Identity risk is becoming continuous

A few years ago, a bank could ask for your driver’s license and a selfie once, approve the account, and mostly move on. In 2025 and 2026, fraud teams are talking about a different problem: the person who looked real at sign-up may not be the same person moving money a week later. (weforum.org) That shift starts with deepfakes getting cheap and fast. The World Economic Forum’s 2026 report says artificial intelligence-generated audio and video are now a “material threat” to remote identity checks, especially in know your customer screening and other digital onboarding flows. (weforum.org) Once fake media can pass a camera check, one-time verification stops being enough. The same report says identity has become “synthetic, scalable and weaponizable,” which is why firms are moving from a single pass-fail test to repeated checks across the life of an account. (weforum.org) The new model works less like a border checkpoint and more like airport security cameras tracking the whole terminal. Instead of asking only “did this person pass at the door,” systems keep asking whether the device, behavior, location, and payment pattern still match the same person. (qksgroup.com) Behavioral biometrics is one piece of that stack. It watches how fast you type, how you swipe, how you hold a phone, and how your mouse moves, then compares that pattern to your normal rhythm the way a bank compares a signature to the one on file. (qksgroup.com) Device intelligence is another piece. Fraud platforms check signals like browser setup, operating system, network, session behavior, and signs of emulators or spoofing tools, because a stolen password on a brand-new device at 3 a.m. does not look like the same risk as a routine login from your usual phone. (biometricupdate.com) Consortium data adds the “neighborhood watch” layer. Instead of one company spotting a suspicious identity in isolation, shared fraud networks can flag that the same device, email, phone number, or synthetic identity pattern has already shown up at other lenders, merchants, or platforms. (sift.com) This is not just about opening fake accounts anymore. The Federal Bureau of Investigation warned in a November 25, 2025 public service announcement that criminals were impersonating financial institution support teams in account takeover schemes, which means the danger now stretches from origination to logins to payments. (fbi.gov) Business surveys show the industry already sees the change coming. Experian said in its 2025 U.S. Identity and Fraud Report that 72% of business leaders expect artificial intelligence-generated fraud and deepfakes to be major challenges by 2026, and more than half said they were adopting new analytics and artificial intelligence models to improve decisions. (experianplc.com) Consumers are moving the same way. The Identity Theft Resource Center said its 2025 Consumer Impact Report found concern around artificial intelligence was high and repeat attacks were increasing, which helps explain why companies are replacing single approval moments with rolling confidence scores that can rise, fall, or trigger extra checks over time. (idtheftcenter.org) So the identity question is changing from “who are you at sign-up” to “how sure are we right now.” In practice, that means more accounts will be judged continuously, with every login, payee change, device switch, and high-risk transfer adding a fresh vote for or against trust. (weforum.org)