Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Update (February 24, 2026): @vmfunc has published part two of their series about Persona. You can read it here. We will update this post with part three when it is released. On February 16, 2026, security researchers @vmfunc, @MDLcsgo, and @DziurwaF published a blog post identifying exposed frontend source maps on a non-production subdomain under withpersona-gov.com.

Supplemental document checks are often required for businesses that conduct Know Your Customer (KYC) or Know Your Business (KYB) checks. Even when compliance isn’t required, organizations often collect supplemental documents for their own business purposes, such as risk assessments. In business contexts, a supplemental document is a non-government-issued document that you collect to support a risk assessment.

Audiences around the world may be captivated by dramatic stories of con men like the Tinder Swindler. But this type of fraud is the exception rather than the rule. Most criminals go to great lengths to stay hidden and minimize the risk of getting caught. Sometimes, though, a criminal needs to show their face — or at least, a face — to pass identity checks.

Synthetic identity fraud used to be a specialty fraud job. Bad actors created synthetic identities by modifying personal information, combining multiple real identities, or combining real and fake information. But building up identities convincing enough to pass muster took time, research, and effort. As a result, you typically saw synthetic identity fraud when bad actors targeted organizations that could pay off in a significant way.

Product, fraud, and trust and safety teams at online merchants and marketplaces have been fighting bots for a long time. While there were occasional disagreements about how “bad” bots were (a purchase is a purchase, some might say), the general consensus often ranged from suspicious to block them all. But not anymore. As AI-powered browsers and agents become more commonplace, online merchants have to prepare for a world where agentic commerce is a standard sales channel.

Globally, companies lost an average of 7.7% of their annual revenue to fraud, according to TransUnion’s 2025 Digital Identity Risk Accelerates Fraud Losses report. In the US, companies reported revenue losses of 9.8%, a 46% increase from the previous year. That’s hundreds of billions of dollars heading into the hands of fraudsters. And those stats don’t account for the loss of trust, hit to brand reputation, and time and resources spent on mitigating and resolving the fraud.

An identity mule is someone who is compensated for sharing their identity. They may be asked for pictures of their identification documents and video selfies. Or, instructed to create an account and complete an identity verification flow before handing over the account’s credentials to a bad actor. The fraud cat-and-mouse game is taking a new turn. As organizations get better at detecting deepfakes, some bad actors are using real people’s identities to commit fraud.

All over the world, companies are seeing a rise in fake job applicants. You may have experienced it yourself: dozens of near-identical resumes arriving within hours, or candidates who refuse to turn on their camera during video interviews. Remote hiring, global talent pools, AI-generated resumes, and increasingly sophisticated fraud networks have profoundly changed the hiring landscape. Traditional hiring processes were never built to defend against the types of candidate fraud we’re seeing today.

For fraud fighters, link analysis tools like Persona’s Graph are becoming essential for stopping account sharing, deepfakes, identity mules, and other forms of sophisticated or scaling fraud attacks. Since we launched Graph in early 2023, we’ve spent countless hours gathering feedback from customers, investigating the latest fraud vectors, and testing new technology. Graph is a better product as a result, and we want to share six improvements that are helping fraud fighters today.

As with previous years, we asked identity and fraud experts to reflect on the closing year and share a few predictions for the next. You’ll get unique perspectives from fraud fighters, researchers, and an executive. We asked them about unexpected fraud trends, which tactics will become more valuable, leadership’s changing perceptions, and AI, of course. But we kicked things off with a lighthearted question.