More than half (54%) of identity verification checks across regulated sectors are still conducted manually, latest data from compliance specialist SmartSearch reveals.
Yesterday The Financial Ombudsman Service reported a sharp rise in online investment and employment scams, recording 31,300 scam complaints in 2025, with 20,000 involving authorised push payment (APP) fraud.
According to SmartSearch the figures highlight weaknesses in how businesses verify customers and counterparties at account opening and beyond.
The firm surveyed 1,000 decision-makers across finance, property, legal and accounting and found that fewer than half of identity checks are fully digital.
COMPLEX FRAUD
In a market increasingly exposed to complex fraud, the continued reliance on manual processes raises concerns around scalability and detection capability.
For bridging lenders and brokers operating in fast-paced environments, where speed and certainty are critical, the findings point to heightened compliance and fraud risk if verification systems fail to keep pace with criminal tactics.
CATCH ME IF YOU CAN
Collette Smith, Chief Customer Officer at SmartSearch, says: “The criminal opened an account. They passed basic checks. They looked legitimate. And then they used that legitimacy to defraud victims.
“The question isn’t whether these platforms had verification processes. It’s whether those processes could catch what criminals are deploying in 2026: AI-generated identities, deepfake documents and synthetic profiles that pass traditional checks without triggering any alarms.”
RISK SIGNALS
She adds: “Manual processes can’t scale to catch the volume and sophistication of modern fraud. Visual inspection doesn’t detect pixel-level document forgery. Static database checks don’t identify synthetic identities built from stolen data fragments. And checks performed once at onboarding miss the evolving risk signals that emerge over time.”
Smith reckons that while the Financial Ombudsman Service is right to urge consumers to pause before transferring money, responsibility must also sit with firms.
“Businesses have a responsibility and a regulatory obligation to ensure that the accounts facilitating these scams don’t exist in the first place.”
She says: “Businesses have a responsibility and a regulatory obligation to ensure that the accounts facilitating these scams don’t exist in the first place.”
She outlined measures including automated biometric verification, real-time sanctions and PEP screening, multi-source identity triangulation, ongoing monitoring throughout the customer lifecycle and enhanced due diligence for high-risk profiles, including cryptocurrency-linked accounts.
PREVENTION IS THE SOLUTION
Referencing the Payment Systems Regulator’s reimbursement rules introduced in October 2024, Smith adds: “The PSR’s reimbursement rules introduced in October 2024 place more responsibility on financial providers to protect customers from APP scams.
“That’s appropriate. But reimbursement is reactive, it happens after the harm is done.
“The real solution is prevention: ensuring that criminals can’t open the accounts, register the platforms, or establish the credibility they need to defraud victims in the first place.
“As Patrick Hurley, Ombudsman Director, said: ‘If it sounds too good to be true, it probably is a scam.’ But businesses shouldn’t rely on consumers being sceptical. They should build systems that make it impossible for ‘too good to be true’ offers to establish legitimacy in the first place.
“That’s not checkbox compliance. It’s defence.”
