New North America Identity Verification Threat Report

In my conversations with risk officers and security leaders, one question remains constant: Where does the fraud journey begin? The data in our latest research makes the answer clear. It starts with an invalid identity document. Whether it is a sophisticated AI-generated fake or a genuine ID that has long since expired, these documents are the primary "keys" fraudsters use to unlock your systems and exploit your customers.

Recently, we released the Intellicheck North America Identity Verification Threat Report 2026. This report is based on an extensive dataset of nearly 100 million North American anonymized identity verification (IDV) transactions processed in 2025. Covering roughly half of the adult population in the United States and Canada, this data provides a clear-eyed look at how invalid IDs are being used as a gateway for identity theft-based crimes across every major industry.

The Anatomy of a Failed ID: Fake and Expired

To understand the threat, we must understand exactly what our technology detects. Our report focuses on detecting two specific types of invalidity: fake and expired IDs.

A fake ID is no longer just a poorly printed card. Fraudsters now leverage AI and machine learning tools to create identity documents that are nearly indistinguishable from genuine documents to the human eye. These documents pass human inspection, template-based document comparisons, and Optical Character Recognition (OCR) checks. However, they fail our verification (detected as counterfeit) because they lack hidden DMV-authorization data that matches the jurisdiction-specific format for the date of issuance. It is important to note that every US State and Territory and every Canadian Province and Territory have their own unique formats and security features.

Expired IDs pose a subtle but significant risk. They are often lost or stolen without the legitimate owner noticing, making them a "clean" document for a fraudster to present. Even with legitimate customers, expired documents lead to operational inefficiencies and raise the risk of impersonation fraud.

The terms "failed" or "invalid IDs" refer to IDs that have been detected as fake or expired.

Fraud Plagues All Industries: Some More Than Others

An analysis of the industries with the highest transaction volume for Intellicheck shows significant variability in the detected ID-fail rate. The highest fail rate won’t surprise anyone: Alcohol Retailers at 15.1%, FinTech (which we categorize as companies that reach their customers entirely through digital channels) at 2.4%, and retail-branded credit cards at 1.9%.

There are other interesting highlights in our research. Cannabis retailers are a very low 0.4%. This is because there is no need to use a fake ID to buy this product, as it is available through channels that don’t require IDs. Alcohol Delivery is in the middle at 2.4% invalid ID rates.

The Financial Services Target: High Stakes and Higher Risks

Financial institutions are prime targets because they sit at the center of money flows and extend credit at scale. We found that digital-only banks face a staggering 5.5% rate of identity fraud attempts. These institutions are prime targets because they face immense pressure to process account openings and perform account lookups quickly and frictionlessly to minimize cart abandonment and deliver great customer experiences. This creates exploitable gaps that fraudsters, now armed with AI-driven tools, are eager to fill using fraud farms of human and AI agents. Additionally, fraudsters feel safe attacking digital banks because of the anonymity the Internet offers. By contrast, more traditional retail banking clients, a mix of in-person and digital, had an IDV invalid rate of 1.7%.

Beyond traditional banking, we observe high failure rates across sectors serving the underbanked, with subprime lenders (2.6%) and check cashing services (2.8%) facing significant risks.

The cost of failure here is not just financial; it is reputational. A recent report cited¹ that 42% of scam victims consider switching banks, and 19% have already done so after being victimized by identity theft. Given that a typical bank customer’s checking account relationship lasts 19 years, the long-term loss of customer lifetime value from a single fraud event is catastrophic.

Credit Card Issuers: Retail Branded Cards are Under Siege

In retail, branded credit cards are under siege. Branded credit card fraud is among the highest, though it varies widely by retailer segment. Fraudsters request card-not-present (CNP) lookups for legitimate retail customers, using fake IDs four times as often as they attempt to open new accounts. Because initial limits on branded retail credit cards typically range from $750 to $2,500, the high volume of retail credit card transactions results in massive losses from identity fraud. Beyond the financial loss, identity theft diminishes customer loyalty and increases operational costs for both the retailer and the issuer.

We analyzed tens of millions of records across branded credit cards by retail category and published the top 10 by failure rate. We found the variability interesting. Arts and Crafts (5.0%) was the highest, and Outdoor Recreation (1.6%) was the lowest among the top 10. In this category, our highest transaction volume was at Department Stores (1.8%).

The Password Reset Crisis: Soft Target for Fraudsters

Attackers have realized that password recovery is one of the easiest ways to take over email and social media accounts. Email account takeover gives fraudsters deep access, allowing them to change passwords to lock out the owner, collect private information, send fraudulent messages to contacts, and harvest multi-factor authentication codes sent to the email. Gaining access to social media accounts can lead to ruined reputations and costly damage control.

Traditional verification methods, such as email links or security questions, do not reliably confirm the identity of the person making the request. Our data show that, even in these secure workflows, 2.0% of identities presented are invalid. If you aren’t verifying a government-issued ID before resetting email and social media accounts, you are effectively leaving the back door unlocked.

Make the Most of This Report: Compare Yourself to Peers

Download our inaugural 2026 Intellicheck North America Identity Verification Threat Report for a comprehensive analysis of last year's IDV failure rates across industries and categories. I recommend comparing your company's results with similar categories in the report. If they differ, contact us so we can review the results and work with you to determine whether your numbers differ because your current solution is missing fake IDs or because it's hallucinating due to high false-positive and false-negative rates.

‍

¹    “Why Do American Consumers Stick with the SameBank for Decades?”, Business/Finance Curated, March 11, 2025

‍