Identity verification and tackling fraud began as a face-to-face process, built on human trust. Opening a bank account involved meeting a banker in person and from there, trust was established because both parties could see and interact with each other directly in branch.

Fast forward to the digital age and a lot of services have moved online. Identity verification has therefore shifted from in-person checks to remote identity verification. Today, we’re in an era where identity is now central to every interaction we have online.

Fraud has followed the same trajectory. Much like a burglar would test every possible entry point rather than just the front door, fraudsters probe every stage of the customer journey. They look for weaknesses at onboarding, during login, and throughout ongoing transactions and data requests.

That challenge has intensified in recent years. AI has given fraudsters faster, sophisticated and scalable tools. Deepfakes can bypass checks, AI‑generated documents can appear real, and phishing and impersonation attacks can now be automated at scale.

Once a fraudster gains access to a legitimate account, the damage escalates quickly. Global losses from account takeover (ATO) fraud were projected to reach $17 billion in 2025, up from $13 billion in 2024. While the underlying intent of fraudsters seeking the weakest point of entry, the breadth, speed and sophistication of modern attacks have.

Identity Fraud Patterns Across the Customer Lifecycle

Fraud can occur at any stage of the customer journey. From verifying identity at onboarding to securing connections and fighting fraud in everyday transactions. Each stage introduces its own risks, and attackers adapt their tactics based on where value can be extracted most efficiently.

In 2025, patterns showed a clear distinction between industries targeted for new account fraud and those targeted for account takeover fraud. Businesses that offer immediate incentives such as promotional offers or sign-up bonuses are primarily targeted for new account fraud. In contrast, businesses where accounts accumulate long-term financial or data value face higher levels of ATO.

Industries built around sign-up incentives or instance access experience most fraud at onboarding. For instance, in crypto, 67% of fraud attempts occur during account creation, largely driven by sign-up incentives. Vehicle rental follows a similar pattern, with 67% of fraud taking place at onboarding as attackers use fake identities to gain short-term access to high-value assets. In these sectors, low-friction onboarding creates opportunities to harvest incentives or establish accounts that later become avenues for future money laundering.

Account takeover fraud reflects a different strategy. Rather than creating fake accounts, attackers focus on compromising established accounts using tactics such as stolen credentials, phishing, malware, or social engineering. Entrust data shows this is most common in industries where accounts hold enduring value. In payments, 82% of fraud attempts occur after onboarding, while in professional services the figure is 62%. High-value, long-standing accounts are attractive because they enable fund transfers, loans, and access to identity-rich data, making them more valuable than newly created accounts.

These patterns highlight two critical realities. First, organisations can no longer optimise for one type of risk at the expense of another. Defending a single point in the journey inevitably leaves gaps elsewhere. Second, fraud has become highly professionalised. Modern fraud operations are organised, strategic, and adaptive, moving toward the highest rewards and the weakest controls.

Prevention Must Span the Entire Journey

If fraud can occur at any stage, prevention must operate at every stage. Organisations that implement robust, lifecycle-wide identity strategies save an average of $8 million per year in fraud-related costs. These savings come from detecting threats earlier, more accurately, and beyond a single checkpoint.

There are three areas where that lifecycle approach needs to be strongest.

Get onboarding right

Onboarding is the first opportunity to establish genuine trust. Strong Know Your Customer (KYC) or Know Your Employee (KYE) processes combine document verification with biometric checks such as face recognition or fingerprint scanning to confirm that the person applying is who they claim to be. Liveness detection adds a further layer by distinguishing real users from synthetic identities and deepfakes, which are linked to approximately one in five biometric fraud attempts.

With strong identity verification at onboarding not only reduces immediate fraud, but also limits the downstream damage caused with fraudulent accounts.

Secure existing accounts with continuous authentication

Verifying identity once is no longer sufficient. Continuous authentication, combining multi-factor authentication with biometric re-verification like facial recognition, allows businesses to protect established accounts without creating unnecessary friction for legitimate users.

Crucially, it enables authentication requirements to adapt dynamically as risk levels change, rather than applying the same static check regardless of context. In payments businesses, where most fraud targets the authentication process itself, this adaptability is key to mitigating attacks before losses occur.

Monitor behaviour in real time, not just identity

Device intelligence and behavioural signals make it possible to assess risk based on how users interact with services, flagging unusual login patterns, device anomalies, or out-of-character transactions.

As AI-driven fraud becomes more sophisticated and convincing, behavioural indicators provide another layer of ongoing fraud detection. Focusing monitoring on high-risk actions, rather than only high-risk identities closes a critical gap in traditional defences.

The Window of Opportunity

Fraud has always followed the customer journey. What has changed is the availability of advanced technology capable of tracking, analysing, and responding to threats at every stage. The key question for organisations is whether these capabilities are deployed as a connected strategy or left as isolated controls with gaps in between.

Companies that treat identity as a continuous thread rather than a single checkpoint will be better positioned to reduce losses and protect customers, and preserve the trust that underpins long-term digital relationships.

Learn more at entrust.com and meet the team at IFGS in London on April 21