The foreword to Smile Identity’s 2026 Digital Identity Fraud in Africa report (PDF) opens with a striking assertion.
“Africa’s digital economy is expanding faster than the security infrastructure that supports it,” it notes.
To illustrate this imbalance, the report notes that the share of Africans who own a financial account has nearly doubled over the past decade, rising from 34% to 60%. While this surge has accelerated economic growth and expanded access to financial services, it has also widened the attack surface for fraud. As more individuals and businesses move online, bad actors are finding new opportunities to exploit funds and sensitive information.
From financial services to eCommerce and gaming, fraud is on the rise across sectors. And as the rapid mainstream adoption of artificial intelligence continues, fraudulent activity is evolving in scale and sophistication, introducing new and complex risks to Africa’s digital ecosystem.
One of the most consequential shifts in fraud in 2025 has been the dramatic reduction in the cost of executing it, driven by artificial intelligence. According to the report, AI-driven schemes accounted for 69% of all biometric fraud cases tracked during the year, as generative AI tools enabled fraudsters to launch attacks at a scale previously unseen in the industry.
“What once required specialist skills and significant time can now be produced cheaply, repeatedly, and at scale,” the report states. “When fraud is cheap, attackers don’t need to succeed on the first attempt. They test systems continuously and iterate until they break through.”
The widespread adoption of AI has led to a sharp escalation in the scale and intensity of fraud attempts, many of which target the same identities. In one month alone, more than 160,000 attempts were linked to just 100 faces reused across multiple platforms.
In one instance, a single identity was used to initiate over 1,000 account registration attempts within a 30-minute window.
Mark Straub, CEO of Smile Identity, notes that the rapid adoption of AI by fraudsters is not surprising. What has stood out to him, however, is the slower pace at which some companies are embracing AI-powered tools to defend against these increasingly sophisticated threats.
Victoria Fakiya – Senior Writer
Techpoint Digest
Stop struggling to find your tech career path
Discover in-demand tech skills and build a standout portfolio in this FREE 5-day email course
“I’m not surprised by it and we’ve been investing heavily for the last two years to protect ourselves and our clients. The biggest surprise seems to be how many institutions have relatively weak controls post-onboarding,” he says.
“We’ve seen that a lot of institutions will put a lot of requirements on users when they’re signing up for an account,” he continues. “But once they’ve signed up, we see that most institutions are not employing two-factor authentication.”
While AI applications have crashed the cost of fraud for bad actors, the same cannot be said for businesses, Straub notes.
Beyond the growing use of artificial intelligence, the focus of fraud has shifted as well. In the past, most fraudulent activity was concentrated at the onboarding stage, when businesses were strengthening KYC processes and tightening identity verification requirements to ensure the right documents were collected.
The report, however, finds that fraud attempts are now more prevalent after customers have been onboarded. Fraudsters are increasingly targeting high-value actions such as logins, device changes, and transaction or limit increases.
As many companies streamline post-onboarding processes to improve user experience and reduce friction, vulnerabilities have emerged during authentication. The result is a shift in where attacks occur. Fraud attempts during authentication are now five times more common than those at the onboarding stage.
How fraud looks across Africa
While the industrialisation of fraud is a continent-wide trend, its expression varies across regions, shaped by infrastructure maturity, regulatory environments, and digital adoption patterns.
In West Africa, the report points to a higher prevalence of identity reuse and account takeover attempts. Fraudsters frequently recycle the same biometric data or personal details across multiple platforms, launching attacks designed to overwhelm systems. In markets like Nigeria and Ghana, where fintech adoption is deep, fraud increasingly targets post-onboarding activity—logins, password resets, and transaction escalations —rather than initial account creation. The goal is not just to get in, but to cash out quickly.
In East Africa, document-based fraud remains more common, particularly in markets where mobile money dominates, and onboarding often relies on physical national IDs. Here, forged or manipulated documents are still a primary vector. However, the report suggests that as digital banking products expand beyond payments into lending and savings, more sophisticated biometric and AI-driven attacks are emerging.
Southern Africa, with its relatively mature banking infrastructure, is seeing more advanced forms of biometric spoofing and AI-assisted impersonation. Fraud attempts in this region are often more technically complex, reflecting both stronger existing controls and more experienced fraud networks attempting to bypass them.
Across all regions, though, fraud is no longer sporadic or opportunistic. It is coordinated and data-driven. Attackers test systems repeatedly, refine tactics based on failure, and deploy successful methods at scale, behaving less like isolated scammers and more like structured operations with processes and tooling.
