UK businesses are facing a significant rise in fraud, with 27% of those with employees reporting at least one incident in the 12 months before the Economic Crime Survey 2024. The figure, which underscores the scale of the problem, has accelerated investment in verification infrastructure across multiple sectors, according to the survey conducted by the UK government.
The true extent of the problem may be even greater. Only about a third of fraud victims reported incidents externally, with banks and building societies the most common recipients. The financial losses are stark: UK Finance reported that £1.17 billion was stolen in 2024 through unauthorised and authorised fraud. Authorised Push Payment (APP) fraud alone reached £257.5 million in the first half of 2025, a 12% increase year-on-year, with investment scams a major contributor. UK financial institutions lost over £300 million annually to synthetic identity fraud in 2024. Approximately 40% of fraud incidents were cyber-facilitated, with phishing a common method.
In response, firms across fintech, banking, and regulated digital services are moving well beyond basic document checks. The shift reflects both compliance pressure and a hard commercial reality: traditional identity verification is no longer sufficient.
Technology: layered verification stacks
Identity verification now relies on layered technology stacks. Know Your Customer (KYC) processes increasingly combine facial recognition, liveness detection, and AI-powered document analysis into a single onboarding flow. Rather than a one-time gate, platforms are extending behavioural biometric analysis across ongoing sessions, monitoring typing cadence, swipe patterns, and device behaviour to flag anomalies after login.
Device intelligence is becoming particularly relevant. This technology analyses device attributes, network data, and user behaviour to detect evasive actions, risky attributes, and devices with a history of fraud. It can identify when multiple accounts are accessed from a single device or when VPNs and emulators are used to mask location. At least 90% of fraud teams are said to plan adoption of persistent, privacy-compliant identification methods — including device intelligence and passwordless authentication — within the next 12 months. The pressure from privacy-first browsers and VPNs reducing tracking capability is pushing teams toward more sophisticated, consent-aligned tools.
The UK’s National Cyber Security Centre (NCSC) is actively recommending a move towards passwordless authentication methods, including passkeys, FIDO2 hardware keys, and biometric authentication, viewing them as the future of secure logins. This aligns with the broader trend of identity becoming the new security perimeter. To meet regulatory transparency needs and reduce false positives, the adoption of explainable AI in fraud detection is becoming increasingly important.
The rise of generative AI poses new challenges, with deepfakes potentially bypassing selfie liveness checks. Fraudsters are also using AI to fabricate synthetic identities and create sophisticated fake documents, contributing to synthetic identity fraud as a rapidly growing and costly type of financial crime.
Regulatory pressures
The regulatory backdrop reinforces the direction of travel. The Financial Conduct Authority (FCA), Money Laundering Regulations, and the UK’s Digital Identity and Attributes Trust Framework (DIATF) collectively push regulated firms toward continuous, evidence-based identity assurance rather than point-in-time checks. For fintechs managing high transaction volumes, automation is an operational necessity. The General Data Protection Regulation (GDPR) imposes strict guidelines on data protection, which are critical considerations for firms deploying advanced identity verification technologies.
Gambling sector and market growth
Online gambling is one of the regulated verticals with the most demanding identity requirements globally and in the UK. The UK Gambling Commission has implemented stricter rules requiring age and identity verification before any gambling activity can commence, moving away from allowing a grace period post-registration. The sector has consequently become an early adopter of biometric selfie checks, liveness detection, and AI-powered document analysis, and is one of the regulated environments actively driving demand for faster, more accurate verification pipelines. A range of UK-licensed online casinos now require these checks as standard onboarding steps.
The commercial opportunity is significant. The UK digital identity sector generated £2.1 billion in annual revenue in 2023/24, with identity- and attribute-verification services accounting for 63% of that total. Projections indicate the sector could double in size to £4 billion by 2030. UK digital identity firms raised £148 million across 34 deals in 2023 alone. The UK RegTech market, of which identity verification solutions are a key component, was valued at approximately $7 billion in 2023 and is projected to grow significantly.
Commercial competition and integration
The commercial opportunity has attracted significant competition. Providers have launched dedicated “device-intelligence” products aimed at UK banks and fintechs, positioning them as complements to, rather than replacements of, traditional KYC workflows. The goal is to fill the void that document verification alone cannot address — including account takeovers, synthetic identity fraud, and authorised push-payment scams where the legitimate user is present but coerced. While Strong Customer Authentication has reduced some forms of account takeover, fraudsters continue to adapt.
For IT leaders and platform architects, the practical challenge is integration. Verification tooling must sit within existing data pipelines, satisfy GDPR obligations, and produce audit trails that satisfy both the FCA and internal risk teams. Vendors who can offer modular, API-first architectures are winning procurement conversations over those requiring wholesale platform replacement. The consensus across the industry is that a layered defence strategy, combining multiple technologies and data points, is essential for effective fraud prevention — and that identity verification is no longer a one-time event but a continuous process requiring ongoing monitoring of user behaviour and device intelligence.
