persona-logo
Industry
Published March 28, 2024
Last updated February 26, 2025

Trust and safety survey insights: Fighting identity fraud in the age of GenAI

Persona’s trust and safety survey reveals that although many fraud fighters feel effective, few have the tools to proactively mitigate identity fraud at the scale generative AI has introduced.
Audrey Luk
Audrey Luk
7 mins
Illustration of a fraudster broken up into panels of different lengths (like a bar chart)
Key takeaways
Identity fraud is a top priority for most organizations, and one of the most challenging types of fraud to prevent. 
Most survey respondents feel they can effectively protect their organization when reacting to fraud attacks, but they’re not as confident about proactively getting ahead of the fraudsters.
Generative AI accelerates both known and unknown fraud types, so balancing reactive and proactive solutions may become increasingly challenging when resources are limited.

Trust and safety teams are increasingly asked to do more with less, which is why having the right tools and the support of other departments can be important. 

In August 2023, Persona fielded a survey targeting trust and safety, fraud, and risk professionals to better understand the current state of identity fraud. In reviewing the results and discussing the findings with six industry experts, two things became clear: Identity fraud remains a priority, and most people don’t feel that their fraud tech stack helps them proactively fight fraud.

You can find the complete survey results, analysis, and suggestions in our Trust and safety report: Tamping down identity fraud in the GenAI age. Here are a few key takeaways that you can use to benchmark your approach and spark ideas on how to fight identity fraud in the age of generative AI.

Fraud survey
Trust and safety report: Tamping down identity fraud in the GenAI age
Read the report

Identity fraud is a top priority across departments

In addition to hearing from members of trust and safety, risk, and fraud departments, survey respondents came from product, finance, sales, and operations. The good news for fraud fighters is that the majority of all respondents (80%) say fraud is a priority for their organization — almost half (50%) say it’s a top priority. 

This isn’t surprising, as new regulations, such as the INFORM Consumers Act in the U.S. and the Digital Services Act (DSA) in the EU, make identity verification a requirement for online platforms and marketplaces. Additionally, people are recognizing how important it is to establish and maintain users’ trust, which can be permanently lost with a single fraud event.

Heidi Landenberger, lead fraud investigator at the online learning platform Udemy, highlights another reason you need to prioritize fighting identity fraud. “Identity fraud is a critical building block for many other types of fraud,” she says. “Tackling the identity fraud component can weaken or entirely prevent other kinds of fraud attacks.”

AI-powered attacks aren’t a completely new threat

Generative AI and large language model (LLM)-driven attacks are top of mind for many fraud fighters, and bad actors are certainly using and experimenting with these tools.

For instance, almost half of organizations (49%) have suffered from identity fraud attacks involving fake or stolen documents, fake images, or fake voices in the past 12 months. We don’t know how many of those involved AI, but there have been countless cases of fraudsters using deepfaked videos and images, including AI-generated selfies, for identity verification. 

Organizations also reported high levels of phishing attacks (27%), which might have involved generative AI-written emails or texts.  

One important thing to remember is that defending against attackers who use AI won’t necessarily require you to start from scratch. As the examples above demonstrate, AI might enhance or expand existing attacks, but even if we see some novel AI-powered fraud in the future, incremental improvements in existing tools and policies may be enough to stop many of today’s AI-powered attacks. 

Passive signals can help you detect bad actors without interrupting a good user’s experience, making them an effective tool for scaling fraud defenses with limited resources. Perhaps that’s why the top preferred fraud solutions were database verifications (40%) and email risk signals (33%). 

Other types of passive device and behavioral signals may include the user’s IP address, location data, device fingerprint, browser fingerprint, phone risk reports, VPN usage, mouse movements, and typing speed. 

To fight fraud more effectively, many respondents (50%) said they’d invest in web application firewalls (WAFs) and network security. These can be particularly helpful at stopping high-volume attacks — which may become more prevalent as fraudsters increasingly use AI. 

They also recognized that it’s not possible to completely bypass adding friction. About a third of respondents (31%) said government-issued ID verifications were their most effective tool at detecting potential fraud attacks. You can use these during KYC when onboarding users, or as a step-up verification based on other risk indicators. 

Arjun Ramakrishnan, head of risk at GoDaddy Payments, shares that the ability to dynamically change the user experience on its platform is a core aspect of its fraud detection and mitigation strategy. “Identity verification is one piece of fraud detection/mitigation at GoDaddy Payments, albeit a critical one. At GoDaddy Payments, IDV is used as a step-up friction for applications and transactional activities that are deemed higher risk.” 

Finding a balance between reactive and proactive responses

The majority of survey respondents (82%) felt their organization effectively addressed fraud attacks. However, there were outliers in some industries, such as e-learning (29%) and gaming (58%). 

In addition to the passive signals, many use various tactics to combat fraud, including working with internal and external experts, offering fraud-specific employee training, selectively adding friction, and communicating with users. 

Missing from the list is technology that helps you stay ahead of fraudsters. In fact, the majority (64%) said that their current fraud tech stack doesn’t help them proactively fight fraud. 

Proactive approaches could include:

  • Using link analysis to uncover relationships in raw data and improve fraud models. Link analysis can help you stop fraud-connected users before they get into your system and remove fraud-linked accounts before they can strike.

  • Gathering industry-specific intelligence to learn about new fraud tactics, techniques, procedures, and trends before they reach your organization. 

  • Creating dynamic flows that add or remove friction to stop fraudsters while minimizing the impact on good users. 

  • Enlisting your users in the fight. Jas Randhawa, founder and managing partner at StrategyBRIX, says reading and analyzing user complaints can be exceptionally useful in revealing unique fraud patterns. “Proactively let users know how they can keep your platform and community safe by filing complaints — these can be a gold mine for understanding fraudsters’ behavior and getting ahead of them.”

  • Working with solution providers that continually ask for feedback and invest in new functions and features to address novel attacks you’re experiencing. 

Some proactive approaches will involve other departments. For example, you may want to update policies and procedures — 47% of respondents recommended doing so — and this could require buy-in from customer service, legal, security, IT, or growth. 

“Whenever we're dealing with fraud attacks, usually the first thing we do is try to scope the attack and get a handle on exactly what's happening,” Heidi says. “Based on what's happening, what we do varies in response. Some things our fraud team can clean up ourselves. Some things we may need to ping application security or information security for because we may need to make use of different tools that they have access to or get their sign-off for changes we can make. But we’re able to move fast, even cross-functionally, because we’ve developed good relationships with those teams.”

Being able to explain the ROI of fraud prevention can help align goals and make fighting fraud a higher priority at your organization. If you’ve already done this work, making an ask could be much easier. 

Persona empowers fraud fighters

At Persona, we know that fraud looks different at every company, and what works in one organization may not work for another. Some organizations may need to invest in new fraud technology. Others may get more immediate results by reconfiguring their existing identity verification and fraud prevention tools. 

That’s why we offer the building blocks you can use to create and customize your identity, fraud, and compliance processes. Our no-code integrations can help you consolidate existing tools onto a single platform, streamlining processes and enabling teams to efficiently and effectively investigate suspicious activity. 

You can read more of the key takeaways and expert insights from the survey in the Trust and safety report: Tamping down identity fraud in the GenAI age. Or connect with Persona to find out how we can help you proactively fight fraud. 

Blog post
See how Persona’s approach to deepfakes and GenAI fraud lines up with industry recommendations
Learn more

The information provided is not intended to constitute legal advice; all information provided is for general informational purposes only and may not constitute the most up-to-date information. Any links to other third-party websites are only for the convenience of the reader.
Audrey Luk
Audrey Luk
Audrey is Persona’s head of content and came to B2B tech the long way around, following stints in PR, wine, travel writing, and music journalism. She lives in the Bay Area with her family and their collection of cookbooks and bicycles.
Continue reading
  • How to protect your business against generative AI fraud
    5 mins

    How to protect your business against generative AI fraud

    Even ChatGPT’s founder is concerned about generative AI fraud. See why and learn how to fight deepfakes.

  • Generative AI in the world of trust and safety
    9 mins

    Generative AI in the world of trust and safety

    LLMs and other types of generative AI have the potential to destroy customer trust in your marketplace or platform. Learn...

  • How to combat AI-generated selfies in verification processes
    7 mins

    How to combat AI-generated selfies in verification processes

    Learn how fraudsters are using AI-generated selfies to slip past verification systems — and what you can do to protect...