The Identity Stack: Why the Fraud Arms Race Is Repricing an Entire Sector
Generative AI industrialised identity fraud, with deepfake attempts exploding in 2023 and continuing to compound since.
1 / 6
Generative AI industrialised identity fraud, with deepfake attempts exploding in 2023 and continuing to compound since. Every institution running a legacy identity stack is now, in effect, running an untested defence against a professionalised, AI-equipped attacker. That is forcing a multi-year upgrade cycle across one of the least glamorous corners of enterprise software creating a large and growing market opportunity with shifting tectonic plates as hyper-growth challengers like Socure have the potential to continue to encroach on and surpass LexisNexis, the incumbent market leader.
For a decade, the identity verification sector grew on a steady, predictable driver: digitisation. Every bank, fintech, gaming operator and marketplace that moved onboarding online needed to answer the same question, “is this person who they claim to be?”, and a generation of vendors was built to answer it. It was a good business which spawned several $100m+ businesses, but it was not a dramatic one and no players established dominance.
Then generative AI handed industrial-grade forgery tools to anyone with a laptop. Deepfake identity fraud attempts rose roughly 3,000% in 2023. By Q1 2025, deepfake fraud in North America was up a further 1,100% year on year, and synthetic identity document fraud up over 300%. A near-perfect counterfeit passport now costs about $30. Red-team testing suggests nine out of ten off-the-shelf verification engines still misclassify sophisticated deepfakes. Roughly one in seven deepfake attempts defeats a single-layer liveness check.
This has precipitated a root and branch review of procurement. Every institution running a legacy identity stack is now, in effect, running an untested defence against a professionalised, AI-equipped attacker. Regulators have added urgency from the other side with $6.6bn of KYC-related fines paid globally in 2023 alone and the potential legal liabilities continuing to materially increase. The result is a forced, multi-year upgrade cycle across one of the least glamorous corners of enterprise software and a reshaping of the competitive landscape. Importantly, the revenue opportunity per end user is now ongoing rather than just linked to initial onboarding workstreams as the threat vectors have expanded and maintaining identity is as important as initial verification.
LexisNexis Risk (division of RELX) leads the vertical globally with revenue of ~$1.5bn, growing ~8%. Socure is fast encroaching, particularly in the key US market at $340m ARR with new ARR compounding at 62%. It has been winning by providing a full stack solution encompassing identity verification, device intelligence, transaction intelligence, and orchestration, differentiated through its depth of data, accuracy and speed of decision making. Outside of the US, the market is more fragmented with country and regional market dynamics less conducive to a single player establishing dominance.
We believe these dynamics create significant potential for value creation, particularly in the US, where a full-stack leader has the opportunity to entrench network effects and the strong economics that come with them.
Four modules, one budget
The graphic accompanying this note maps the sector into four modules, showing who competes with whom and who is coming for whose budget.
Identity verification is the point-in-time gate at account opening: document forensics, biometric face match, liveness and deepfake detection, PII (Personally Identifiable Information) matching against identity graphs, sanctions screening. Device intelligence binds the verified identity to hardware and behaviour, and watches the pairing continuously — SIM swaps, device fingerprints, behavioural anomalies. Transaction intelligence monitors what the money does after onboarding: payment anomalies, AML, first-party fraud, account takeover. And orchestration is the decision layer that turns all of those signals into a single approve/decline/step-up outcome in milliseconds — with the audit trail to prove to a regulator why.
The first module is a gate; the second and third are a loop; the fourth spans everything. We believe the strategic race is toward owning all four, because the vendor that provides the decision layer is critical to the end customer relationship and becomes deeply embedded into the technology stack. Once the risk team has encoded its thresholds, escalation paths and case management inside one platform, displacement stops being a procurement decision and becomes a re-platforming project, resulting in high switching costs and second order risks.
The scoreboard
Using publicly available data and making some estimates around revenue splits at public companies like RELX (where the LexisNexis Risk Solutions division revenue includes insurance analytics), GBG and Mitek (where reported revenues include the location and check-deposit businesses) we have set out on slide 6 the strategic positioning and scale of the various players.
LexisNexis Risk Solutions is the incumbent, leading at roughly $1.5bn of relevant revenue, growing around 8%. The leading challenger is Socure, which is strongest in the US market and recently reported $340m of ARR, growing 62%, with 134% net dollar retention. Third place is GBG with ~$240m of revenue across the UK, APAC and the Americas, barely growing, suggesting a mature franchise rather than a challenger. Below that, a long tail of point solutions and regional players exist.
This suggests that in the US market the real competition is between the two full-stack players, LexisNexis and Socure, with Socure’s far superior growth rate indicating it is rapidly both taking share and growing the market.
Why the challengers are winning
LexisNexis, the incumbent, possesses a substantial data asset which has been the key to its market position to date. Its Digital Identity Network spans 78 billion transactions and 9 billion devices, which is an order of magnitude more raw volume than anyone else. However, despite this Socure has managed to outperform it in five ways.
Data quality beats data quantity
Socure's core asset is its Risk Insights Network, a consortium through which its 3,000+ customers contribute confirmed fraud outcomes from their own identity decisions in exchange for models trained on the pooled result. The result is outcome-labelled, identity-level feedback tied to specific PII/device combinations, across banking, fintech, gaming, payroll and government. This data when used for training identity fraud models can be significantly more powerful than the thousands of anonymous device signals on which legacy stacks rely.
We believe that this is the underpinning of Socure’s performance claims on things like synthetic fraud capture (detection of a fraudster using fragments of real data to assemble a fictitious person) and thin-file Gen Z verification rates (instances where credit bureau data is limited and hence risk of false positives is high).
One platform beats a stitched portfolio
LexisNexis Risk started with its identity records core by acquiring ChoicePoint in 2008 and has formed its full product suite through further acquisitions of ThreatMetrix (Feb-18), Emailage (Feb-20), RiskNarrative (Jul-21), BehavioSec (May-22) and IDVerse (Dec 24). While each of these were best-in-class point solutions in their own right, stitching separately built products into one decision flow carries a structural cost where every hop across the portfolio adds latency and complexity.
Socure has been mainly built organically around its core decisioning platform (RiskOS), with a couple of smaller acquisitions for document verification (Berbix, Jun-23) and transaction monitoring (Effectiv, Dec-24) which were integrated into the common API. This has resulted in a native platform which can return one decision from one call in ~150 milliseconds. This low latency performance can be critical for customers in a market where onboarding friction is measurable lost revenue.
Other competitors like Persona have tackled the problem from the orchestration layer instead, offering customers best of breed choice on other parts of the stack. The open question is whether buyers under attack actually want that flexibility, or simply the best model at the lowest latency; the revenue trajectories so far suggest the latter.
Share-optimised beats margin-optimised
The GenAI disruption has given the vertical classic innovator's-dilemma dynamics. As part of RELX, a FTSE-100 conglomerate managed for steady compounding, LexisNexis Risk runs at 35%+ operating margins which need to be maintained and which throttle how aggressively it can spend into a disruption. When the market is being disrupted there can also be a challenge in terms of attracting talent over high-growth start-ups offering rapidly appreciating equity. This is also the case for other longer-standing players like GBG and Mitek.
By contrast the challengers like Socure, Persona and Sumsub have spent a decade of venture capital over-investing in model R&D. When the GenAI threat wave forced every institution to re-run its vendor evaluation, the businesses built for share won the evaluations. With Socure now leading the US market, scale itself becomes the advantage: every incremental dollar of revenue funds model R&D the smaller players cannot match, while the incumbents' margin commitments cap theirs.
Fintech-native distribution migrated upmarket
Two sales motions coexist in this market, which have been built for different eras. The established players sell through long enterprise procurement cycles into the customer base their data heritage created: tier-1 global banks, insurers, telecoms and government agencies, with contracts often embedded alongside wider records and analytics relationships.
The challengers were built API-first, landing with fintechs, neobanks, crypto exchanges and marketplaces when those customers were small and underserved, growing as they grew, and then using those deployments as references to move upmarket. Sumsub built its book this way in crypto, gaming and payments, verticals the incumbents barely served, while Persona grew with developer-led fintechs and marketplaces.
Socure is the furthest through the migration: its disclosed customer list now spans Coinbase, Uber, Robinhood and Western Union alongside 18 of the top 20 US banks and more than 27 state and federal agencies. The consistent pattern is that the challengers won the customer segments that did not exist when the incumbents' sales motions were designed, and those segments are where financial services growth now lives.
Speed as culture
The two generations of vendor also optimised for different objective functions. The established players built for coverage, certification and enterprise process, reflecting the procurement requirements of the regulated institutions they grew up serving. The challengers, selling to fintechs and platforms whose economics depend on conversion, optimised for auto-approval rates and sub-second latency instead.
Socure is the clearest example, deprioritising independent certifications such as ISO 30107-3 liveness testing in favour of decision speed, a choice Gartner explicitly criticised in its 2024 assessment. In a rising-fraud environment the first posture sounds safer; in a market where every second of onboarding friction is measurable lost revenue, buyers have rewarded the second. The trade-off is real, and light credentialing remains a genuine handicap in government and some regulated procurement, but the revenue numbers suggest the market has voted.
The counterpoints worth taking seriously
The first is geography. The five dynamics described above are strongest, and in some cases only valid, in the United States. Outside the US, Socure's consortium is thin and its document coverage is North American, while LexisNexis's global data assets and regulatory relationships remain dominant. National eID schemes and country-level regulation also mean parts of the verification problem in Europe are being absorbed by the state rather than by private vendors. The US is therefore both the challengers' fortress and the boundary of it — although it is also the largest, deepest and most structurally attractive identity market in the world, precisely because it lacks a national identity system.
The second is the orchestration objection. The argument runs that orchestration platforms will commoditise data moats: as it becomes trivial to route verification calls across multiple vendors, the market will reward workflow flexibility over any single proprietary dataset, and the premium for native model performance will compress. But right now our read is that the opposite dynamic is playing out: the decision layer is being absorbed into the full-stack platforms, not abstracted away from them. Buyers under attack from AI-generated fraud appear to want the best model, natively integrated — not a switchboard.
What we are watching
Three things from here. First, disclosure: Socure, the leading private player, has begun publishing quarterly metrics — ARR, bookings, retention — which is the behaviour of a company preparing for public markets, and a listing would give the sector its first true growth benchmark. Second, the deepfake arms race itself: liveness detection is now the fastest-depreciating asset in the stack, and the gap between the best and worst defences is widening every quarter. Third, consolidation: with Visa having taken Featurespace, Entrust having taken Onfido, and LexisNexis having taken IDVerse, the strategic buyers are assembling stacks too — and the remaining independent, full-stack, high-growth assets are becoming scarce.
Institutional investors and strategics who would like to discuss the sector and any potential transaction opportunities within it are welcome to get in touch.
For informational purposes only. Not investment advice or a financial promotion. Private company figures are estimates. Cambio Partners Ltd (Co. No. 16562021) is not authorised or regulated by the FCA.