AU10TIX Q1 2025 Global Identity Fraud Report Reveals New ‘Repeaters’ Attack Mode

AU10TIX, a global leader in identity verification and fraud prevention, has released its Q1 2025 Global Identity Fraud Report. This quarter, the report identifies a new fraud technique that AU10TIX has coined “Repeaters”.  These are minor variations of a single digital asset (face picture, image background, document number, etc.) that bad actors deploy in small numbers to test detection systems before launching cross-industry mega-attacks. Fueled by Fraud-as-a-Service (FaaS) toolkits that include pre-packaged tools like deepfake face pictures and image templates, the use of Repeaters rose 33% between Q1 2024 and Q1 2025.

The rapid evolution of Artificial Intelligence (AI) has ushered in a new wave of industrialised identity fraud, with malicious actors targeting sectors like payments, cryptocurrency and social media with automated mega-attacks involving thousands of synthetic identities. At the core of this trend are Repeaters, which are designed to evade both KYC checks and biometric defences by mimicking genuine facial behaviour and spoofing liveness checks.

AU10TIX Explains How Repeaters Successfuly Perpetuate Fraud

The AU10TIX report identifies Repeaters as an early warning signal for businesses and sheds light on modern identity fraud tactics.  Bad actors typically begin with a handful of low-profile entry attempts, quietly probing an organisation’s defences for vulnerabilities. When viewed in isolation, these fraudulent ID documents look genuine and thus frequently escape detection. Once a few Repeaters have successfully bypassed a platform’s KYC checks, those same assets can be deployed across multiple platforms in coordinated mega-attacks with minimal risk of detection.

The only proven method of identifying these early indicators is a consortium validation approach, which involves cross-checking data across a network of organisations. Successful Repeaters are indistinguishable from valid IDs at the case level, but once an ID has been received by any organisation in the consortium, it is easily flagged if another consortium member receives it in any permutation.

“Repeaters are the fingerprint of a new class of fraud: automated, AI-enhanced attacks that reuse synthetic identities and digital assets at scale,” said Yair Tal, CEO of AU10TIX. “We’re proud to be at the forefront of detecting and blocking these attacks through advanced pattern recognition and real-time consortium validation.”

One notable mega-attack outlined in the report involved 2,000 different variations of a single synthetic identity used to target multiple banking and crypto platforms. This underscores the scale and speed at which Repeaters can propagate once inside the fraud ecosystem.

Useful, Actionable Insights from AU10TIX

AU10TIX’s Q1 2025 Global Identity Fraud Report offers three actionable insights to help organisations:

• Shift from static to behavioural detection: Track repetition across sessions, devices, and onboarding events to identify coordinated fraud early.
• Embed consortium signals into fraud defences: Fraud rings operate across industries, so protection should too.
• Audit for synthetic identity vulnerability: Adapt and acknowledge that deepfake content and image-template attacks can bypass traditional KYC solutions.