More than two thirds of users familiar with passkeys turn to them for simpler, safer sign-ins as password pain persists.

With digital security more critical than ever, the FIDO Alliance is commemorating World Passkey Day 2025 with the release of an independent study of consumers across the U.S., U.K., China, South Korea, and Japan to understand how passkey usage and consumer attitudes towards authentication have evolved.

The research found that in the last year, over 35% of people had at least one of their accounts compromised due to password vulnerabilities. In addition, 47% of consumers will abandon purchases if they have forgotten their password for that particular account. This is significant for passkey adoption, as 54% of people familiar with passkeys consider them to be more convenient than passwords, and 53% believe they offer greater security.

World Passkey Day serves as the FIDO Alliance’s annual call to action for individuals and organizations to adopt passkey sign-ins, making the web safer and more accessible.

Highlights from the research show consumer passkey awareness is on the rise and outlines several key trends in adoption among those who are aware of passkeys, including:

• 74% of consumers are aware of passkeys.
• 69% of consumers have enabled passkeys on at least one of their accounts.
• Among those who have used passkeys, 38% report enabling them whenever possible.
• More than half of consumers believe passkeys are both more secure (53%) and more convenient (54%) than passwords.

The survey report is available at the link here, which includes additional insights on how passkey adoption is trending with consumers and organizations to improve global digital access, authentication, and security.

“The establishment and growth of World Passkey Day reflects the fact that organizations of all shapes and sizes are taking action upon the imperative to move away from relying on passwords and other legacy authentication methods that have led to decades of data breaches, account takeovers and user frustration, which imperil the very foundations of our connected society,” said Andrew Shikiar, Executive Director and CEO of the FIDO Alliance. “We’re thrilled by the fact that over 100 organizations around the world signed our Passkey Pledge, and we are pleased to support the market in their march towards passkeys through a variety of freely available assets, including our market-leading Passkey Central resource center.”

To further encourage organizations to embrace the shift away toward passkeys, the FIDO Alliance also launched the Passkey Pledge, a voluntary pledge for online service providers and authentication product and service vendors committed to embracing passkeys. The passkey pledge has received commitments from over 100 organizations in just over 20 days.

The availability of passkeys has steadily increased with implementation reaching 48% of the world’s top 100 websites as enterprises and service providers collectively seek to embrace a new era of faster sign-ins, higher success rates, fewer account takeovers, lower support costs, and reduced cart abandonment.

The post FIDO Alliance champions widespread passkey adoption on World Passkey Day 2025 first appeared on Identity Week.

All state agencies determining eligibility for the Supplemental Nutrition Assistance Program must adhere to President Trump’s Executive Order to maximise identity verification and protect taxpayer benefits for those eligible.

The direction was instructed by U.S. Secretary of Agriculture Brooke L. Rollins, reflecting Trump’s position on protecting American taxpayers and “no longer subsidising illegal aliens” as he put it, who are ineligible to claim benefits. Secretary Rollins said identity verification practices would play a critical role in verifying immigration status of SNAP applicants and ensuring the nutrition programmes go towards helping the “most vulnerable Americans”. 

In February, USDA-FNS authorities reviewed the administration of SNAP benefits adjusting in line with Executive Order 14128. A recent report found a staggering $10.5 billion improper payments were made in 2023 alone. 12% of total SNAP payments were ineligible, attributed to the inadequate verification of an applicant’s citizenship and identity by states whose job it is to check. 

The guidance passed down to states requires them to now acquire reliable state–approved identity documents and measures to combat fraud of Social Security Numbers and the Department of Homeland Security’s Systematic Alien Verification for Entitlements (SAVE) system. The programme available to states for free should encourage its proper use and make it easier to verify immigration status. 

“Administration will uphold the rule of law, defend against the waste of hard-earned taxpayer resources, and protect benefits for American citizens in need, including individuals with disabilities and veterans” the order stated on February 15, 2025. 

To protect American identity and immigration status, states are encouraged to mandate verification of all applicants’ claims to United States citizenship, or adopt the State’s Identity Authentication Option that uses multiple choice authentication questions.

The post Trump orders states to verify IDs to block ineligible immigrants from SNAP first appeared on Identity Week.

A Financial Times journalist has revealed he is the target of a widespread deepfake scam on Facebook and Instagram, raising fresh concerns about Meta’s ability to police fraudulent content on its platforms.

The journalist discovered a manipulated “avatar” — a digital likeness resembling him — being used in advertisements to promote a fake investment group. Despite repeated efforts by both himself and Financial Times colleagues to have the fraudulent material removed, new versions continue to surface.

Initially alerted to the scam on March 11, the journalist found that Meta, the parent company of Facebook and Instagram, had been profiting from the advertisements promoting the fraudulent scheme. While Meta removed the original ads following complaints, further investigations revealed that the problem was far more extensive than initially thought.

Analysis of Meta’s Ad Library found that at least three different deepfake videos and numerous Photoshopped images had been used across more than 1,700 adverts, reaching over 970,000 users in the EU alone. Experts believe the actual reach could be significantly higher, particularly in the UK.

The scam operated through at least ten fake accounts, with new accounts appearing to replace those banned.

Meta insists it is working to combat fraud, employing AI tools and facial recognition technologies. A Meta spokesperson said it is against their policies to “impersonate public figures” and confirmed the “removal of reported ads and accounts”. Meta cited the persistence and evolving tactics of scammers as a major challenge.

Despite these assurances, the journalist expressed skepticism about Meta’s efforts, questioning why a company with such vast resources cannot prevent known scams from resurfacing. UK government officials pointed to regulations under the Online Safety Act and Meta’s own ad policies that prohibit misleading or deceptive promotions.

The post Deepfake scam targets FT journalist as Meta struggles to tackle fraudulent ads first appeared on Identity Week.

A massive cyberattack affects M&S’ digital operations as one analyst speaking to the BBC says it will create a “bruise” to their reputation. As one of the most recognisable brands on the high-street, capitalising on online demand is a big earner for the business and the direction consumer buyer behaviour is heading. This apparent security breach, following other IT outages for Barclays and Lloyds, could compromise trust and data safety concerning M&S’ payments and digital systems.

The CEO announced the big retailer was investigating why systems were down and stressed the problems would only be temporary as they work towards fixing a solution. This does mean thousands of refunds will be issued after pausing online orders in UK & Ireland on Friday. Click-and-collect orders and contactless payments were halted with customers reporting the issues, however, M&S says payments are now resumed.

The disruption in the last week has had a knock-on effect on 200 shifts being cancelled for workers. A real fear for retailers in the digital age has come true, as whilst digital operations are down, M&S cannot capitalise on its online sales nor purchases made in-store via contactless payments.

M&S stands to lose out with critics and customers also watching to see how quickly they can recover from this attack.

As recent incidents show, cyber attacks are extremely common with the sophisticated techniques available to attackers, and businesses and individuals are tackling the problem.

M&S brand’s image is very respected, and customers will expect complete trust and privacy over their data despite this incident.

Kate Hardcastle, consumer specialist at Insight with Passion, commented to the BBC that M&S has responded quickly and been transparent from the onset of these troubles, which should mitigate any long-term damage to their image. A third of its clothing and household item sales are generated from e-commerce. On Tuesday, M&S admitted they were tackling a “major” cyber incident. Some customers have protested that communication was still too slow.

They reported the incident themselves to the Information Commissioner’s Office and the National Cyber Security Centre (NCSC), who will “assess the information provided”.

A statement by M&S read: “We have made the proactive decision to move some of our processes offline to protect our colleagues, partners, suppliers and our business”.

The post M&S open up to troubles with digital operations after massive cyberattack first appeared on Identity Week.

Entry/Exit System fingerprint registration 

EES will intensify strict rules for travelling to Europe from October. With the amount of time taken to implement the system, Brussels has agreed to a phased rollout instead of the “big bang” launch planned in November 2022. The rollout will still be conducted in a “progressive” manner whilst in a 6 month transition period, as UK travellers without EU passports will have to register their fingerprints or have pictures taken on arrival in the bloc. The scheme will replace passport stamps in an era of more digitally enabled crime.

The scheme was agreed by an EU committee this week.

Europe wants to reap the benefits now after implementing such critical IT infrastructure proved to be a mighty and untenable task due to challenges with contractors and interoperability. Some members states were not prepared and fell to the back of the “class”, according to Assita Kanko, the Belgian conservative MEP.

Addressing stakeholders at Identity Week Europe in 2023, Claudio Kavrecic of Frontex said at the time additional training was needed for border guards and physical infrastructure needed supervision to facilitate safe and secure border crossing.

The timeline of EU information systems starts with the delayed Entry/Exit System, expected in October 2025, and then ETIAS, the equivalent of ETA.

Fraud warnings of ETIAS

Travellers are being reminded about the order of which border management systems will launch through 2025/2026 amid warnings of imitation websites emerging advertising early access to ETIAS when the system won’t even go live until late 2026. 

The hold-up of EU travel rules has emboldened fraudsters to pry on the confusion of travellers. The EU has outlined all advancing travel border management programmes, however, the ETIAS can not be started until the delivery date of the Entry/Exit System, which mandates facial and fingerprint recognition scans.

ETIAS clearance will be required for British travellers arriving into EU countries. 

Part of confusion has to be blamed on constant delays of the roadmaps to implement these systems.

The post EES will intensify travel rules from October, whilst impact on ETIAS delay prompts fraud warnings first appeared on Identity Week.

Millions of Dutch people are prone to falling for the most common fraud attacks because they re-use the same PIN codes for mobile banking and payment transactions. The convenience of setting the same password – known as ‘shoulder surfing’ – is compromising security, leading to a higher chance of scams, ABN AMRO Bank has warned. In this age of digital payments made via wallets, passkeys have emerged as an alternative solution to passwords across the ecosystem. 

ABN AMRO, who will be participating at Identity Week Europe, on 17-18 June, suggested that lots of users are still complacent with their online safety and using memorable personal information time again for convenience, with only a third of respondents using unique codes to access their various mobile banking apps. Over four in ten survey participants admitted they never refresh their passwords and 41% sometimes allow others to watch on as they key in their PIN codes.

The findings suggest how many of the bank’s 5 million retail customers and 365,000 commercial clients could potentially exhibit bad online safety practices. Only 30% use unique PIN codes to access various mobile banking apps.

Marco Hendriks, Fraud Expert at ABN AMRO highlighted concerns about scammers “looking over a customer’s shoulder at the right moment” when they use their physical card or smartphone. Quickly they can have “access to everything”, from your banking app to your DigiD. 

“If alongside the victim’s PIN or access code, the scammer also steals their telephone or debit card, they can do practically anything: from transferring money to their own account to making purchases in someone else’s name”. Despite awareness of fraud at an all-time high, amid the onset of AI, not enough people are changing their passwords regularly. “Most people choose convenience over security,” says AMRO. 

Memorable personal data such as a birthday or wedding anniversary should never be used for a strong password.

The post Millions of Dutch people are susceptible to fraud because they re-use PIN codes first appeared on Identity Week.

Hours after the current contract for Common Vulnerabilities and Exposures program expired, the loss to cybersecurity experts everywhere seems to be too great, forcing a U-turn.

The cybersecurity mission was encapsulated in MITRE’s programme designed to coordinate disclosure of public vulnerabilities within systems. Yesterday, the “uncertain future” for the programme was made public and whether its contract with the U.S. Department of Homeland Security would be renewed, impressing the end of a cybersecurity working group. It was nearly a loss before the decision was reversed mere hours after – the collaboration of the cybersecurity world will continue as usual for the next 11 months, as the DOGE realises the impact of losing an important scheme to combat cybersecurity exploits.

Common Weakness Enumeration programmes have become pertinent to those in the industry fielding off evolving attacks, and enabling fast alerts to threats outside of vendors and businesses’ cybersecurity strategies. Security researchers, vendors, and IT teams can communicate in the current forum, identifying the modern tools from vulnerability scanners to patch management systems. Modern systems and workflows depend on CVE data.

DHS managed and funded CVE and CWE programs.

Forbes quoted Jason Soroko, Senior Fellow at Sectigo stating, “a service break would likely degrade national vulnerability databases and advisories”. Now it seems appreciation of cooperative programmes on cybersecurity has flipped the decision. 

Update Apr. 16 at 10:55am EDT

The new CVE Foundation is announced. Trump’s government has chosen to reinstate the funding for the global directory of security vulnerabilities for everyone’s benefit after the cost-cutting exercise. 

The U.S. Cybersecurity and Infrastructure Security Agency said it had extended the contract with MITRE for 11 months, as the CVE Program is “invaluable to the cyber community and a priority of CISA”, rather than going ahead with an 11th hour flawed decision. 

Experts say the CVE program disruption has highlighted the issues with relying on a single source of funding.

The post CVE program cut decision reversed first appeared on Identity Week.

By ID Talk, the podcast from ID Tech.

In the latest episode of the ID Talk podcast, Montaser Awal, IDnow’s Director of Research, outlined the company’s participation in Europe’s ACHILLES Project, emphasising efforts to develop transparent and ethical artificial intelligence (AI) solutions to address the rising threat of digital fraud, particularly deepfake technology.

Awal explains that ACHILLES, a European consortium of 16 partners, aims to create AI systems that are not only efficient but also fair, unbiased, and privacy-conscious. The ACHILLES Project focuses on optimizing AI training methodologies by prioritizing data quality over data quantity, aiming to produce models that require less energy, provide greater transparency, and reduce biases that are often found in facial verification technologies.

“The main idea behind Achilles is to rethink AI algorithms and methodologies, making them more trustworthy, transparent, and aligned with ethical and legal frameworks,” said Awal. He further emphasised that addressing biases and improving deepfake detection were critical aspects of the consortium’s objectives.

IDnow contributes its expertise by testing AI algorithms developed under ACHILLES in real-world identity verification scenarios, enabling the consortium to refine technologies for practical applications. Awal described IDnow’s broader approach as “fighting fire with fire,” leveraging advanced AI technologies to proactively combat sophisticated fraud attempts that also increasingly rely on AI.

To hear more insights from Montaser Awal on IDnow’s innovative approach to ethical AI, data privacy, and fraud prevention, listen to the full episode of ID Talk via their website, or wherever you get your podcasts.

The post IDnow’s Montaser Awal explains ACHILLES mission to combat deepfakes with ethical AI first appeared on Identity Week.

Identity verification will manage who is setting up and running companies listed on Companies House. 

Becoming legislation later this year, owners will need to comply with identity verification to incorporate their companies in the public registry, which currently lists 5.35 million active businesses.

A transition period of 12 months after the legal requirement is passed will allow more than 6 million individuals to get up to speed. Meanwhile, burdens are reduced on companies during a voluntary period to uptake identity protections now. 

Their identities will need to be verified directly with Companies House through GOV.UK One Login or via an independent Authorised Corporate Service Provider.

The introduction of identity verification will create a key change in company law, ensuring the incorporation of companies is conducted properly to improve the quality of their data and tackle misuse of the companies register, Companies House CEO Louise Smyth CBE said.

The UK company law will change under the Economic Crime and Corporate Transparency Act, empowering Companies House to help “disrupt economic crime and support economic growth”.

Directors are encouraged to save time later on by completing verification processes during the voluntary window. The mandatory burden will be implemented in Autumn 2025.

Minister for Employment Rights, Competition and Markets Justin Madders MP said: “In a time where economic crime has become too common, it is imperative that we bring in measures to prevent identities being stolen online and today marks a significant milestone in our plans to require identity verification for those setting up and running companies on the Companies House register later this year”.

The identity protections will create assurances of UK businesses and lenders and protect the UK economy from fraud and financial crime.

The post Company House to enforce ID verification first appeared on Identity Week.

With more “false positive” cyber attacks attributed to inaccuracies of cybersecurity software, Lloyds has patented its own AI advanced algorithm to spot genuine threats. 

The Global Correlation Engine (GCE), developed by Lloyds Banking Group, addresses high quality cybersecurity across many businesses to protect customers. Sometimes vendor solutions can disappoint in being able to detect accurate fraud in real-time. 

The GCE is refined cybersecurity software, designed to identify and alert businesses to potential attacks with precision. This means that alerts are not misidentified as being malicious – known as ‘false positives’. Lloyds is working to boost the AI capabilities in the GCE further, leveraging multiple layers of algorithms.

Since Lloyds Banking implemented the GCE, investigations of false positives have significantly reduced, whilst minimising the risk of missing genuine attacks. 

The solution has been awarded a patent in the UK and US, issued by the Intellectual Property Office for a new methodology, which uses intelligent algorithms to analyse cybersecurity alerts and determine which alerts could be genuine threats. Across the Group, more emphasis can be placed on resources to investigate and tackle genuine cyber threats.

The GCE works by storing and analysing alerts from across different cybersecurity technologies to identify common attributes, trends and potential connections between different alerts. 

By cross-referencing this information against the components and common signs of a cyber-attack, the GCE accurately assesses and identifies cyber threats with a dynamic approach, identifying both immediate and longer-term threats with a high degree of accuracy.

The technology and new patented applications have the potential beyond traditional cyber-attacks to combat e-crime, supply chain fraud, cyber-enabled fraud and more.

Matt Rowe, Chief Security Officer at Lloyds Banking Group, said: “Our Global Correlation Engine is an exciting innovation that will allow us to identify genuine threats more quickly and efficiently, ensuring customers are protected. We’re working to develop the Engine further, using artificial intelligence to supercharge its capabilities. This innovation, developed by our world-class cyber experts, demonstrates our commitment to advancing cybersecurity and protecting our customers with cutting-edge technology.”

The post Lloyds Banking Group secures patent for cybersecurity innovation first appeared on Identity Week.

IAI and IXLA are now sister companies under the HID umbrella. After the latest acquisition of IXLA, we addressed the benefits of this new arrangement strengthening a broader range of complementary solutions that are tailored to specific customer requirements.

IAI and IXLA will showcase their products in the Identity Week Europe exhibition this coming June as Silver Sponsors, alongside their parent company, HID, a Gold Sponsor. 

Both companies specialise in the development and delivery of security document personalisation solutions. Joining forces under HID, we spoke to Marcus Keel, Product Manager at IAI Industrial Systems and Ferdinando Filippone, Head of Operations at IXLA, hearing their future plans for working together and their respective roadmaps. 

With a long standing in the identity market, Keel explained: “We are expanding our product portfolio and thereby offering an even more end-to-end solution to our customers, and we unite the expertise in both decentralized and centralized personalization solutions. This partnership enables us to extend our reach and better address the evolving needs of all our customers. With a global presence, strategic partnerships and key references”.

IAI has launched a new product line ProductionMaster where they developed tools from a centralized management perspective to configure with multiple machines. They have developed a range of new functionalities across the BookMaster & CardMaster machine platforms, whilst IXLA has advanced their offerings by bringing to market enhanced combined colour solutions through the innovative products of XPrint & BOX. 

IXLA specialises in the design, development, and implementation of advanced laser and colour personalisation systems, combining laser and inkjet personalization systems.

To hear more about IAI or IXLA new machines or if you wish to discuss your project needs, please feel free to reach out and book an appointment with Professional & Innovative Teams at Identity Week from 17-18 June 2025. Come and visit their combined stand during the event.

The post IAI and IXLA now sister companies under HID umbrella: INTERVIEW first appeared on Identity Week.

Deepseek, hailed as a disruptor AI model by its creators, has now received some criticism for welcoming public access to its databases and control over its operations, including with the ability to assess internal data. The data exposed includes chat history, backend data and secret keys.

The AI model, which undercut costs to create competitor technologies, suffers from critical security issues which can put users at risk, according to data from Wiz and SecurityScorecard. Wiz discovered two open ports in the ClickHouse database without authentication in place to protect sensitive logs, chat messages and passwords. This exposes the rapid growth of AI services globally whilst compromising on security. The inherent cyber risks of AI applications can directly link to underdeveloped infrastructure and tools. AI innovation for many countries is focused on increasing competitive AI hubs with more start-ups, however, customer data must always remain a priority. 

Emma Zaballos, Security Researcher at CyCognito says DeepSeek AI has a “dangerous combination of exposed databases, weak encryption, AI jailbreak susceptibility, and SQL injection risks”. According to SecurityScorecard, DeepSeek-R1 failed 91% of security tests for AI jailbreak attempts and 86% for prompt injection attacks, indicating that adversaries can easily manipulate responses.

DeepSeek’s infrastructure is accused of transmitting a broad scope of data to Chinese entities. 

The post Deepseek AI R1 raises concerns over security vulnerabilities first appeared on Identity Week.

Americans have expressed concern about their data falling into the wrong hands of scammers, allowing them to orchestrate false tax affairs. Identity theft can enable fraudsters to apply for their financial assets in refunds from a tax return. The scenario relates to almost two-thirds of Americans (64%), a survey by Allstate Identity Protection reveals. The company affords their customers identity protections however the majority of people may be overlooking how they can safeguard their own data to take back control over fraud.

When it comes to a tax return request, fraudsters are pocketing the money first to the horror of genuine Americans. Personal information can be stolen for example a social security number that can be misused in many contexts. 40% of cases where Allstate restored identity protection were reported during the tax season.

Tax season is particularly susceptible to fraud, as well as across sectors like insurance, loans or government; vendors are developing holistic solutions for all verticals which are frequently affected by fraud. With refunds on the line, companies can “help people take control before fraud happens” and prevent years of delays for reimbursements, said Caroline Slane, Senior Vice President of Business Operations at Allstate Identity Protection.

Two-thirds (66%) of Americans say they would pay for identity monitoring services to protect their tax refund from fraud. Installing identity protection technology also saves face for tax companies saving up to $1 million in pay-outs to reimburse customers.

Growing concern around tax fraud is higher than previous years from 445 of customers and with one in five Americans admitting they worry about falling victim this year due to a rise in AI fraud and IRS delays and staffing shortages.

Despite this, one in three Americans (33%) admit they have done nothing to protect themselves from tax-related identity theft.

“The best way to stay safe is to file early, use an IRS Identity Protection PIN and stay alert. Taking proactive steps now can safeguard your personal information and ensure your tax refund stays in the right hands,” Slane said.

The post Americans express concern about their personal data in tax fraud first appeared on Identity Week.

A cohort of banks, tech and telecoms companies are embracing real-time fraud data. The data insights can analyse how fraudsters have behaved or interacted online, show suspicious URLs or transactions. As attackers’ methods multiply, this demonstrates the adverse fraud landscape which needs to be confronted by the government taking stronger leadership.

The Financial Times first reported that notable banks including Barclays, Lloyds, HSBC, Santander and Monzo signed the statement of cooperation as did Amazon, Google, Meta and telecoms operators, BT and Three.

The data sharing initiative will enter into force with a concerted effort of all the companies in the agreement. In contrast, in 2023 when a two-month trial period commenced, there was “negligible” data shared by the parties. Since then there has been the introduction of an automated system to transfer thousands of data points between the sectors.

The detection of scams is far more advanced with the cross-industry system than employing bank monitoring systems to reach scale. 

The post Businesses and real-time data sharing to tackle fraud first appeared on Identity Week.

The digital verification system at the “heart of national security” and private and public sectors in South Africa has received a significant revamp, the South African government Department of Home Affairs announced. Investing in a “comprehensive” system upgrade refines faster ID verification processes and showcases what is possible for businesses in the financial sector with verifying identities using biometric solutions like fingerprints and facial recognition against the National Population Register. 

A range of governmental departments have onboarded the system protecting their public services, but in recent years its performance has been plagued by streamlining issues and inefficiencies causing up to 50% false positive matches. It is clear the current level upgrade needs to be reviewed by the government to mitigate 24 hour delays in the system responding. When responses are received, they are often littered with errors and require slower manual verification instead. 

Testing yesterday revealed the failure rate had been mitigated to below 1% enabling faster and accurate detection. The Department of Home Affairs said they were ready to roll out the “upgraded verification service to all our valued clients across the public and private sectors” to markedly enhance service delivery. There are many reasons why a client may need to verify their identity to open a bank account, access benefits or obtain a grant, for instance. 

The upgrade, completed for the first time since the system launched, is also “immensely important” to growing the private economy and ensuring banks, financial services, and insurance companies are empowered to offer the best-in-class verification. 

The home affairs department is the custodian of identity, civil status and migration of citizens and its digital verification system provides a link between a service provider and the DHA’s national population register.

The Ministers of Home Affairs and Finance outlined new maintenance fees for private companies using the vastly more capable verification service, which will increase for the first time in over a decade from 1 April 2025. Government users will remain exempt from contributing to the service costs as the balance to invest in the National Population Register will not negatively affect public finances.

Minister Schreiber concluded: “This investment in our population register is not only overdue, but also important for delivering on the vision for digital ID, as outlined by President Cyril Ramaphosa during the State of the Nation Address, as a secure and efficient population register forms the cornerstone of digital ID. The launch of the reformed verification system is further proof of the progress that Home Affairs is making on our journey of digital transformation to deliver dignity for all.”  

The post South Africa: Digital verification system at the “heart of national security” and growing private economy first appeared on Identity Week.

Enterprises today can face the unique security challenge of stolen, sometimes historical, identity data from various sources – through breaches, malware and phishing attacks – being linked to corporate users’ identities. The 2025 SpyCloud Annual Identity Exposure Report exposed how identity exploitation is being reinvented through data availability. And numerous tools enable hackers to tap historical and new data to uncover active enterprise access points.

For businesses, a single corporate user now has an average of 146 stolen records linked to their identity – across 13 unique emails and 141 credential pairs per corporate user.

Account takeover attacks on a single deposit of data are outdated as cybercriminals expand their tactics to multiple data sources. With organisational systems often adept at fighting only some security threats, the full scope of identity exposures can be overwhelming and above their technical capability. 

Darknet data grew 22% in the past year, reported by SpyCloud. The saturation of 750+ billion stolen assets to 53.3 billion genuine identities explains how this identity-based cybercrime is perpetuating, and provides the difficult task of stopping fraudsters weaponizing real identity credentials. Some enterprises may have implemented excessive permissions, and lack identity governance with risk and operational insights. 

These assets being tampered are a vast array of personal and professional credentials, session cookies, personally identifiable information (PII), financial data, IP addresses, national IDs and more that criminals are weaponizing in attacks against individuals and businesses. 

“The cybersecurity industry has spent years defending against traditional credential-based threats, but the reality is that attackers have advanced as the data they have access to has exploded in volume,” said Damon Fleury, Chief Product Officer, SpyCloud. 

“Identity is the ultimate frontier of cyber risk, with users’ exposure across past and present, personal and professional identities the new attack surface. It requires organizations to rethink the risks posed by employees, consumers, partners and suppliers.” Fleury continues. 

The report shows that an individual’s identity exposure is more expansive than traditional cyber risk tools would indicate. It’s a “sprawling web of interrelated assets that provide cybercriminals with a roadmap to exploit vulnerabilities and the keys to unlock valuable access”.

A staggering 17.3 billion cookies were retrieved from malware-infected devices, allowing attackers to bypass multi-factor authentication (MFA) and hijack active user accounts. Additionally, 548 million credentials were stolen using infostealer malware, underscoring the rise of covert and targeted data theft in enterprise cyberattacks. 

44.8 billion personal identifiable information assets – a 39% increase from 2023 –  are enabling fraudulent activities.

The post Fraudsters steal data from multiple sources now to exploit enterprises, study shows first appeared on Identity Week.

Deepfake frauds are multiplying victims across financial services. Victims of this scam variant are being persuaded to transfer funds from company accounts after receiving fake communications from scammers posing as executives.

In response, Singapore authorities have issued a joint advisory.

The Singapore Police Force, Monetary Authority of Singapore and Cyber Security Agency of Singapore have warned members of the public to be aware of the threats of AI. Scammers may send unsolicited WhatsApp messages inviting victims to join a live-streamed conference call with top executives, MAS officials or potential “investors”.

Funds are transferred from corporate accounts to designated bank accounts opened by the scammer. Often the scam would be reinforced by a second scammer charading as a legal counsel who sends legal documents to the victim’s email address, before “ghosting” them. 

The post Finance executives impersonated by deepfakes first appeared on Identity Week.

Celebrity deepfakes, impacting millions, have significantly influenced society.

Meanwhile, Sony Music has admitted battling AI’s intrusion into the industry, which reshapes record production and marketing for top stars but compromises authenticity and control over their image.

75,000 imitations of stars like Harry Styles were removed from the web manually by Sony – the third largest record label which will be associated with the negative light of singers targeted by these deepfakes.

The figure of ‘deepfaked’ stars in the public eye was submitted to a UK government inquiry on copyright rules which exposed the damage to the industry from AI. Sony says the search net of AI images appearing across the web is infinite and difficult to scour manually. Only a “fraction” are identified with multiple deepfakes of stars enabled by the accessibility to software. 

The consequences can be extremely damaging to music and artist integrity and result in frauds, negative influencing and harmful advertising, which burdens the commercial opportunity for Sony. AI software is freely available now for fraudsters to dupe many victims into believing a false AI image. 

AI-generated recordings in music streaming services are a major concern to “direct commercial harm to legitimate recording artists, including UK artists”.

UK copyright law must be robust to challenge fraudsters using AI software and protect artist’s integrity. Sony’s case is particularly striking as many of their signed artists have been subject to “digital replicas”, including Harry Styles, Queen and Beyonce.

The UK government wants to drive AI innovation for economic value and accelerate a lot of new AI businesses on British soil, whilst preventing exploitation with AI.

AI business founders will be enabled to scale and train AI models for free for commercial purposes.

However, copyright owners in creative industries will want to defend their own work and specifically opt-out of an ecosystem of AI models. Unions of performing artists, film makers, actors and artists have opposed the proposals and a culture of having to defend that one’s work is AI-free. 

Sony said it was currently involved in “multiple negotiations” to license its intellectual property to AI companies. The proposals will allow AI developers to saturate creative fields without regulation and reduce a place for copyright and authenticity. 

The post Celebrity deepfakes flood music industry first appeared on Identity Week.

The Centre for Finance, Innovation and Technology has published its detailed plan for introducing Digital Company IDs to tackle economic crime and reduce fraud. This initiative is projected to save UK businesses billions annually by enhancing efficiency, security, and trust.

The Digital Company ID aims to reduce regulatory burdens for businesses, particularly SMEs, while saving financial institutions an estimated £1.7 billion annually in compliance costs. By enabling secure data sharing, the system is also expected to counter the growing £6.8 billion annual cost of fraud in the UK and disrupt fraud networks.

CFIT’s proposal stems from extensive research, data analysis, and consultation with industry leaders, regulators, and policymakers. The coalition has outlined seven key recommendations, including developing a prototype, creating interoperability standards, and appointing a lead authority for governance.

CFIT Chair Charlotte Crosswell OBE emphasized that fraud imposes unnecessary costs on businesses, stifles growth, and hampers the UK’s reputation. The new system, supported by cross-sector collaboration, aims to close gaps exploited by fraudsters and transform the business landscape in the UK.

The coalition calls for government, regulators, and financial institutions to adopt the necessary frameworks to make Digital Company ID a reality, securing its potential to bolster the economy while protecting businesses and consumers.

The post CFIT unveils digital company ID blueprint to combat fraud first appeared on Identity Week.

As regulators worldwide are cracking down on anti-money laundering requirements, businesses are adopting more AI solutions than traditional AML methods that lead to alert fatigue and false positives. 

Sumsub has developed a full-cycle verification platform that filters out inaccurate alerts, ensuring high-risk fraud cases can be detected and reducing the manual processes of compliance teams. The new suite analyses real-time data patterns and past automated decisions, allowing compliance teams to track fraud patterns. 

“Compliance teams face immense pressure to detect financial crime while managing an overwhelming number of alerts. Traditional AML screening can be like searching for a needle in a haystack – compliance teams spend countless hours sifting through false positives to find real risks. Our AI acts like a powerful magnet, helping to filter out irrelevant alerts and strengthen our solution,” explains Vyacheslav Zholudev, co-founder and CTO of Sumsub. 

“The AI-powered enhancements and streamlined case management enable compliance officers to focus on what truly matters – stopping real threats efficiently. By minimising false positives and automating reports generation, we’re not only empowering teams with intelligent case management, but also setting a new industry standard for AML compliance.” 

The one unified platform centralises investigation workflows, enabling seamless collaboration, task assignments, and real-time updates on transactions. 

Compliance teams can instantly generate Suspicious Activity Reports (SARs) or Suspicious Transaction Reports (STRs) based on flagged cases.

Assigning cases, leaving notes, and tracking updates within the case management system ensures compliance officers stay aligned, improving overall efficiency and response times.

Sumsub’s advanced tools ensure secure, compliant, and user-friendly Case Management and AML Screening for regulated businesses across fintech, crypto and other sectors.

The post Sumsub bolsters AI-driven AML compliance first appeared on Identity Week.