How AI and lifecycle-based identity strategies reshape security, fraud defense, and trust across digital ecosystems.
Greg, you’ve had a front-row seat to the evolution of identity and payments across industries. What initially drew you to this space, and how has your view on identity shifted over the years?
I have been interested in cybersecurity from the very beginning of my career in technology – even before that. I remember being fascinated learning about the elegant mathematics behind cryptography as a university student studying computer engineering. When choosing to enter the workforce, I understood the impact cybersecurity had on everyone’s lives. As a young engineer, I wanted to build things that mattered and that could make a meaningful impact, and choosing cybersecurity offered that.
In the years that followed, cybersecurity has only grown in importance as our lives have become even more digital. Identity has evolved into the foundational capability that allows people to transact securely, consume services (both digital and physical), and even to freely travel and cross borders. Digital identity has become, at the same time, the central threat target and a powerful technology that protects privacy and safety and enables people to conduct business and live their modern lives.
AI-powered fraud has advanced rapidly—from deepfakes to synthetic IDs. What recent developments stand out as especially dangerous or disruptive?
Fraud is becoming a scaled, organized business, with generative AI being used to increase both the speed and scale of attacks. AI has also signalled a digital shift in fraud tactics. While stolen credentials remain a prevalent attack strategy, today’s bad actors have advanced, manufacturing entire identities rather than simply stealing them. In fact, recent Entrust data found that digital document forgeries – typically created with generative AI – increased 244% in the past year.
We’re now seeing entire fraud ecosystems built around plug-and-play kits and Telegram groups. How has the accessibility of fraud-as-a-service changed the landscape for businesses trying to stay secure?
Fraud-as-a-service has dramatically lowered the barrier to entry for would-be attackers. Sophisticated kits, guides, and stolen data are now just a few clicks away in Telegram groups and darknet marketplaces. This means even amateur fraudsters can launch complex attacks using deepfake technology, synthetic identities, and account takeover tactics. The impact on businesses is significant — fraud is no longer sporadic; it’s professionalized and constant. Organizations now face a dual challenge: defending against both seasoned cybercriminals and a growing wave of amateur attackers armed with powerful tools. An increase in sophisticated fraud demands more sophisticated approaches to identity from organizations in response.
Many organizations are still relying on identity frameworks built for a much simpler era. What are the real-world consequences of continuing to operate with legacy approaches in today’s environment?
Legacy identity systems weren’t designed for today’s threat landscape, which is dominated by deepfakes, synthetic identity and fraud-as-a-service models. Relying on outdated frameworks leaves organizations vulnerable not only to breaches but also to a steady erosion of customer trust. The financial cost can be devastating as well, with identity fraud costing organizations an average of $7 million per year globally, according to Entrust. There is a gap between how fast fraud is evolving and how slowly some systems are modernizing that must be closed. Without a dynamic, integrated identity strategy, businesses are effectively leaving the front door open for fraudsters.
Entrust focuses on securing identity across the entire customer journey. What does a lifecycle-based identity strategy actually entail in practice?
A lifecycle-based identity strategy means embedding and maintaining security and trust throughout the entire user journey. This starts with advanced identity verification at onboarding, using AI-powered document checks, biometrics, and real-time data validation. From there, it extends to continuous access management, ensuring that only the right individuals can access the resources they need through biometrics, passkeys, and step-up protocols that respond in real time to contextual risk. Behind the scenes, orchestration connects all these layers — enabling automation, compliance, and scalability. When identity is embedded across these moments, it creates a security posture that is both invisible to users and intolerant of threats, driving trust without disruption.
Point solutions once worked well enough, but now they’re increasingly seen as a liability. Where do these tools fall short, and how can businesses transition to something more integrated?
Legacy, point-based solutions were built for a time when fraud was more contained and identities were easier to verify. But as customer interactions have shifted to digital-first and fraud has become more dynamic and AI-driven, those standalone tools are no longer enough. As digital interactions have become more complex, isolated tools can’t keep up with the speed or scale of modern threats. Businesses must rethink identity as an ongoing journey rather than a single checkpoint. That starts by replacing fragmented tools with orchestrated, AI-driven systems that secure every stage of the customer lifecycle—from onboarding and authentication to access management and fraud detection.
Machine identities are becoming just as critical as human ones. How does this shift affect how we think about authentication, risk, and trust?
Machine identities currently outpace the human workforce by 45 to 1, generating a large attack surface that leaves organizations vulnerable to cyberattacks. As APIs, bots, and automated workflows proliferate, the need to authenticate and manage non-human identities has become more urgent than ever. Unlike human users, machines don’t have faces or fingerprints. Their trust must be established through cryptographic keys, certificates and robust policy management. Failure to manage these digital assets and secure machine identities can open the door to lateral movement in attacks, data exfiltration, and service disruption.
Emotionally manipulative fraud—enabled by AI—is becoming harder to detect with traditional tools. What kind of response infrastructure do companies need to keep pace with these threats?
One of the key challenges when it comes to AI and fraud is determining the use of AI. This makes it difficult to grasp the full scale of the problem and measure the threat, especially when dealing with social engineering and phishing scams, which often use emotional manipulation to trick victims into sharing sensitive information.
A Zero Trust approach is essential to effectively keep pace with these threats. Under this strategy, no user or device is inherently trusted, and all users must be verified, authorized and continuously validated. A successful approach includes robust identity and access management controls, such as phishing-resistant multi-factor authentication, alongside the use of public key infrastructure to verify and encrypt communications. These AI-powered identity-centric solutions will help defend against cyberattacks, minimize the insider threat and quarantine compromised systems if an attack does occur.
As the lines blur between physical and digital identity, where are you seeing the most momentum or innovation—biometrics, behavioral signals, or something else entirely?
Biometrics are driving a lot of momentum in digital identity. As the lines between physical and digital identity continue to blur, biometric verification is emerging as a powerful and competitive force for enhancing security and user experience. By leveraging physical traits such as face, voice, of fingerprint patterns, biometrics enable individuals prove their identity remotely with accuracy and ease.
However, in the age of AI-assisted fraud and sophisticated tactics, liveness detection has become essential. It helps to ensure that the person verifying their identity is physically present, strengthening fraud defences against 2D or 3D masks, photos of a photo, video of a video, and other advanced attacks such as deepfakes.
Industries such as financial services, digital banking, and online marketplaces are leading the way in adopting these technologies, where verifying both identity and presence is critical for security and compliance.
The next wave of innovation will be about applying this to other moments across the customer lifecycle, for fast and secure authentication to detect and defend against threats such as account takeovers and phishing campaigns.
What are your key predictions for the identity space, and what should security leaders be prioritizing right now to stay ahead of emerging threats?
AI will continue to shape both sides of the identity equation. On one side, bad actors will increasingly use generative AI to create realistic deepfakes, spoof voices, and automate fraud. On the other, security leaders must lean into applied AI to detect threats, streamline identity verification, and personalize authentication. The organizations that win in this space will be the ones that treat identity not just as a security requirement, but as a strategic differentiator. They’ll prioritize lifecycle-based strategies, AI-powered orchestration, and compliance-readiness — all while maintaining user experience as a core pillar.
