AGP Picks
View all

The Arts Today Singapore
Provided by AGP

Shufti Finds APAC's Most Digitally Advanced Economies Are Also Its Most Fraud-Exposed

Shufti APAC Whitepaper 2026

Shufti APAC Whitepaper 2026- Stats

Identity fraud signals hit 22.82% in APAC as deepfake crime surges 600% and seven markets tighten KYC rules for onboarding, new Shufti verification data shows.

Businesses can no longer rely on fragmented verification tools. A unified platform helps organisations respond faster to evolving fraud, streamline compliance and offer consistent customer experience.”
— Ammara Mukhtar, Regional Vice President, Sales APAC at Shufti

LONDON, UNITED KINGDOM, June 25, 2026 /EINPresswire.com/ -- Asia-Pacific now accounts for close to 60% of global economic growth, but many of the digital-first businesses behind it verify their customers with systems that cannot keep pace with the region's fraud and regulatory challenges. A new report from Shufti, The KYC Compliance Challenge Across APAC, argues that the gap has become a structural limit on how far those businesses can expand.

The report opens on a counterintuitive pattern. Drawing on its own verification data, Shufti found that identity fraud is likely to concentrate on where the infrastructure is strongest.

Fraud-signal rates per 1,000 verifications ran from a high of 22.82% in Indonesia to 2.57% in Malaysia, with New Zealand, India, Australia, Japan, and Singapore all near the top. Thailand, Vietnam, and Bangladesh, where digital infrastructure is less developed, sat at the bottom.

The reason is not that advanced economies are weaker. It is that digital maturity means more digital-first businesses doing remote onboarding, and the volume of remote KYC is rising accordingly. The more verification a market runs, the more attack surface it presents, and the more fraudulent attempts surface at the verification step.

The scale is considerable. UPI in India alone now handles roughly half of all real-time payments worldwide, and Singapore's Singpass processes more than 41 million transactions a month. Each of those is a moment where a business has to decide, in milliseconds, whether the person on the other side is real.

"What our data makes clear is that fraud scales with digital maturity, not with weak defences," said Ammara Mukhtar, Regional Vice President, Sales APAC at Shufti. "The most digitally advanced markets in Asia-Pacific are experiencing the highest levels of fraud activity while regulators continue to introduce new compliance requirements at an unprecedented pace.


The Problems Multiply With Every New Market:
As a business moves across three or four APAC markets, annual verification volumes can climb from the low hundreds of thousands toward 10 million, and the checks grow harder. Every new market brings different fraud patterns, stricter onboarding rules, and document formats that rarely match the last.

Most verification stacks were built for markets with one national alphabet and a few document formats, and APAC breaks those assumptions at once:
-Documents arrive in Latin script, Devanagari, Khmer, Burmese, Thai, Korean Hangul, simplified and traditional Chinese, Japanese across three concurrent scripts, and Urdu.
-Thai and Khmer are written without spaces between words, making it hard to separate names and addresses for screening against AML and sanctions lists.
-Korean names are romanised inconsistently as Park, Pak, or Bak, raising both false positives and false negatives.
-Japanese documents mix kanji with phonetic scripts and may record dates in imperial eras rather than the Gregorian calendar.
-An engine that cannot read this diversity caps the number of markets a business can credibly serve.


The Rulebook Is Tightening Across APAC
Regulators across the region have moved in quick succession:
-India: the RBI's KYC Master Direction, updated in August 2025, raised V-CIP expectations around spoof detection and liveness.
-Malaysia: Bank Negara's revised e-KYC policy now legally mandates liveness detection.
-Singapore: The MAS published an information paper on the cyber risks of deepfakes in September 2025.
-Australia: the AML/CTF Amendment Act 2024 brings lawyers, accountants, and real-estate professionals into mandatory IDV from July 2026.
-Vietnam: a July 2025 restructuring merged 63 provinces into 34 and abolished the district tier, invalidating address fields across millions of existing documents.


The Threat Is Climbing Faster Than The Rulebook
The attacks are moving even faster than the regulations:
-A 600% or greater rise in deepfake-related content tied to criminal activity in Southeast Asia in the first half of 2024, per UNODC.
-A USD 25 million loss in the Hong Kong Arup case, after a deepfake video call impersonated senior executives.
-An estimated USD 4 billion or more was laundered through the Cambodia-based Huione Group between August 2021 and January 2025, per FinCEN.

Fraud now arrives less as a single application and more as coordinated waves engineered to look independent at the document layer, landing across sectors from mule accounts at fintechs to synthetic identities at crypto exchanges.


The Cost Of Getting It Wrong
Onboarding friction works as a quiet tax on growth, since the customer who abandons a verification flow is the largest and least-measured revenue loss in digital finance. Lost trust is harder still to recover because it does not respond to remediation the way a fine does. And the fines are rising.

The report cites Singapore's 2023 money-laundering case, involving more than SGD 3 billion in seized or frozen assets, which led to penalties totalling S$27.45 million against nine financial institutions in 2025.


Why Most Vendors Cannot Keep Up
Shufti attributes most failures to three problems that feed one another:
-Vendors that license their core technology rather than own it, leaving them waiting on suppliers whenever a regulation shifts or a new attack appears.
-OCR engines trained on Roman alphabets and Western documents, which struggle with the scripts the region actually carries.
-Static fraud-detection models are rarely retrained, so a system tuned for last year goes blind to this year's attacks.

The usual workaround, stitching together regional add-ons from different suppliers, produces what the report calls a "frankenstack" that multiplies sub-processors, privacy obligations, and data-residency risk while still leaving gaps.


Ammara further added, "Businesses can no longer rely on fragmented systems and disconnected verification tools to address these challenges. A unified verification platform enables organisations to respond faster to evolving fraud patterns, simplify compliance operations, and deliver a consistent customer experience across markets. Success in APAC depends on understanding the region’s diverse documents, regulatory requirements, and emerging fraud risks while adapting quickly to constant change.”


Shufti's Answer To A Fragmented Market, One In-House Stack
Instead of licensing each piece from a different supplier, Shufti builds and owns every layer of its verification stack on a single roadmap:
-One in-house stack where OCR, document authentication, biometric matching, liveness, and deepfake detection are all built internally.
-More than 10,000 document types verified across 240+ countries and territories.
-98.67% accuracy at an average speed of under 30 seconds across 150+ languages.
-A fraud model that keeps learning: retrained continuously on global attack patterns, with APAC signals feeding back in.
-During Vietnam's transition, 96.79% field-level OCR accuracy on the new chip-based citizen ID, against 82.36% for a comparable third-party benchmark.

The platform also routes verification through national digital-identity rails where they exist, including Aadhaar via DigiLocker, Singpass, ConnectID, and PhilSys.

The full whitepaper, with case studies from Vietnam and Japan, is available at https://shuftipro.com/resources/whitepapers-reports/kyc-compliance-identity-fraud-apac/

Further, APAC businesses can talk to the team to test Shufti against their own documents, markets, and fraud.


About Shufti

Shufti is a global identity verification provider built on a fully in-house technology stack, covering more than 240 countries and territories, over 10,000 document types, and more than 150 languages. Its OCR, document authentication, biometric matching, liveness, and deepfake detection are developed and maintained internally on a single roadmap, helping digital-first businesses verify customers, meet evolving regulatory mandates, and absorb new fraud without relying on third-party engines.

SOURCE SHUFTI

Aroosa Virk
Shufti
partnership@shuftipro.com
Visit us on social media:
LinkedIn
Bluesky
Instagram
YouTube
TikTok
X

Rethinking Address Verification in APAC: From Proof of Address to Docless Verification

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Share this page:

Advanced Search Options

Search for:

Search scope:

Type:

Search in:

Date range:

The last

Sort by:

Sign up for:

The Arts Today Singapore

The daily local news briefing you can trust. Every day. Subscribe now.

By signing up, you agree to our Terms & Conditions.