How ID card theft drives fraud attempts in East Africa

The report shows that 24 percent of identity verification attempts in East Africa were rejected for suspected fraud in 2025. Most of the region’s identity verification traffic was from Kenya and Uganda, where national ID cards remain the primary credential used for opening bank accounts and accessing services like mobile money and online government services.

However, it raises concerns that these IDs are not consistently connected to systems that allow fully remote biometric verification in real time, leaving many companies to rely on document-based or hybrid registration of new clients.

Under such systems, users upload photos of their identity documents, which are then manually checked or verified through limited database connectivity, a gap that experts warn fraudsters are exploiting.

“Because these flows rely heavily on documents, document fraud is a common risk,” the 2026 Digital Identity Fraud in Africa report says.

The report analysed insights from more than 200 million identity checks across Africa in 2025. Three in five rejected verification attempts in East Africa are linked to document integrity issues, including portrait anomalies, where fraudsters digitally swap or insert a photograph while keeping the rest of the document intact.

“The most common reason for rejection is portrait anomalies—face swaps or insertions that preserve the document layout. These represent roughly a third of all rejections in the region,” the report says.

Other common tactics include photocopies of identity cards, screen captures of documents, and submissions of non-document images.

Impersonation also accounts for about 33 percent of rejected verification attempts, typically occurring when a live selfie submitted during identity checks does not match the person on the document. This often signals borrowed or stolen IDs.

Biometric spoofing attacks, where fraudsters attempt to defeat liveness detection systems, accounted for about eight percent of rejected attempts. The report, however, notes these attacks are becoming more sophisticated as artificial intelligence tools advance.

“So far, these attacks have been less common in East Africa than in West Africa, but they are growing in frequency and sophistication,” the report says.

Financial services platforms remain among the most exposed sectors. Cryptocurrency services recorded the highest fraud rejection rates in East Africa at 37 percent, followed by digital payment platforms at 35 percent and investment services at 32 percent.

Read: How identity theft racket is trapping Kenyans in tax debt

Infrastructure constraints also contribute to the problem. Many digital platforms must operate in environments with intermittent connectivity, shared mobile devices, and agent-assisted onboarding, which can delay or weaken identity verification checks.

In addition, some financial services that rely on USSD channels or messaging platforms such as WhatsApp limit the consistent use of biometric authentication and increase dependence on document-based verification.

Kenya has seen an increase in identity-related financial crime in recent years. According to the Central Bank of Kenya (CBK), reported fraud cases more than doubled to 353 in 2024 from 173 the previous year, while losses linked to theft of customer deposits rose nearly fourfold to Sh1.59 billion.

Mobile banking was the hardest hit channel, with criminals siphoning off Sh810.68 million, a 344 percent increase from the previous year.
Fraudsters exploit weak verification systems to steal identities, register SIM cards, and access loans or property. They gather personal data and use it to secure credit in victims’ names.

Fast, convenient digital lending platforms are especially vulnerable.

Victims usually discover the fraud only when denied loans, summoned by police, or faced with unexplained debts.

In 2024, for instance, a suspect was convicted of stealing Sh732,033 from recipients of the government-run Inua Jamii stipend program using cloned ATM cards to impersonate beneficiaries.

According to the Smile ID report, fraud attempts are becoming more targeted and sophisticated with AI advancement. Fraudsters are leveraging AI to automate attacks and create highly convincing scams, bypassing traditional security measures.

“The relative percentage of fraud has declined, but with growing volume, the absolute number of fraud attempts continues to increase,” the report says.

Analysts also point to a growing trend of insider collusion, where an authorised insider, such as an employee, works with an external threat actor to compromise an organisation’s data.

“Insiders can alter the backend of a system, duplicate unique target IDs, and transfer them for fraud activities. They can also exploit open ports to steal sensitive data,” Raymond Kamau, a Nairobi-based informatics expert, told the Business Daily.

Experts say strengthening biometric verification systems and improving connectivity to national identity databases will be critical in reducing digital identity fraud as digital banking, fintech, and e-commerce services continue to expand in East Africa.

This connectivity allows multiple organisations to analyse shared data without revealing their proprietary data to one another. It enables all parties to benefit from the shared analysis, such as multiple banks collaborating to identify financial fraud or money laundering.

“Multi-party computation systems help in flagging fraud early, in the case where a bad actor is using identities to perform malicious transactions across different platforms,” said Mr Kamau.

→ [email protected]

Follow our WhatsApp channel for the latest business and markets updates.