Shufti Deepfake Fraud Index Report:
Deepfake Fraud Set to Surge 495% in 2026
Shufti's Identity Fraud Index report reveals a rapid escalation in deepfake-powered identity fraud. The findings are based on proprietary fraud attempt data processed across its global identity verification network, covering 2025 with annualised 2026 projections. The projected deepfake fraud jump is close to a sixfold rise over 2025, the sharpest year-on-year acceleration in the dataset.
Key Takeaways
Four findings from analysed fraud attempts
Four attack types make up the Deepfake Fraud Stack:
- Synthetic Identity
- Live Video Deepfakes
- Face Swaps
- Document Deepfakes
Growth is steep: deepfake frauds are projected to rise:
- +495% in 2026 over 2025,
- Close to a sixfold increase.
Document Deepfakes is the fastest-growing type, projected up nearly +3,900% year over year in 2026.
The takeaway for fraud and compliance teams: a single selfie check is no longer a control, a layered combination of checks is.
When fraud becomes software, it scales like software. This index breaks down the four AI attack types behind the surge, and the three-layer detection model built to stop them.
What a Deepfake Actually Is, and Why It Scales Like Software
A deepfake is a synthetic media asset, video, image, or audio, in which artificial intelligence is used to fabricate or manipulate a person's likeness or voice. What was once a computationally expensive, specialist capability has become accessible through open source models and low cost cloud infrastructure.
The barrier to entry has collapsed. Anyone with a consumer device and an internet connection can now generate a convincing fake in minutes. That shift from expensive to cheap, from rare to widespread, is precisely why deepfake fraud is scaling the way software scales: marginal cost approaches zero as volume approaches infinity.
The shift is from craft to assembly line. A few years ago, a believable fake face needed a skilled editor and hours of work. Today an attacker feeds one image or a text prompt into a generative model and gets back a fully animated face that blinks, turns its head, lip-syncs, and reacts in real time, ready to drop into a selfie check or a live video call.
That industrialization is why the growth in this report climbs the way it does. When fraud becomes software, it scales like software.
The Deepfake Fraud Stack Behind the Surge
Four AI-driven categories make up the threat. Synthetic Identity account for the largest share, but all four are climbing, and Document Deepfakes is accelerating the hardest.
The mix is no longer dominated by any single technique. Synthetic Identity lead, live video deepfakes and Face Swaps's follow, and document deepfakes, though the smallest share today, is rising fastest:
All four AI attack types: Projected Annualized Growth for 2026

Document Deepfake - The Fastest Growing Type
One category is driving the spike. Document Deepfakes is the fastest-growing of the four, projected to rise nearly 3892% year over year in 2026 (annualized estimate), by far the sharpest mover in the dataset.

A note on method: 2026 figures cover January to May only. When we project a full year, we annualize the five-month run rate and label the result 2026E, an estimate, not a confirmed figure.
Synthetic Identity: The Largest Type, Still Climbing
Full Synthetic Identities, fabricated personas with no real world counterpart, represent the largest single AI fraud category and continue to grow. First tracked as a distinct category in 2025, they are projected to rise approximately 173 in 2026. The synthetic identity problem is scaling, not slowing.

Face Swap: A Newer Category Gaining Ground
Face-swap attacks map a victim's face onto an attacker's head in real time. Tracked as a distinct category from 2025, they're projected to grow about +121 in 2026, a smaller but steady climb that widens the range of live-video threats teams have to block.

Deepfake Video: Climbing Every Year, Now an Established Threat
Deepfake video, manipulated live streams during verification, has the longest track record of the four types, and it has grown every year since 2023. By 2025 it had become the second-largest AI fraud type. It remains a core, persistent threat that layered liveness is built to catch.

2026 omitted: only Jan–May data is available and is not yet annualized for this category.
How the Attacks Actually Reach the Camera
Attackers reach the camera in three broad ways, and most real campaigns combine them. Understanding the overlap is the difference between blocking one technique and blocking the chain.

Deepfake Presentation attacks
Hold something up to a real camera, a silicone mask, a printed photo, or a live video deepfake playing on a screen.

Deepfake Injection attacks
Skip the camera entirely, piping an AI-generated feed straight into the verification app through virtual-camera or emulator software.

Deepfake-Enabled Synthetic Identity Creation
Stitch a generated face to fabricated documents to manufacture a brand-new person who has never existed.
How Attack Vectors Combine
Most campaigns overlap — a layered defense is required.

Why Human Review Can’t Catch Up to High-Quality Deepfakes
Manual review is no longer a reliable backstop against high-quality deepfakes, because humans are less likely to spot a live video deepfake than a deepfake image.
When the human eye is overconfident, and the fakes are this good, a reviewer won’t be enough.
How Modern Detection Works: Three Layers, Not One Selfie Check
Effective deepfake detection is layered, no single signal is enough, so defenses stack independent checks an attacker has to beat all at once. Shufti uses a three-layer approach.
Capture Integrity:
Checks the hardware path first, confirming the video originates from a genuine smartphone lens rather than an injected stream.
Liveness
Combines passive cues (3D head depth, real-skin light response) with active challenges (track a moving dot, blink on command) that a pre-recorded deepfake cannot improvise.
Forensics
Hunts the artifacts humans miss, unnatural pixel blends where a swapped face meets a jawline, the loss of a camera sensor’s unique noise fingerprint, and broken cryptographic provenance.

Shufti’s models carry independent validation: iBeta Level 3 passive-liveness conformance with 0% APCER and 0% BPCER across iOS and Android, and a 98.49% true-accept rate with zero false template creation at the DHS Remote Identity Validation Rally.
Trust, Regulation, and the Financial Stakes
The regulatory and threat trajectories point the same way: detecting synthetic inputs is becoming a baseline expectation, not a differentiator. Three external markers stand out.
- Standalone selfie checks are losing trust. Gartner predicts that by 2026, 30% of enterprises will no longer consider identity verification reliable in isolation because of AI-generated deepfakes, and noted injection attacks rose 200% in 2023.
- The financial stakes are rising. Deloitte's Center for Financial Services estimates generative AI could enable fraud losses of up to $40 billion in the US by 2027, up from $12.3 billion in 2023.
How Shufti Catches These Attacks
Shufti has been developed to detect those four deepfake attack types on remote onboarding systems. Its deepfake and biometric stack is 100% proprietary, with no third-party models in the chain, and Shufti is a certified iBeta Level 3 liveness provider. Each attack type meets a control designed for it, so a synthetic input has to beat several independent checks at once.
| AI attack type | How Shufti catches it |
|---|---|
| Synthetic Identity | Deepfake detection across 100+ facial vectors flags GAN and diffusion faces that never belonged to a real person. |
| Live Video Deepfake | Capture-integrity checks defend against camera injection; randomized active-liveness prompts a pre-recorded stream cannot follow. |
| Face Swaps | Boundary and blending analysis spots the substitution patterns where a swapped face meets a real jawline and background. |
| Document Deepfakes | Document deepfake and tamper detection flag synthetic and altered documents before they pass as genuine. |
Shufti was built to stop exactly the four attack types in this report. Its deepfake and biometric stack is 100% proprietary, with no third-party models in the chain, and Shufti is a certified iBeta Level 3 liveness provider. Each attack type meets a control designed for it, so a synthetic input has to beat several independent checks at once.
360° Deepfake Detection: Shufti's Seven Gates of Defense
Shufti runs deepfake detection as a seven-part forensic model. Rather than trusting one cue, it puts every face and video through seven independent authenticity checks, each probing a different trace a fake leaves behind. Media is only cleared when all seven align, so no single trick can slip past, and the checks are built to hold up even after compression, screenshots, and re-uploads.
The Biometric Detective
Examines facial geometry and 3D consistency for the distortions synthetic faces leave behind.
The AI Signature Hunter
Looks for the tell-tale fingerprints that GAN and diffusion models stamp into generated media.
The Digital Archaeologist
Reads the file's save-and-edit trail; manipulated media carries inconsistent compression layers.
The Frequency Analyst
Inspects the image in the frequency domain, where AI generation leaves patterns invisible to the eye.
The Texture Specialist
Tests skin, hair, and surface texture for the unnatural smoothness or repetition typical of synthetic faces.
The Degradation Expert
Re-checks the media after it's degraded or re-compressed, so quality loss can't be used to hide a fake.
The Pixel Inspector
Analyzes fine pixel relationships & boundaries for the blending seams where a swapped face meets the frame.
Cleared only when all seven align
For a deeper look at why lab-tested deepfake detectors break down in production, and how to close the gap, see Shufti's report.
Frequently Asked Questions
Deepfake identity fraud is climbing fast. Across the four main AI attack types, 2026 is on track for a roughly 500% increase over 2025 (annualized projection).
Four: Synthetic Identity, Live Video Deepfake, Face Swaps, and Document Deepfakes (documents and media).
Rarely. Most people can't reliably tell real from document deepfakes, and most people overestimated their own ability. Manual review is not a dependable backstop.
A combination of injection checks on the hardware feed, passive and active liveness, and media forensics that flag generative artifacts, rather than relying on a single selfie match.
No. 2026 figures cover January to May only. Full-year figures shown as 2026E are annualized projections, not confirmed results.
Already onboarding through another vendor?
Shufti's Blind Spot Audit re-verifies users a competitor already approved, running on the team's own infrastructure with no data leaving their cloud, and surfaces the deepfakes and synthetic identities that slipped through.








