Back to Blog

Selfie Is the New ID: Why Biometrics Must Become Continuous

By Lukas Bayer | September 23, 2025
image text reads: Selfie is the new ID

Every part of our lives runs through digital platforms, and for many people, it has become the bank, the mall, the supermarket, the stockbroker, and even the sportsbook. Most of us don’t even think twice about using our mobile phones for conducting every kind of financial transaction, because we inherently trust them. However, fraudsters have learned how to break it, and that’s become a multibillion-dollar problem.

The rapid adoption of — and improvements in — artificial intelligence have made criminals’ jobs easier. They can create deepfakes that look real, inject fake images into verification systems, and replay stolen videos that fool facial recognition technology. They can launch global attacks, overwhelm defenses built for a slower era, and conduct identity theft on an industrial scale.

The numbers show the shift, and the Federal Trade Commission reported more than 1.1 million cases of identity theft in 2024. European regulators cited biometric spoofing attempts as a growing concern in the rollout of eIDAS 2.0, the regulation requiring high-assurance authentication. Fraud is no longer limited to stolen passwords, and it now includes synthetic identities, digital forgeries, and AI-powered deception.

Legacy methods such as passwords, SMS codes, and even knowledge-based questions cannot keep up. They are fragile, easily stolen, and create friction for real customers trying to recall where they spent their favorite vacation. What is needed is a stronger, simpler way to prove identity again and again.

That solution is already staring us in the face. The humble selfie is the new ID.

The Problem With One-Time Trust

Most businesses apply biometrics only during onboarding. A customer snaps a photo of their ID, such as a driver’s licence, and then takes a selfie. The system compares them and verifies identity. Trust is established once, and that is often the final time this type of verification is done. Fraudsters exploit this gap, because after the account creation, weak credentials often control access. This leaves accounts vulnerable to phishing, credential stuffing, and synthetic fraud.

In one example from 2024, a U.S. fintech reported a surge of attacks using AI-generated voices and faces to bypass password resets. The attackers had no trouble getting past SMS-based two-factor authentication once they were in the system. While the organization’s initial verification process was strong and helped gain users’ trust, it soon became vulnerable to exploits.

This “one-time trust” is no longer enough. Identity verification must be continuous and be as strong on day 100 as the day it’s created.

The Case for End-to-End Biometrics

Biometrics must span the entire customer journey to truly protect both customers and the organizations they transact with, as they can often be left footing the bill for customers’ losses – not to mention the long-term reputational cost that they often suffer. In practical terms, this means:

  • Verification at onboarding: Prove a user’s identity when they initially sign up
  • Authentication for returning users: Confirm that the person coming back is both the same one who enrolled, and is the image is live, not a takeover attack
  • Ongoing protection: Detect deepfakes, injection attacks, and replay attempts throughout the customer lifecycle

Doing all of these creates and reinforces continuous trust, as identity becomes living and ongoing, not static.

The selfie is central to this process. It is intuitive and portable. People know how to take a selfie. They don’t forget it or misplace it. Selfies also have extremely strong liveness detection, making them the most reliable and user-friendly ID available.

Why Technology Choice Matters

Not all biometric systems are created equal. Many providers license or white-label their identity technology, which can limit flexibility and create dependency. When fraud tactics evolve, these providers often struggle to adapt in a timely manner, leaving their customers (and by extension, themselves) vulnerable to new attack vectors.

A purpose-built liveness solution offers several benefits, including:

  • Protection against advanced AI attacks, such as deepfakes or video injection.
  • Control over performance, accuracy, and bias.
  • Rapid innovation, because updates are not tied to third-party vendors.

This level of control matters. One leading LATAM finance startup recently started using advanced liveness detection and is now catching over 30% more sophisticated fraud attempts, including injection attacks and deepfakes.

The Business Case for Continuous Biometrics

Stronger authentication is not only about security. It drives measurable business results for organizations that take these extra steps to protect their customers and themselves.

  • Reduced cost of losses due to fraud: Identity theft losses in the U.S. alone exceeded $43 billion in 2022.
  • Lower customer abandonment: Selfie-based reauthentication is faster than entering passwords or waiting for SMS codes and also deepens customer confidence — 48% of cart abandonment is due to security concerns.
  • Simpler integration: One provider for onboarding and authentication reduces technical debt.
  • Regulatory readiness: PSD2 in Europe and eIDAS 2.0 require strong customer authentication. Brazil’s gaming and financial regulators are already mandating biometric verification.

Real-World Examples of Continuous Trust

Fraud is not theoretical. Attackers are exploiting weak authentication methods across many industries, while companies that extend biometrics beyond onboarding are seeing real benefits. Here are a few examples that show how continuous trust plays out in practice:

  • Crypto exchanges: In 2023, several crypto platforms reported multimillion-dollar losses after account takeover attacks. Criminals used stolen credentials purchased on the dark web and combined them with AI-driven tools to mimic account holders’ photos and voices. Exchanges that relied only on SMS-based two-factor authentication were vulnerable. In contrast, one Asia-based exchange introduced selfie reauthentication at every high-value withdrawal. This cut fraudulent withdrawals by more than half within six months.
  • iGaming and online betting: The iGaming sector has become a prime target for fraudsters who create multiple fake accounts to exploit bonus offers or launder money. Operators that have added biometric reauthentication during login and payouts are able to both comply with regulations and reduce multi-accounting fraud.
  • Marketplaces: Online marketplaces face persistent risks from synthetic sellers. Fraudsters set up accounts with stolen IDs, then vanish after defrauding buyers. A U.S. peer-to-peer marketplace introduced periodic selfie checks tied back to the original onboarding image. The system automatically flagged suspicious profiles where the returning user failed liveness detection. Within months, the platform reduced seller fraud complaints by double digits and improved buyer trust scores.
  • Financial services: Brazilian banks are under pressure from regulators and rising fraud losses, and several institutions responded by requiring biometric reauthentication for high-risk activities like loan applications and password resets. This has helped banks detect synthetic identity schemes, where fraudsters use AI-generated faces to bypass onboarding and then apply for multiple credit lines. Continuous selfie verification created an additional barrier that automated attacks could not easily break.

These examples share a common thread — criminals thrive on weak, one-time authentication. Businesses that make biometrics continuous by placing the selfie at the center of identity can stay ahead of fraud and protect both customers and revenue.

Multi-Layered Defense and Identity Intelligence

Biometrics are powerful, but no single layer is enough. Fraudsters do not rely on one method of attack, and defenders should not rely on one method of defense.

The strongest approach combines:

  • Biometrics: Selfie-based liveness detection and face matching.
  • Device signals: Identifying whether the login device is trusted.
  • Network data: Detecting logins from risky IP addresses or regions.
  • Behavioral intelligence: Tracking how a user interacts with the company over time.
  • Identity Graph: Intelligence gleaned from legitimate and fraudulent interactions.

Combining biometric assurance with broader identity intelligence creates the strongest line of defense. This makes fraud easier to detect, and legitimate users easier to trust.

Looking Ahead

Fraud will continue to evolve. Deepfakes are already available as a service on the dark web and synthetic identities are sold in bulk. Criminals are moving faster than most businesses can react, and companies that treat identity as a static hurdle put themselves and their customers in harm’s way. Those that make biometrics the foundation of digital trust, extend it across every touchpoint, and strengthen it with intelligence from multiple layers will improve their customer retention, minimize financial losses, and maintain the confidence of their shareholders.

The selfie will drive this shift. It is natural, universal, and user-friendly. With the right safeguards, it becomes the most reliable form of digital ID. Organizations that embrace this reality will not only stop fraud but also build trust, reduce friction, and prepare for the future of digital identity.

Now is the time to rethink authentication. Contact us to learn how to put biometrics at the center of your trust strategy.

email

Get the latest updates from the Identity and Beyond blog, delivered to your inbox.

    Yes, I would like to receive periodic updates from the Jumio blog as well as marketing communications regarding Jumio products, services, and events. I can unsubscribe at any time.

    Jumio values your privacy. To learn more, visit our Privacy Statement.