African fintech startups spent the last decade building systems to stop fake users from opening accounts. But the real threat may already be inside their platforms.
In a single month in 2025, one fraud syndicate used 100 stolen faces to launch over 160,000 verification attacks across Africa’s fintech platforms, according to a new report from Smile ID, a Lagos-based identity verification company.
The report, titled “2026 Digital Identity Fraud in Africa Report,” analysed over 200 million identity checks conducted across 35 African countries and 37 industries last year, drawn from a cumulative dataset exceeding 400 million checks processed since 2019, according to Smile ID.
The report highlights a structural shift in how fraud works in Africa’s digital economy: attacks now concentrate on logins, account recovery, and other authentication flows, making them five times more common than fraud at account registration.
Rather than create fake identities to open new accounts, fraudsters prefer to hijack existing, verified ones, exposing a blind spot in systems that were built on the assumption that the main risk sits at signup, not months later inside live accounts.
“The most consequential fraud attacks today are targeted account takeovers (ATOs)—not fake IDs or isolated spoofs, but coordinated operations that compromise the capture pipeline, reuse real identities at scale, and exploit moments after approval when controls are lighter through highly scalable AI-powered tooling,” Smile ID noted in the report.
Over the past decade, the percentage of adults in Africa owning a financial account rose from 34% to nearly 60%, creating more than 200 million new accounts across the continent, according to Smile ID. The verification systems that secured most of those accounts were designed for that one moment of onboarding. The attackers have moved on.
Authentication is now the primary battleground
For years, identity verification in African fintech worked like a checkpoint: users submitted an ID document and a selfie, and if the images matched, they were granted access. That model worked when fraud attempts were rare and mostly involved fake documents or low-quality spoofing.
By 2025, that environment had changed dramatically. Attackers now focus on the moments that unlock value inside financial platforms—login attempts, password resets, device changes, and withdrawal requests—where security checks are often lighter than during onboarding.
These flows rely on controls like SMS one-time passwords (OTPs), email links, and security questions, which can be bypassed through SIM swaps, social engineering, or insider assistance.
The overall share of verifications rejected by Smile ID for suspected fraud declined from 25% in 2024 to 22% in 2025. But the decline is misleading. The number of fraud attempts kept rising as verification volumes grew.
The nature of the attacks changed. Petty onboarding fraud declined while attackers concentrated resources on sophisticated takeovers of high-value accounts.
Historical rejection rates tell the same story. The share of all traffic blocked for suspected fraud rose steadily from 17% in 2020 to a peak of 29% in 2023, before falling to 22% last year.
Fraud networks are reusing the same identities at scale
One of the report’s most striking findings is how concentrated modern fraud attacks have become. A fraud syndicate used 100 facial identities to conduct large-scale break-in attempts, signalling that the same biometric data is being reused repeatedly across multiple fintech platforms.
Some identities appeared over 12,000 times in verification attempts; another was used in more than 1,000 account registrations within 30 minutes.
Smile Secure, Smile ID’s biometric deduplication tool, caught 126,000 duplicate fraud attempts in 2025, up from 52,000 in 2024 and 21,000 in 2023. That sixfold increase over two years reflects not just rising attack volumes but growing sophistication: syndicates now operate supply chains for identity assets, ageing accounts through dormancy before activating them for fraud or money laundering.
These patterns confirm that fraud has deeply embedded itself in coordinated, industrialised tactics. Organised networks and syndicates are running automated campaigns against fintech platforms. Attackers build repositories of stolen identities, facial images, and documents, then deploy them across multiple financial apps simultaneously.
AI is collapsing the economics of fraud
The report also showed that Generative AI has altered the cost structure of identity fraud in Africa. High-quality synthetic documents, deepfake imagery, and automated biometric manipulation are no longer expensive or rare.
The marginal cost of each fraud attempt now approaches zero, according to the report, which means attackers can afford to test systems continuously until they find vulnerabilities.
In 2025, AI-generated manipulation drove 69% of confirmed biometric fraud cases, including synthetic faces, deepfakes, and face swaps, according to the report. Another 20% were tied to metadata from known fraud networks, while 11% were simple screen or replay attacks.
Smile ID saw a 250% jump in high‑fidelity document forgeries, especially portrait tweaks where attackers swap or insert synthetic faces into otherwise normal-looking IDs, while older screen‑based tricks declined. Fraud is getting harder to spot and more technical.
Attackers are targeting the infrastructure itself
Beyond identity reuse, attackers are skillfully manipulating the systems used for identity verification rather than the images those systems evaluate.
Smile ID saw more than 100,000 injection-style attacks every month in 2025, where fraudsters used software‑simulated phones and fake camera feeds to sneak prerecorded or AI‑generated selfies past checks. Its systems flagged 480,000 attempts that appeared to use these fake capture setups.
Nearly 90% of suspicious verifications were stopped through its mobile SDKs in 2025, up from 15% in 2023 and 65% in 2024, showing how basic API checks that only see the final selfie or document often miss attacks where the capture process itself has been tampered with.
West Africa is seeing the pressure most clearly
The shift toward account‑takeover fraud is most visible in West Africa’s digital banks. Potential fraud attempts in retail banking rose about 50% in 2025, driven mainly by activity during logins and account recovery rather than at onboarding, and attacks grew faster than overall verification traffic, pointing to new tactics rather than simple growth.
Impersonation makes up roughly two‑thirds of attempted fraud in the region, split between spoofing (33%) and no‑face‑match failures (32%). Large‑scale harvesting of national identification number (NIN) or bank verification number (BVN) details and passport photos to feed identity supply chains is becoming a growing threat.
Stolen credentials are gathered or bought, then handed to mules or insiders who open or take over accounts; once inside, money moves quickly through fintech apps, wallets, and crypto platforms before fraud teams can react.
Across the rest of the continent, the picture looks different. Central and East Africa recorded the highest fraud rejection rates at 24% in 2025. In East Africa, the riskiest sectors were crypto (37% rejection rate), payments (35%) and investment (32%), and three in five rejections stemmed from document integrity issues.
Southern Africa’s risk is dominated by impersonation and spoofing, which account for nearly nine in ten rejected attempts, and deepfake attacks there jumped from under 200 a month in 2024 to more than 3,000 by late 2025.
In Francophone Africa, tighter rules on biometrics push firms toward document checks, and roughly two‑thirds of rejected verifications are due to document fraud.
Identity farming has become a mature operating model
Behind many of these attacks is a growing tactic known as identity farming. Fraud networks opt to build pools of verified accounts, allowing them to sit dormant for months. This enables them to weaponise the rich history of stolen identities in their possession, which they can utilise during attacks or sell as a service.
They routinely conduct transactions on those stolen accounts to build a history that makes them appear legitimate, according to Smile ID. When activated, they can be used to move funds rapidly across fintech apps before fraud teams can intervene.
One-time onboarding checks confirm who opened an account, not who controls it months later. When identity is verified only at sign-up, identity farming stays one step ahead of detection.
The anti-money laundering (AML) screening volumes on Smile ID’s platform reflect the growing urgency: names checked jumped from 1.1 million in 2024 to 1.8 million in 2025, driven in part by the Financial Action Task Force (FATF) grey-listing pressure.
In October, the FATF removed Nigeria, South Africa, Mozambique, and Burkina Faso from its grey list, but eight African countries, including Algeria, Angola, Cameroon, Côte d’Ivoire, the DR Congo, Kenya, Namibia, and South Sudan, remain under increased monitoring.
The evolution of biometric fraud
The sophistication of attacks has accelerated over the past six years, moving from crude physical deception to real-time identity hijacking.
In 2019–2020, the dominant technique was hidden cameras capturing videos of legitimate users. By 2020–2021, attackers shifted to reusing the same real face across multiple accounts.
Physical deception—masks, cardboard cutouts, printouts—defined 2021–2022. Basic facial edits and digital overlays emerged in 2023, giving way to AI-assisted face swaps in 2024. By 2025, attacks had reached real-time identity grafting and hijacking at scale.
Spoof attempts accounted for 42% of all biometric fraud in 2025, according to the report; no-face-match for 37%; liveness failures for 13%; duplication for 6%; and high-velocity failures for 3%.
Fraud also follows seasonal activities, consistent with existing trends in Africa’s fintech ecosystem.
During Black Friday in November 2025, duplicate identity checks on betting platforms surged by 500%, rising from an average of roughly 50 daily attempts to peaks above 300, said Smile ID.
The increase is consistent with coordinated attempts to exploit promotions, bonuses, and account limits when traffic is high, and controls loosen under load.
In buy-now-pay-later (BNPL) and digital lending, fraud attempts peak in the fourth week of each month, hitting a 7.4% rate compared with roughly 6.2% in earlier weeks, showing a consistent pattern with tightening personal budgets near month-ends.
Identity verification is becoming security infrastructure
The Smile ID report argues that fintech companies must rethink identity verification as a core security system, not a one-time compliance checkbox.
Controls designed only for onboarding are structurally mismatched to the current threat environment.
Defending against modern fraud requires three things, according to the report: lifecycle intelligence that detects identity reuse across sessions and platforms, hardened authentication at high-risk moments like logins and withdrawals, and trusted capture systems that validate how identity evidence was produced.
As Africa’s digital economy continues to expand, the verification layer that serves more than 200 million new financial accounts created in the last decade will need to evolve from a front-door checkpoint into a continuous security infrastructure.
In the next phase of fintech fraud, the most dangerous identity is not a fake one. It is a real one that someone else controls.
