← Back to articles
Cyber & Technology-enabled Fraud DE
Cyber Fraud and the Shift Towards Identity-Based Risk
Cyber & Technology-enabled Fraud

Cyber Fraud as an Evolution, Not a Disruption

Over the past decades, fraud has been closely associated with financial transactions, accounting manipulation, and control failures within organisational processes.

While these elements remain relevant, the nature of fraud is shifting.

Increasingly, fraud does not originate in transactions themselves, but in the manipulation of identity, access, and communication.

This shift is most visible in what is commonly referred to as Cyber Fraud.

Cyber Fraud refers to fraudulent activities in which digital technologies are used to deliberately manipulate identity, access, or communication in order to influence financial or operational decisions.

It is often presented as a fundamentally new category of crime. In reality, it represents an evolution of established fraud patterns.

The underlying mechanisms remain consistent:

  • deception
  • exploitation of trust
  • circumvention of controls

What changes is the interface through which these mechanisms operate.

Digital environments allow fraud to scale more rapidly, operate across jurisdictions, and target organisational structures in ways that were previously not feasible.

From Transactions to Identity

Traditionally, fraud risks were concentrated around:

  • financial transactions
  • accounting processes
  • asset handling

Today, the critical point of failure increasingly lies elsewhere:

identity and access.

Fraudsters no longer need to directly manipulate financial systems if they can:

  • impersonate legitimate actors
  • gain access to systems
  • influence decisions through trusted channels

This shift explains the rise of schemes such as Business Email Compromise, Account Takeover, and Identity Fraud.

Deepfakes and the Misinterpretation of Risk

Deepfakes currently attract significant attention and are often framed as a disruptive or entirely new threat.

A more precise view is required.

Deepfake-based fraud is not defined by the technology itself, but by its use in identity manipulation.

It is important to distinguish between:

  • synthetic media used legitimately, for example AI-generated avatars
  • synthetic media used deceptively, for example impersonation in fraud scenarios

Not every synthetic representation is fraudulent – fraud emerges when identity is intentionally misrepresented to influence decisions.

In this context, Deepfake Fraud is best understood as an extension of existing Social Engineering techniques rather than a standalone category.

Synthetic Identities: Neutral Concept, Fraudulent Use

A similar distinction applies to synthetic identities.

A synthetic identity can be a technical construct combining real and artificial data elements. It becomes relevant from a fraud perspective only when used to deceive.

Synthetic Identity Fraud refers specifically to:

  • the creation of identities that cannot be easily verified
  • their use in financial, transactional, or access-related contexts

This form of fraud is particularly difficult to detect, as it does not rely on impersonating a real individual, but on creating a plausible, yet non-existent identity.

The Changing Role of Controls

The shift towards identity-based risk has direct implications for control frameworks.

Controls designed for transaction integrity are no longer sufficient on their own.

Organisations increasingly need to address:

  • identity verification
  • access management
  • behavioural anomalies
  • communication authenticity

This does not replace traditional controls, but adds an additional layer that must be integrated into existing governance structures.

Technology as Enabler and Countermeasure

The technologies enabling cyber fraud are also used to detect and prevent it.

Examples include:

  • behavioural analytics for anomaly detection
  • AI-supported pattern recognition
  • verification technologies for identity and communication

This is not a simple “arms race”, but rather a continuous adaptation process:

The same technological capabilities that expand fraud risk also increase the ability to identify and mitigate it.

Related Terms

  • Cyber Fraud
  • Deepfake Fraud
  • Synthetic Identity Fraud
  • Identity Fraud
  • Account Takeover
  • Business Email Compromise
  • SIM Swap Fraud

Conclusion

Cyber Fraud does not represent a break with established fraud mechanisms. It reflects a shift in where and how these mechanisms manifest.

The primary change is structural:

  • from transactions to identity
  • from systems to access
  • from controls to interaction

Understanding this shift is essential for designing effective control environments and for interpreting emerging fraud patterns without overestimating or underestimating their impact.

Sources and References

  • ACFE – Report to the Nations on Occupational Fraud and Abuse
  • COSO – Internal Control Framework
  • ENISA – Threat Landscape Reports

Wie bewerten Sie diesen Beitrag?

Suggested citation

Simon Läuchli: "Cyber Fraud and the Shift Towards Identity-Based Risk", wirtschaftsforensik.ch, article, https://wirtschaftsforensik.ch/en/cyber-technology-fraud/cyber-fraud-identity-based-risk/, accessed April 18, 2026.