Shufti says APAC’s digital leaders face the highest fraud exposure

Shufti says identity fraud is rising fastest in Asia-Pacific’s most digitally mature markets as regulators tighten KYC rules and deepfake attacks accelerate. The report argues that fragmented verification systems are becoming a growth limit for businesses expanding across the region.

Why it matters: - APAC’s digital-first businesses are expanding into the region’s biggest growth markets while facing faster-moving fraud and compliance demands. - Shufti says the mismatch between market growth and verification tools is now a structural constraint on expansion. - The report points to higher fraud risk in markets with heavier remote onboarding and more digital payment activity.

What happened: - Shufti released a report titled The KYC Compliance Challenge Across APAC on June 25, 2026. - The report says identity fraud signals reached 22.82% in Indonesia and 2.57% in Malaysia, with New Zealand, India, Australia, Japan and Singapore also near the top. - Thailand, Vietnam and Bangladesh ranked at the bottom of the fraud-signal list. - Shufti says the pattern reflects digital maturity and the volume of remote KYC, not weaker defenses in advanced markets. - India’s UPI now handles roughly half of all real-time payments worldwide. - Singapore’s Singpass processes more than 41 million transactions a month.

The details: - Shufti says many verification stacks were built for markets with one national alphabet and a limited set of document formats, while APAC spans Latin script, Devanagari, Khmer, Burmese, Thai, Korean Hangul, simplified and traditional Chinese, Japanese across three concurrent scripts and Urdu. - Thai and Khmer scripts often do not use spaces between words, which complicates name and address screening against AML and sanctions lists. - Korean names are romanised inconsistently as Park, Pak or Bak, which can trigger both false positives and false negatives. - Japanese documents can mix kanji with phonetic scripts and use imperial-era dates instead of Gregorian dates. - Shufti says an engine that cannot read this diversity limits the number of markets a business can credibly serve. - The report says annual verification volumes can rise from the low hundreds of thousands to 10 million as a business expands across three or four APAC markets.

Between the lines: - Shufti says regulators are tightening rules across the region at the same time fraud tactics are getting more advanced. - India’s RBI updated its KYC Master Direction in August 2025 to raise V-CIP expectations around spoof detection and liveness. - Malaysia’s revised e-KYC policy now legally mandates liveness detection. - Singapore’s MAS published an information paper on deepfake cyber risks in September 2025. - Australia’s AML/CTF Amendment Act 2024 brings lawyers, accountants and real-estate professionals into mandatory IDV from July 2026. - Vietnam’s July 2025 administrative restructuring merged 63 provinces into 34 and abolished the district tier, invalidating address fields across millions of existing documents. - The report says deepfake-related content tied to criminal activity in Southeast Asia rose 600% or more in the first half of 2024, according to UNODC. - A deepfake video call in the Hong Kong Arup case led to a USD 25 million loss. - FinCEN estimated that at least USD 4 billion was laundered through the Cambodia-based Huione Group between August 2021 and January 2025. - Shufti says fraud increasingly arrives as coordinated waves designed to look independent at the document layer, spanning fintech mule accounts and synthetic identities at crypto exchanges. - The report says fragmented verification setups can add sub-processors, privacy obligations and data-residency risk while still leaving gaps.

What’s next: - Shufti says businesses will need unified verification platforms to keep up with changing fraud patterns and compliance requirements across APAC. - The company says its platform is designed to respond faster through an in-house stack that includes OCR, document authentication, biometric matching, liveness and deepfake detection. - Shufti says its system verifies more than 10,000 document types across 240+ countries and territories and supports more than 150 languages. - The company says the platform averages 98.67% accuracy at under 30 seconds. - Shufti says the model is continuously retrained on global attack patterns, with APAC signals feeding back into the system. - During Vietnam’s transition, Shufti says it achieved 96.79% field-level OCR accuracy on the new chip-based citizen ID, compared with 82.36% for a comparable third-party benchmark. - The platform also routes verification through national digital-identity rails where available, including Aadhaar via DigiLocker, Singpass, ConnectID and PhilSys. - The full whitepaper with case studies from Vietnam and Japan is available here.

The bottom line: - Shufti’s message is that APAC’s fastest-growing digital markets are also the hardest to secure, and verification providers that cannot adapt to local documents, scripts and regulations will become a bottleneck for growth.