Deepfake-Enabled Fraud Incident Volume: 2024 Statistics, Trends, and Analysis
In 2024, Entrust recorded one deepfake identity attack every five minutes globally. Regula's August 2024 survey found 49% of businesses encountered video deepfake fraud, up from 29% in 2022. Sumsub detected a fourfold year-over-year increase. FinCEN issued formal Alert FIN-2024-Alert004 in November 2024 as SAR filings linked to deepfakes rose.
Methodology
This page aggregates data from four primary sources published in 2024. Entrust's 2024 Identity Fraud Report analyzed real-world identity verification transactions from September 1, 2023 through August 31, 2024 across financial services, crypto, and other regulated sectors globally. Regula's Deepfake Fraud Doubles Down survey was conducted by Sapio Research in August 2024 with 575 business decision-makers across financial services, crypto, technology, telecoms, aviation, healthcare, and law enforcement in Germany, Mexico, the UAE, the US, and Singapore. Sumsub's 2024 Identity Fraud Report drew on verification data from its platform across 200-plus countries throughout 2024. Deloitte polled more than 1,100 C-suite and other executives in May 2024 and released the findings in September 2024.
Coverage gaps to note: SAR counts tied specifically to deepfakes are not published by FinCEN in disaggregated form. The Regula and Deloitte figures are based on survey self-reporting rather than transaction log analysis, which typically undercounts incidents. Industry sector definitions differ across studies: Entrust's crypto category captures 9.5% of fraud attempts, while Sumsub tracks iGaming and fintech sub-verticals separately. All figures are in USD unless stated otherwise.
Full data table
| Metric | Figure | Year | Source |
|---|---|---|---|
| Deepfake identity attacks globally | 1 every 5 minutes | 2024 | Entrust Identity Fraud Report 2024 |
| Businesses reporting video deepfake fraud | 49% | 2024 | Regula / Sapio Research |
| Year-over-year increase in deepfakes detected (global) | 4x | 2023-2024 | Sumsub Identity Fraud Report 2024 |
| Deepfakes as share of all fraud attempts | 7% | 2024 | Sumsub |
| Deepfakes as share of video biometric fraud | 40% | 2024 | Entrust |
| Digital document forgery increase year-over-year | +244% | 2024 | Entrust |
| Executives reporting deepfake incidents targeting financial data | 25.9% | 2024 | Deloitte |
| Average financial sector loss per deepfake incident | $603,000 | 2024 | Regula |
| Deepfake case growth in fintech | +533% | 2023-2024 | Sumsub |
| Prior-period global increase | 10x | 2022-2023 | Sumsub |
Sources: Entrust Identity Fraud Report 2024; Regula Deepfake Fraud Doubles Down (September 2024); Sumsub 2024 Identity Fraud Report; Deloitte Executive Survey (September 2024); FinCEN Alert FIN-2024-Alert004 (November 2024)
Key findings
One deepfake attack hit an identity verification system every five minutes in 2024. Entrust's analysis of 12 months of real transaction data found deepfakes now represent 40% of all video biometric fraud attempts. That's a fundamental shift in attack composition. Digital document forgeries, the companion technique, increased 244% year-over-year in the same dataset. For the first time, digital forgeries surpassed physical counterfeits as the dominant form of document fraud, accounting for 57% of all cases.
Incident rates at businesses nearly doubled between 2022 and 2024. Regula's August 2024 survey of 575 fraud decision-makers found 49% reported encountering video deepfake fraud, compared with 29% in 2022. Audio deepfakes also rose by 12 percentage points over the same two years. Financial services firms reported the highest average losses: $603,000 per affected company. Ten percent of firms sustained losses above $1 million.
The growth rate is accelerating, not stabilizing. Sumsub observed a 10-fold surge in deepfake incidents from 2022 to 2023, then a further fourfold increase from 2023 to 2024. That's 40x cumulative growth over two years. Deepfakes accounted for 7% of all fraud attempts on Sumsub's platform by year-end 2024, a proportion that was negligible three years prior. In fintech specifically, cases rose 533% between 2023 and 2024.
FinCEN moved from informal guidance to a formal alert. On November 13, 2024, FinCEN issued Alert FIN-2024-Alert004 specifically citing an increase in SARs describing suspected deepfake use to circumvent identity verification and account authentication. This is the clearest signal from a primary US regulator that SAR volumes on this typology are rising, even though FinCEN does not publish the underlying count in disaggregated form.
Executive awareness still lags the threat considerably. Deloitte's May 2024 poll of 1,100-plus C-suite executives found 25.9% reported at least one deepfake incident targeting financial or accounting data in the prior 12 months. One in five (20.1%) expressed no confidence in their organization's ability to respond. Half (51.6%) expected attacks to increase over the following year. That's a majority anticipating growth while a fifth of organizations feel entirely unprepared.
Year-over-year trends
The trajectory from 2021 onward is steep and has not flattened.
In 2021, document fraud was almost entirely physical. Entrust's historical data shows physical counterfeits dominated the fraud mix. By 2024, digital forgeries had surpassed physical ones for the first time.
Sumsub's platform data charts the deepfake surge directly:
- 2022 to 2023: 10x increase in global deepfake incidents
- 2023 to 2024: 4x further increase (combined 40x growth over two years)
Regula's survey data captures the business-level experience alongside the platform numbers. In 2022, 29% of fraud decision-makers encountered video deepfake fraud. By 2024, it was 49%. The rise isn't explained by improved detection alone: the cost per company in financial services climbed to $603,000, which indicates more incidents per firm and higher-value targets, not just better visibility of attacks that were already happening.
Regionally, the 2023-2024 growth is uneven. Sumsub recorded deepfake incident surges in the Middle East (643%), Africa (393%), and Latin America and the Caribbean (255%). These aren't future risk zones; they're active threat environments now.
By sector, iGaming saw the steepest single-period rise at 1,520%, followed by marketplaces (900%), fintech (533%), and crypto (217%). Traditional banks sit at a lower base rate but are catching up as fraudsters probe onboarding and account recovery flows.
The directional signal for 2025 and beyond is clear. Deloitte's Center for Financial Services projected in 2024 that generative AI-enabled fraud could reach $40 billion in losses in the US alone by 2027. Given the 40x cumulative growth documented between 2022 and 2024, that projection may prove conservative.
What this means for compliance teams
The FinCEN alert of November 2024 is the practical starting point. Alert FIN-2024-Alert004 lists specific red flags: photos or videos flagged by deepfake detection software, geographic or device data inconsistent with the identity document presented, and newly opened accounts with rapid transaction volumes to high-risk payees. Compliance teams should map these indicators directly to SAR filing protocols and ensure front-line analysts are trained on each one.
The attack surface is wider than KYC onboarding. Entrust's data shows deepfakes hitting video biometric checks, document verification, and increasingly, business email compromise and account recovery flows. AI-Powered Fraud Detection needs to cover all three vectors. Teams that deployed detection only at account opening are already exposed to mid-relationship attacks.
Identity Verification and KYC/AML Automation is the first line of defense against the document forgery surge. The shift to digital forgeries (now 57% of all document fraud) means manual document review can't carry the load. Automated liveness detection and injection attack controls must be in the stack.
Customer Due Diligence procedures need updating to address the reality that a document and a face can now both be synthetic simultaneously. Enhanced Due Diligence triggers should incorporate behavioural signals alongside document and biometric checks, because deepfakes can pass each of those controls individually.
Under FATF Rec 15, member countries are required to assess and mitigate risks from new technologies. Deepfakes are now a documented fraud typology with formal SAR-level regulatory attention from FinCEN. Institutions that lack specific deepfake controls face clear regulatory exposure in their next examination cycle.
One practical gap stands out in the Deloitte data: 20.1% of executives have no confidence in their response capability. That gap runs from detection tooling through to incident response playbooks. Tabletop exercises designed around deepfake scenarios should be on the schedule before the next examination, not after a loss event.
Sources
- FinCEN, Alert FIN-2024-Alert004, "Fraud Schemes Involving Deepfake Media Targeting Financial Institutions," November 2024
- Entrust, "Deepfake Attacks Strike Every Five Minutes Amid 244% Surge in Digital Document Forgeries," November 2024
- Regula / Sapio Research, "Deepfake Fraud Doubles Down: 49% of Businesses Now Hit by Audio and Video Scams," September 2024
- Regula, "Deepfake Fraud Costs the Financial Sector an Average of $600,000 for Each Company," October 2024
- Sumsub, "2024 Identity Fraud Report"
- Deloitte, "Deepfake Banking Fraud Risk on the Rise," September 2024
Turn these numbers into fewer of your own
FluxForce AI agents cut false positives, clear SAR backlogs, and keep audit-ready evidence, so the next statistics report cites the industry, not you.