The Future of KYC: How Sumsub and PropellerAds Respond to New Fraud Threats in 2026
Industry research shows that identity verification has become a standard part of how digital platforms operate. The global digital identity verification market continues to grow rapidly, reaching about $15 billion in 2025 as companies adopt AI-based identity checks and biometric authentication to prevent fraud. The growth is driven by expanding online transactions and increasing fraud risks.
Overall, the question is no longer whether KYC should exist, but how it should be designed to balance security, fraud prevention, and user experience.
In this article, we’ll take a closer look at how modern KYC systems actually work, what risks they are meant to address, and how companies are adapting identity verification to new challenges such as AI-generated fraud.
Experts consulted for this article:
Sumsub is a leading user verification platform that automates KYC/AML compliance, helping businesses verify customer identities, prevent fraud, and meet regulatory requirements. It provides identity verification and fraud prevention services in over 220 countries, streamlines user onboarding, monitors transactions for suspicious activity, and uses machine learning to detect fraud.
Why Did KYC Become an Industry Standard?
KYC has evolved from an additional check into an established industry practice – here is how it happened throughout the years:
The Evolution of KYC
KYC gradually became standard as digital platforms expanded, payouts increased, and fraud risks grew.
This evolution has not happened by chance: it has become the result of several powerful forces.
Reason 1: The Risk of Paying the Wrong Party
A company that sends payments to clients must clearly understand who exactly it is paying. If a business cannot explain where its payments go, it becomes a serious risk for the entire payment infrastructure.
Imagine a situation where a company processed a payout but cannot clearly identify the recipient. From the perspective of a bank or payment provider, it raises an obvious question: what if those funds are being sent to someone the financial system should not be dealing with at all?
Real-world scandals have shown how serious this risk can become. When the German payments company Wirecard collapsed, investigators found that the €1.9 billion it claimed to hold did not actually exist. This exposed how weak oversight can lead to a loss of visibility over financial flows at complex payment networks.
Similarly, in 2012, HSBC paid $1.9 billion in fines after regulators found that weak monitoring and poor customer checks allowed money linked to criminal organizations to move through the financial system.
Reason 2: The Growth of Large-Scale Digital Fraud
Digital platforms discovered that without identity verification, fraud can scale extremely quickly. Fraudsters can create multiple accounts to bypass platform safeguards, impersonate legitimate businesses, and launch policy-violating campaigns at scale. Such activity can erode user trust, harm advertisers and partners, and undermine the platform’s reliability.
For example, Google Ads has faced repeated waves of fraudulent advertisers who impersonated banks, technical support services, or well-known brands to redirect users to phishing websites. Similarly, Meta (Facebook) discovered fraud networks promoting financial scams and misleading investment schemes.
A similar case occurred during the Triada malware campaign, when attackers tried to enter ad networks using bad actors’ accounts and malicious redirects. Cases like this have forced platforms to introduce stricter advertiser verification and stronger KYC checks.
Reason 3: Regulatory Pressure
In many jurisdictions, regulators already require stricter customer identification procedures. For example, in the European Union, anti-money laundering regulations force companies to perform Customer Due Diligence (CDD) and conduct enhanced checks for higher-risk transactions or clients. In the United States, the Financial Crimes Enforcement Network (FinCEN) requires financial institutions to implement Customer Identification Programs (CIP).
Farukh: Regulators, including the EU and the UK’s FCA, are also cracking down on fraudulent ads by shifting liability onto online platforms like Meta and Google. Key initiatives include stricter advertiser verification, mandatory removal of scam content, and enhanced penalties for promoting fraudulent products, aiming to combat the rising financial losses and safety issues.
As a result, KYC is no longer seen as an optional compliance formality. It has become a fundamental mechanism that allows digital platforms to operate safely within the global financial system.
Is the AdTech Industry KYC Anyhow Different?
Technically, KYC procedures in AdTech are not different from those used by FinTech companies or payment providers. They rely on the same elements: document verification, biometric checks, and screening against sanctions or risk databases.
However, the risk context in AdTech is somewhat different. Unlike many financial services, AdTech platforms typically allow very fast and simple registration, operate globally, and issue payouts only after users start generating revenue. This combination creates several specific fraud risks that KYC is supposed to mitigate:
- Payment fraud. If the platform does not know who is behind the advertiser’s account, it risks handling funds with a fraudster or violating the payment partner’s requirements. This is why, in AdTech, KYC is triggered before the first payment flow.
- Account takeover and policy evasion. Fraudsters do not always create new accounts but often gain access to existing advertiser accounts through phishing, credential leaks, or social engineering. These accounts already have a history and established reputation, so malicious activity such as scam campaigns or traffic manipulation can be harder to detect.
- Affiliate fraud. In affiliate networks, attackers may create multiple accounts to perform self-referrals, generate fake conversions, or manipulate payout models. KYC ties accounts to a real identity, making large-scale account creation significantly more difficult.
As a result, without basic KYC, advertising platforms often face payment abuse, account farming, or large-scale affiliate fraud.
What Are the Novel KYC Challenges in 2026?
Besides the long-standing fraud risks, new challenges mean modern KYC can no longer rely on a simple document check or a single automated verification layer.
We spoke with Farukh Rakhimov, Head of Financial Operations and Compliance group at PropellerAds, and Amy Savva, Team Leader of Compliance Team at PropellerAds, as well as Julia Andreeva, the Product Marketing Lead at Sumsub.
AI-generated fraud at an industrial scale
According to the Sumsub 2025 Identity Fraud Report, AI-generated documents are a major fraud trend. The ResearchGate study also highlights cases in which deepfake videos were submitted during verification, as well as AI-generated documents and synthesized faces. At the same time, Fraud-as-a-Service has made fraud operations even more accessible, offering ready-made tools, documents, and automated attack infrastructure even to inexperienced attackers.
According to Sumsub, the main risk for ad networks is not simply the existence of deepfakes or AI-generated documents, but how these technologies allow fraudsters to scale their attacks. Modern verification systems are generally capable of detecting most basic AI-generated documents and deepfake attempts. However, the bigger challenge is that attackers now use AI to run large-scale experiments rather than relying on a single fake document to bypass KYC.
In practice, fraudsters generate large numbers of synthetic identities and test them across multiple platforms. Strong identity verification systems are effective at blocking low-quality attempts; however, attackers continue to try different variations, searching for weaker onboarding flows or inconsistencies between systems.
In the advertising ecosystem, this often appears as already mentioned account farming or policy evasion: fraudsters create multiple advertiser accounts using AI-generated identity elements, use them for activities such as scam advertising, traffic manipulation, or affiliate abuse, and replace accounts once they are banned.
Julia Andreeva: The real shift we’re seeing is not that AI suddenly makes verification ineffective. It’s that AI allows fraudsters to industrialize their attempts, which means platforms need layered defenses that look at identity, behavior, and account relationships together.
Fake advertisers and non-transparent business entities
Another emerging risk in AdTech is the use of fake advertisers and shell companies. Unlike individual fake accounts, which usually have limited impact, fraudulent business entities can operate at scale: launching large advertising campaigns and reaching thousands or even millions of users.
With AI tools now capable of generating realistic company documents, invoices, and registrations, verifying businesses has become just as important as verifying individuals. Such patterns are actively mitigated through a combination of layered verification, continuous monitoring, and proactive risk management
Julia Andreeva: Strong verification systems significantly reduce the likelihood that such entities can pass onboarding with fabricated information alone. Most successful abuse tends to involve combinations of tactics – for example, using a mix of real and synthetic data, registering companies in loosely regulated jurisdictions, or recycling infrastructure from previously banned accounts.
For ad networks, the key challenge is therefore not just verifying whether a company exists on paper, but assessing whether the entity is operationally legitimate. That means combining business verification, identity checks on beneficial owners, behavioral monitoring, and network analysis to detect clusters of related advertiser accounts.
Clients hiding their real location
KYC also plays an important role in ensuring compliance with international sanctions and regulatory requirements. Many platforms must restrict access or apply additional checks for users from certain jurisdictions due to legal obligations or financial partner policies.
This creates another challenge for identity verification: some users attempt to hide their real jurisdiction – for example, by using VPNs or registering from locations that do not match their actual country of residence.
On top of all this, there is a major challenge: while fighting the challenges, KYC shouldn’t make the process overwhelming for users. Users don’t want to go through lengthy verification procedures, so KYC must be fast and convenient – but the platform still needs to manage risks.
How To Face Modern Threats?
According to Julia, modern companies tend to apply multi-layered KYC verification. A ResearchGate study also shows that the verification process can’t rely on just a couple of checks anymore. And, there are obviously new layers of tech required.
So, let’s look at both in more detail.
Multilayered Checks
As Julia put it, an effective KYC process should be applied at multiple stages of the account lifecycle. Their internal analysis shows that ad platforms typically use the following checkpoints:
- onboarding – to stop fake advertisers before they enter the platform;
- scaling / higher spend limits – when advertisers increase budgets or access advanced features;
- payouts – to verify publishers and prevent fraud before funds are released;
- continuous monitoring – to detect account takeover, policy evasion, or suspicious behavior over time.
Julia: The number of verification layers depends on several factors. Local regulations often define minimum standards, and a company’s risk appetite also plays a role – for example, financial or crypto platforms usually require stronger controls than lower-risk digital services. The scale and maturity of the business matter as well: larger and more established platforms typically implement layered verification and continuous monitoring rather than relying on a single onboarding check.
Advanced Technologies
With the rise of AI-driven fraud, verification systems also need to adapt. Julia shared several technologies they use to detect fraud:
- Advanced liveness detection. During selfie verification, systems analyze video streams frame by frame, looking for natural facial movements, lighting changes, and subtle physiological cues that are difficult for deepfakes to reproduce consistently.
- Detection of technical artifacts. Even high-quality AI-generated images or videos often contain typical patterns that machine-learning systems can identify.
- Device and session telemetry. Each Sumsub verification session generates signals such as device fingerprints, IP addresses, and geolocation data. Fraudsters often reuse infrastructure, so the same device or IP appearing across multiple verification attempts can indicate coordinated fraud activity. Many deepfake attacks also attempt to inject synthetic video feeds into the camera stream rather than using a real camera. By analyzing device signals, camera metadata, and session behavior, verification systems can detect suspicious video sources.
- Behavioral signals also play an important role. Fraudsters using automation or AI tools often interact with verification flows differently from real users. For example, they fill forms too quickly, repeat identical actions across sessions, or follow scripted interaction patterns.
- Identity consistency and network connections analysis. AI-generated identities often appear in clusters, sharing devices, behavioral patterns, or document templates across multiple accounts. Graph analysis helps uncover these hidden networks.
Julia: Effective protection for ad networks goes beyond a one-time identity check. The most resilient systems combine document and biometric verification, device and behavioral intelligence, and network-level analysis to detect clusters of accounts controlled by the same actor. In other words, modern deepfake detection is not just about spotting a fake face. It involves evaluating whether the identity, the device, and the behavior together resemble a real human user.
How to Balance Security Without Driving Сlients Away
One of the biggest challenges in setting up KYC processes is balancing security with user experience. A poorly designed KYC procedure can lead to up to 40% of users abandoning onboarding. This is why companies automate checks, enable single-session verification flows, and trigger KYC only when specific risk signals or financial thresholds appear.
Importantly, KYC itself does not frustrate people if it goes smoothly enough. As Amy explains it,
When we first introduced KYC, we wanted to measure how much it would affect conversion. But today, it’s so widespread that it doesn’t really make much difference; most networks require KYC at some stage anyway. In most cases, if a client is honest and not trying to bypass the system, the process usually goes quite smoothly. The cases where we see complaints usually happen when someone tries to bypass the checks. When the system catches it, that’s when the complaints appear.
Example: How PropellerAds Designs Its KYC Process
At PropellerAds, the multisource advertising platform, KYC procedures combine automated technology with manual review. This allows the company to manage risks without overwhelming legitimate users.
Instead of forcing every new client to complete KYC, the platform uses a risk-based approach. Users can start exploring the platform first, and identity verification may be triggered at specific times: before any actions related to financial transactions, after reaching certain financial thresholds, or when compliance signals require additional checks.
As Amy puts it,
We usually give clients a chance to try the platform first. But at a certain stage of account activity, we send them to KYC.
From the user’s perspective, the verification process is designed to be completed in a single session through a secure verification portal. Clients receive a link and complete several steps – document upload, selfie verification, and liveness checks – without repeated document requests.
Behind the scenes, the system performs automated checks such as document verification, biometric comparison, metadata analysis, and database screening. At the same time, the results are not treated as final: compliance specialists still review cases manually when necessary.
No immediate KYC for every client.
KYC starts before payments, after thresholds, or on compliance signals.
Client uploads documents, selfie, and completes liveness check.
System reviews documents, biometrics, metadata, and databases.
Compliance team reviews flagged or complex cases.
Fraud risks are reduced with less friction for trusted users.
Farukh: The system is an additional layer of confidence, but the final decision is still made manually. This multi-layer model – automation, risk-based triggers, and human review – helps the platform detect suspicious activity while reducing unnecessary friction for legitimate clients.
Automated verification systems are essential because they can detect signals that are not visible during a simple manual review. These include technical indicators such as geotags, device data, and metadata extracted from submitted files, which help identify inconsistencies between a user’s declared location and their actual activity. They are also increasingly important for detecting AI-generated documents, synthetic faces, and deepfake attempts.
At the same time, manual verification remains necessary. In some regions, identity documents may have limited security features and can resemble simple printed IDs, which makes automated checks alone insufficient. Manual review is also required in cases where users register with nicknames or when, for example, people share very common names, which can trigger false matches in sanctions or watchlist databases.
To Sum It Up
For AdTech companies, KYC is no longer just about regulatory obligations – it is a key mechanism for preventing payout abuse and large-scale fraud.
At the same time, the threat landscape is changing. AI-generated identities, deepfakes, and Fraud-as-a-Service have made fraud attempts more scalable and accessible. This means modern KYC systems must go beyond basic document checks and rely on layered verification and behavioral analysis.
Ultimately, the goal of modern KYC is not to create barriers for legitimate users, but to build a verification process that balances security, fraud prevention, and user experience – allowing platforms to grow safely while keeping onboarding smooth for honest clients.
