Behind the staggering $27.3 billion in identity fraud losses in 2025 are 18 million victims navigating a rapidly evolving threat landscape. New-account fraud and account takeovers are rising in tandem, underscoring how quickly criminal tactics are adapting in the digital age.
These figures come from Javelin Strategy & Research’s 2026 Identity Fraud Study: The Illusion of Progress, which goes beyond the numbers to examine the drivers behind these trends and how both organizations and individuals are working to protect themselves. A key factor is the ever-increasing amount of personal information available about consumers.
“We just continue to have more accounts and transactions to our name,” said Suzanne Sando, Lead Analyst of Fraud Management at Javelin. “I don’t think I could venture a guess at how many accounts active that I have for myself alone.”
Keeping Up with Brand-New Schemes
Because scams are constantly evolving, Javelin revises its survey questions each year to better capture how criminals are targeting consumers. This year, researchers identified a large group of victims who were exposed to scams but didn’t immediately lose money. These individuals may have shared sensitive information but stopped short of experiencing direct financial loss.
While these victims may believe they have successfully avoided fraud, the reality is that the risk often shifts rather than disappears. Once personal information is shared, it can be reused in later scams, identity fraud, or impersonation schemes targeting others in the victim’s social or professional network.
“Criminals and scammers are incredibly crafty and creative in how they go about their schemes,” Sando said. “A lot of information that’s being given up—like email and phone number—seems innocuous at the moment. But if a criminal can somehow use that information and gain access to a mobile account or gain access to an email account, they now have a wide variety of information. They also know that these phone numbers and these email addresses are active. It’s not like you’re giving up an old email address from 2008.”
A surprising share of consumers are still handing over highly sensitive information. In fact, 30% of scam victims reported providing banking details such as account and routing numbers. These cases often involve criminals creating a strong sense of urgency, coercing victims into compliance—or they just do a good job of impersonating legitimate organizations.
“I had a friend tell me about a coworker of hers who gave up the business banking account information to who he thought was the Treasury Department, because he speaks to the Treasury Department on a regular basis,” Sando said.
The Role of AI
Victims of identity fraud are often left to manage extensive cleanup and investigation on their own, creating an opportunity for banks to leverage agentic AI to reduce the burden on consumers. In the coming years, banks that adopt agentic AI-driven services may reduce the time and resources required for fraud resolution.
There’s also increasing activity around AI across the ecosystem—how banks deploy it, how criminals exploit it, and how consumers perceive its use. Notably, even consumers who consider themselves AI-literate are showing declining confidence in their banks’ ability to use AI to protect them from identity fraud.
This is a concern, because AI can identify behavioral patterns and anomalies that may be difficult for humans to detect. This capability applies both to consumers monitoring their accounts and to banks analyzing large volumes of transactions and account activity.
“There is validity to these concerns, but there is a race between criminals who are using AI for bad and the banks who are using it for good,” said Sando. “We cannot put toothpaste back in the tube. AI is not going anywhere. Criminals are able to adapt it at such speed that FIs cannot keep up. Because if you’re a bank, you’re worried about governance, you’re worried about compliance, you’re worrying about privacy of data. Consumers are too.”
Banks Have Lost Trust
But technology alone isn’t solving the problem of trust. In fact, as fraud tactics become more convincing, consumers confidence in bank communications is beginning to erode.
Criminals are using AI to impersonate banks, doing so convincingly enough that many consumers now ignore legitimate fraud alerts, assuming they are scams.
“We’re missing potentially obvious fraud that’s legitimate and delaying the reaction and delaying the fix for this fraud because we’re not responding to it in a timely manner,” said Sando. “Nobody trusts anything anymore. And to a certain point, I get that. I have gotten fraud alerts from my bank that look very suspicious because they look like a lot of scam communications that we get. These texts that we’re getting, legitimate fraud alerts, have a lot of the things that we have been told not to do. If I’m getting a text from my bank that says, ‘Regarding this purchase from whatever, was this you, reply yes or no,’ I’m not going to reply because you’ve told me that that’s something I shouldn’t do.”
“You have to practice what you preach. To me it’s a message to banks that they need to fix what they’re doing and help restore some of this trust that we as consumers have completely lost.”
Banks must recognize their role as some of the most trusted institutions in consumers’ lives. If that trust is breached and consumers no longer feel their security is a priority, the relationship may deteriorate to the point where it’s no longer sustainable.
“I’m putting my money and my livelihood and my assets with this particular entity,” said Sando. “You better do your absolute best at protecting all of that for me.”
On June 2, join Javelin Lead Analyst in Fraud Management Suzanne Sando, author of the 2026 Identity Fraud Study: The Illusion of Progress, as she hosts a panel with TransUnion’s Richard Tsai and Clint Kallbreier on how scams, AI, and fraud are reshaping the threat landscape.
