The Identity Verification Gap Fuelling Investment and Employment Scams

Behind every one of these scams is a moment when a financial institution, an investment platform, or an employment portal failed to verify identity properly. The criminal opened an account. They passed basic checks. They looked legitimate. And then they used that legitimacy to defraud victims.

The question isn't whether these platforms had verification processes. It's whether those processes could catch what criminals are deploying in 2026: AI-generated identities, deepfake documents, and synthetic profiles that pass traditional checks without triggering any alarms.

SmartSearch recently surveyed 1,000 key decision-makers across finance, property, legal, and accounting sectors. The findings were striking: 54% of identity verification checks are still conducted manually. Only 46% are digital.

Manual processes can't scale to catch the volume and sophistication of modern fraud. Visual inspection doesn't detect pixel-level document forgery. Static database checks don't identify synthetic identities built from stolen data fragments. And checks performed once at onboarding miss the evolving risk signals that emerge over time.

The Financial Ombudsman Service is right to urge consumers to pause, research, and verify before transferring money. But the burden can't rest solely on victims. Businesses have a responsibility, and a regulatory obligation, to ensure that the accounts facilitating these scams don't exist in the first place.

That means:

• Automated biometric verification to catch deepfakes and synthetic identities
• Real-time sanctions and PEP screening against global watchlists updated daily
• Multi-source identity triangulation to detect inconsistencies across data points
• Ongoing monitoring throughout the customer relationship, not just at onboarding
• Enhanced due diligence for high-risk profiles, including cryptocurrency-linked accounts
  
  

The PSR's reimbursement rules introduced in October 2024 place more responsibility on financial providers to protect customers from APP scams. That's appropriate. But reimbursement is reactive; it happens after the harm is done.

The real solution is prevention: ensuring that criminals can't open the accounts, register the platforms, or establish the credibility they need to defraud victims in the first place.

As Patrick Hurley, Ombudsman Director, said: "If it sounds too good to be true, it probably is a scam." But businesses shouldn't rely on consumers being sceptical. They should build systems that make it impossible for "too good to be true" offers to establish legitimacy in the first place.

That's not checkbox compliance. It's a defence.