AU10TIX Q1 2025 Global Identity Fraud Report Reveals New Attack Mode:  “Repeaters” Test Detection Systems in Preparation for Mega-Attacks

AU10TIX, a global leader in identity verification and fraud prevention, released its Q1 2025 Global Identity Fraud Report. This quarter, the report identifies a new fraud technique that AU10TIX has coined “Repeaters“.  These are minor variations of a single digital asset (face picture, image background, document number, etc.) that bad actors deploy in small numbers to test detection systems before launching cross-industry mega-attacks. Fueled by Fraud-as-a-Service (FaaS) toolkits that include pre-packaged tools like deepfake face pictures and image templates, the use of Repeaters rose 33% between Q1 2024 and Q1 2025.

The rapid evolution of AI has ushered in a new wave of industrialized identity fraud, with malicious actors targeting sectors like payments, cryptocurrency and social media with automated mega-attacks involving thousands of synthetic identities. At the core of this trend are Repeaters, which are designed to evade both KYC checks and biometric defenses by mimicking genuine facial behavior and spoofing liveness checks.

The report identifies Repeaters as an early warning signal for businesses and sheds light on modern identity fraud tactics.  Bad actors typically begin with a handful of low-profile entry attempts, quietly probing an organization’s defenses for vulnerabilities. When viewed in isolation, these fraudulent ID documents look genuine and thus frequently escape detection. Once a few Repeaters have successfully bypassed a platform’s KYC checks, those same assets can be deployed across multiple platforms in coordinated mega-attacks with minimal risk of detection.

The only proven method of identifying these early indicators is a consortium validation approach, which involves cross-checking data across a network of organizations. Successful Repeaters are indistinguishable from valid IDs at the case level, but once an ID has been received by any organization in the consortium, it is easily flagged if another consortium member receives it in any permutation.

“Repeaters are the fingerprint of a new class of fraud: automated, AI-enhanced attacks that reuse synthetic identities and digital assets at scale,” said Yair Tal, CEO of AU10TIX. “We’re proud to be at the forefront of detecting and blocking these attacks through advanced pattern recognition and real-time consortium validation.”

One notable mega-attack outlined in the report involved 2,000 different variations of a single synthetic identity used to target multiple banking and crypto platforms. This underscores the scale and speed at which Repeaters can propagate once inside the fraud ecosystem.

AU10TIX’s Q1 2025 Global Identity Fraud Report offers three actionable insights to help organizations:

• Shift from static to behavioral detection: Track repetition across sessions, devices, and onboarding events to identify coordinated fraud early.
• Embed consortium signals into fraud defenses: Fraud rings operate across industries, so protection should too.
• Audit for synthetic identity vulnerability: Adapt and acknowledge that deepfake content and image-template attacks can bypass traditional KYC solutions.