Shufti's Deepfake Fraud Index landed this week with a number built for LinkedIn: document deepfakes are projected to grow nearly 3,900 percent this year. Or rather, that is the annualized extrapolation from five months of data. By the time you read this, forty people in identity and fraud will have posted the round number with a lightning bolt emoji and a line about how "the game has changed."
The game has not changed. The denominator did.
A growth rate that steep almost always means the starting point was tiny and the tooling got cheap. It is the kind of statistic that is technically true and operationally useless, the fraud equivalent of telling someone their commute got "200 percent more dangerous" because they switched from walking to a unicycle. Impressive on a slide. Not something you can build a roadmap around.
So set the scary number down and look at the boring one buried three paragraphs later in the same report. Shufti's own data ranks synthetic identities, personas built from scratch with no real person behind them, as the largest single category of AI-driven identity fraud last year, and they are still climbing. Nobody is racing to post that stat. It does not have a percentage sign dramatic enough to trend. It is also the one that should actually worry you.
A deepfake is a lie about someone who exists. A synthetic identity is a lie about someone who never did.
The first is Photoshop with better lighting. The second is Frankenstein's monster: a real Social Security number stitched to a fabricated birth date, wearing a face that was generated, not stolen, moving through your onboarding flow with no actual victim anywhere to file a complaint. Nobody is calling the bank confused about a fraudulent charge, because nobody exists to make that call. The monster does not need to escape the lab. It just needs a checking account.
This is where the deepfake panic quietly misdirects the entire industry. Catching a deepfake is fundamentally a forensics problem: is this pixel pattern consistent with a real capture, does this voice have the micro-artifacts of synthesis, does this document's metadata line up. It is a race between generators and detectors, and it will always be a race, because somewhere a well-funded lab is training the next model on exactly the weaknesses your last model caught.
You can win individual rounds. You cannot win the format.
Synthetic identity is a different kind of problem, and a more useful one to lose sleep over, because it is not really a detection problem at all. There is no single frame to forensically examine. There is no original photo to compare against, because there was never an original. What you are being asked to answer is a much older and much less glamorous question: does this identity have a past. Does it have the kind of boring, inconsistent, real-world texture that fabricated personas are bad at faking, credit history with gaps in it, a utility bill from three years ago, a pattern of behavior that predates the account you are looking at right now. That is not a model you fine-tune. That is a product you design, deliberately, across every system that touches the applicant, from the first form field to the account that opens six months later.
The 3,900 percent statistic measures how good the counterfeiters got. It says nothing about how good your institution is at asking whether the person in front of you has a history longer than the transaction. One of those is an arms race you are guaranteed to be perpetually one model behind on. The other is architecture, and architecture, unlike a detection model, does not go stale the moment someone trains around it.
So by all means, notice the deepfake number. It is a real trend and a real threat, and layered detection still matters. But the institutions that get hurt worst this year will not be the ones that lost a forensics arms race. They will be the ones that spent all their attention on the number designed to be quoted, and never got around to asking the much duller question buried underneath it: not "is this face real," but "does this identity have anywhere it came from."
Shyam Menon is a product leader specializing in fraud and identity in financial services. This is one of a series of framework posts on how to think about fraud prevention, identity, and AI products in regulated industries. He writes at shyammenon.com.