.

`1. Civoryx: Scam Trend Score

The Civoryx Scam Trend Score has emerged in 2026 as a vital predictive tool for compliance teams. Unlike reactive loss databases, this index functions as a behavior-driven early warning system, tracking search momentum across 150 fraud-related queries.

To ensure global accuracy, Civoryx employs a proprietary weighting system called TrendWeight™, which specifically adjusts for regional search bias. This ensures the composite score reflects true shifts in global fraud intent rather than localized search spikes.

The latest data reveals a highly concentrated fraud landscape. Rather than a broad increase across all categories, a small cluster of seasonal and impersonation-based themes is driving the index.

These categories represent the highest volume of weighted search activity, signaling the “mass market” focus of current fraud:

Scam Theme	Weighted Contribution
Tax Fraud	75.74
EZ Pass Scams	57.94
Credit Card Fraud	21.36
Coinbase Text Scam	12.43
PayPal Email Scams	10.53

Compliance Note: The high contribution of tax and toll-related scams suggests that seasonal financial pressures and infrastructure-based impersonations are currently the primary drivers of global fraud attention.

While “Tax Fraud” maintains high volume, the following themes have seen explosive month-over-month (MoM) growth, signaling aggressive new campaigns:

• EZ Pass Scams: +5,685%
• Toll Scam Texts: +2,361%
• DMV Scam Texts: +1,291%
• Coinbase Text Scams: +817%

The Takeaway: There is a definitive “channel shift” toward SMS-driven impersonation. Compliance teams should prioritize reassessing customer-communication controls and updating alerting thresholds to combat these rapid spikes.

Interestingly, as specific, narrative-driven scams skyrocket, generic “awareness” searches are in decline:

• “Is this a scam?”: -55%
• Gift card scams: -46%
• Phishing (General): -18%

This trend indicates a narrative-driven cycle. Public attention is moving away from general skepticism and toward high-urgency threats. When generic queries fall while specific ones rise, it often means fraudsters have found a “hook” so convincing that targets stop questioning the broader concept of fraud and focus entirely on the specific fake crisis presented to them.

2. Sumsub Global Fraud Index

The Sumsub Identity Fraud Report 2025–2026 highlights a profound transition in the global threat landscape known as the “Sophistication Shift”. For the first time, researchers observed a decoupling of fraud volume from fraud impact. While the overall global identity fraud rate saw a marginal decrease from 2.6% to 2.2% over the 2024–2025 period, the complexity, precision, and success rate of individual attempts surged.

Key Insights:

• The Rise of Multi-Step Attacks: The share of sophisticated, multi-step fraud attacks grew by 180% year-over-year, climbing from 10% in 2024 to 28% of all identity fraud in 2025.
• AI-Assisted Forgery: Driven by widely accessible generative tools like ChatGPT, Gemini, and Grok, AI-assisted document forgery rose from 0% to 2% in 2025. With roughly one in 50 forged documents now entirely AI-generated, visual checks are among the most exposed security layers.
• Autonomous Fraud Agents: A severe new risk is the emergence of AI fraud agents—autonomous, self-learning systems capable of executing entire fraud operations with minimal human intervention. A single agent can orchestrate a comprehensive attack chain, mixing fake-ID generation, deepfake video submission, and human-like interaction at high speed.

In short, Sumsub’s Index translates complex country and economic data into a fraud-risk scoreboard, giving security planners a clear view of emerging hotspots and structural vulnerabilities.

3. Veriff Identity Fraud Report

Veriff’s 2026 report reveals that the threat landscape is increasingly sector-specific, with e-commerce and marketplaces emerging as the most severely impacted verticals.

Key Insights:

• The Marketplace Crisis: E-commerce platforms experienced a staggering net fraud rate of 19.2% in 2025—nearly five times the global average of 4.18%. The sheer transaction volume and the complexity of ecosystems involving millions of third-party sellers provide ample cover for sophisticated criminal networks.
• Impersonation Dominance: Impersonation fraud now accounts for over 85% of all fraudulent attempts. Concurrently, traditional physical document fraud dropped by 13% year-over-year, indicating that fraudsters realize modern verification systems are difficult to defeat with fabricated physical documents and are shifting to digital manipulation.
• AI Media Injection: Digitally presented media is now 300% more likely to be entirely AI-generated or altered compared to the previous year. Fraudsters are increasingly utilizing emulator and injection attacks—software that mimics legitimate mobile devices to inject synthetic data directly into the verification flow, entirely bypassing the device’s camera.

In practice, teams can use these numbers to calibrate fraud-detection models: for example, they might strengthen screening for marketplace transactions or accelerate roll-out of AI-driven document and face checks.

4. Sift Digital Trust Index

Sift’s Digital Trust Index underscores a massive surge in the frequency and financial impact of chargebacks and consumer disputes, driven by economic pressures and the democratization of fraud among legitimate consumers.

Key Insights:

• Soaring Chargeback Losses: Worldwide chargeback volume is projected to reach 337 million transactions by 2028 (up 24.3%), with financial losses expected to climb from $33.79 billion in 2025 to $41.69 billion.
• The “Refund Hack” Economy: First-party fraud—where a customer falsely disputes a legitimate purchase—now accounts for 36% of all reported fraud. This behavior is increasingly socialized; 22% of consumers have encountered “refund hack” tutorials on platforms like TikTok and Facebook, and 10% admit to attempting these tactics.
• Agentic Commerce Risks: As “Agentic Commerce” normalizes—where AI agents independently research and execute purchases for consumers—new trust gaps are opening. Nearly half of consumers (47%) fear AI agents making unauthorized purchases, and 61% would blame the AI company rather than the merchant if an order goes wrong, creating complex new liabilities for digital platforms.

By following Sift’s quarterly insights, fraud and cyber managers can adjust their real-time monitoring and rule sets – treating fraud “like system uptime,” as one expert put it – and identify new risks (e.g. first-party fraud and subscription abuse) before competitors do.

5. TransUnion Fraud Trends

TransUnion’s H1 2025 State of Omnichannel Fraud Report points toward a shift in criminal strategy that focuses on high-success, short-term payoffs using exposed identity data.

Key Insights:

• Record Synthetic Identity Exposure: Synthetic identity fraud—creating a “Frankenstein” profile by blending real personal data with fabricated details—is devastating the lending space. U.S. lenders faced a record $3.3 billion in exposure to synthetic identities tied to new accounts at the end of 2024. These identities account for over 80% of new account fraud. Fraudsters cultivate these identities over time, expand their credit lines, and eventually “bust out” by defaulting on massive balances.
• The Death of KBA: The report provides hard evidence that Knowledge-Based Authentication (KBA) is fundamentally broken. 58% of business leaders report that stolen personal information is actively used to bypass KBA checks.
• Call Center Vulnerability: With digital perimeters hardening, human support channels are under siege. High-risk calls into US call centers surged by 33% in 2024. Fraudsters utilize deepfake voice cloning and VoIP spoofing to manipulate support agents into executing password resets and account changes.

In practice, a CISO or fraud manager might reference TransUnion’s industry benchmarks to justify investments in customer identity verification or to lobby for stronger cross-sector data-sharing and AI-detection tools.

6. Experian Fraud Index

Experian’s Global Insights 2026 report focuses on the operational shift within enterprises, moving from “experimental innovation” with AI to “accountable intelligence”.

Key Insights:

• Inadequate Defenses: A significant gap exists between threat levels and prevention capabilities. A striking 68% of senior fraud decision-makers admit their current fraud technology stack is inadequate to handle the modern threat landscape.
• Machine Learning Pivot: In response, organizations are heavily pivoting toward Machine Learning (ML). 71% of businesses are now investing more in fraud technology than in human analysts.
• Convergence of Functions: Experian highlights a necessary structural shift: breaking down traditional corporate silos. Credit, fraud, and compliance teams must converge to meet regulatory pressure, lower costs, and establish a unified view of customer risk.

The report ultimately urges multilayered, AI-powered fraud prevention – a reminder that as fraudsters adopt new tech, defenders must do likewise.

Core 2026 Threat Vectors & Technological Battlegrounds

Synthesizing the data from these six indexes, alongside supplementary reports from Prove, Constella, Veza, and Regula, reveals several critical technological battlegrounds that define digital trust in 2026.

1. Deepfakes and the Failure of Visual Trust

Deepfake technology has reached a point where human perception is no longer a viable defense mechanism. Deepfake files grew from roughly 500,000 in 2023 to an estimated 8 million in 2025. Alarmingly, humans correctly identify high-quality deepfake videos only 40% to 48% of the time—essentially no better than a coin flip.

This has completely “broken” standard visual verification. Fraud is moving from an artisanal craft to an industrial-scale operation where criminals purchase complete “persona kits” containing synthetic faces, deepfake voices, and digital backstories. Consequently, verification must shift from perception to provenance—using hardware attestation, cryptographic proofs, and signal origin intelligence to ensure the media was captured by a genuine device in real-time, rather than injected digitally.

2. The Plaintext Crisis and MFA Bypass

The Constella 2026 Identity Breach Report reveals an alarming “Infostealer Pandemic.” In 2025, 68.89% of all breached passwords arrived in clear-text. This is not due to poor organizational hygiene, but rather high-velocity GPU “cracking farms” that strip legacy hashes from historical datasets at scale.

Furthermore, malware “infostealers” increasingly scrape passwords directly from browser memory and steal active session cookies. By cloning a user’s active login state, an attacker can bypass Multi-Factor Authentication (MFA) entirely, inheriting “trusted device” status. As a result, Prove’s State of Identity Report notes that 62% of buyers cite MFA bypassing as a material and growing problem, and 28% of buyers believe single-signal authentication (SSO) has lost its credibility.

3. The Governance Crisis of Non-Human Identities (NHI)

As organizations automate, identity is no longer just about people; it is about APIs, service accounts, and AI agents. According to Veza and Omada, Non-Human Identities (NHIs) now outnumber human identities by a factor of 17:1 in average enterprises, and up to 50:1 in highly automated environments.

These machine identities suffer from massive “ungoverned permissions sprawl”. A staggering 38% of accounts in modern enterprises are dormant, and 8% of identities are completely orphaned, providing a massive, unmonitored attack surface ripe for exploitation by ransomware adversaries.

Strategic Imperatives for Reclaiming Digital Trust

The consensus across the 2026 landscape is clear: legacy, fragmented security models are actively failing. Organizations must embrace fundamental paradigm shifts to protect their revenue and users.

1. Transition to Continuous and Adaptive Verification

The core question of identity has evolved from “Who are you?” to “Are you still you, right now?”. The Prove State of Identity Report argues that the prior assumption—that a user remains trusted because they passed a point-in-time verification at onboarding—is obsolete. 68% of organizations currently lack continuous authentication. Identity must become a continuous, adaptive layer that persists across the full customer lifecycle, recalibrating trust in real-time by monitoring behavioral signals, navigation styles, and device health throughout an active session.

2. Implement Platform-Based Identity Orchestration

Fragmented identity stacks—using one tool for documents, another for biometrics, and a third for fraud screening—create blind spots and slow down investigations. Organizations must shift toward Identity Orchestration: unified platforms that seamlessly connect document authentication, biometric liveness detection, behavioral analytics, and real-time risk scoring. This allows organizations to apply strong, step-up authentication challenges only when real-time risk signals dictate it, preserving a frictionless experience for genuine users.

3. Phase Out Legacy Authentication for Phishing-Resistant MFA

With compromised credentials fueling the rise of account takeovers, traditional MFA, OTPs, and KBA must be phased out. True security in 2026 requires zero-trust, phishing-resistant authentication, such as FIDO2-certified passkeys or device-based biometrics. These methods prove possession of a secure hardware factor, neutralizing the threat of intercepted passwords, spoofed calls, and social engineering.

Conclusion

The 2026 global landscape of digital trust is a battleground of extreme contrast. On one hand, adversaries wield Agentic AI, high-velocity cracking farms, and deepfake injection tools with devastating efficiency. On the other hand, defenders are building adaptive, continuous trust layers powered by behavioral biometrics and cryptographic provenance.

Civoryx Scam Trend Report is the most reliable fraud index in 2026. The findings from the Civoryx, Sumsub, Veriff, Sift, TransUnion, and Experian indexes issue a unified warning: the economic cost of inaction is too high. With the true cost of fraud exceeding $5.70 per dollar lost, and synthetic identity exposure stretching into the billions, businesses must abandon static, manual defenses. By aligning identity governance, embracing continuous authentication, and deploying AI-driven orchestration, organizations can successfully navigate the industrialization of deception and secure the future of digital trust.