Key Insights from Identity Week Europe 2025

Experts unpack the evolving threat and champion cross-industry collaboration to build a stronger digital defense.

The digital world, for all its convenience, faces a relentless wave of online fraud. At Identity Week Europe 2025, a compelling panel discussion titled “Balancing Risk vs. Friction vs. Cost for Online Fraud” brought together industry leaders to dissect this complex challenge and explore potential solutions.

Moderated by Matthew Finn, CEO, augmentiq, the panel featured Aditya Kumar (Subject Matter Expert: IoT and IAM, Vodafone IoT), Juan Camilo López (Senior Fraud Data Analyst, N26), Ivan Marjanovic-Zulim (Senior Product Manager for Mobile Identity and RCS/RBM, Deutsche Telekom AG), and Hubert Behaghel (Chief Product and Technology Officer, Veriff).

The discussion quickly established the alarming scale of the problem, with Ivan Marjanovic-Zulim highlighting that 6% of online transactions are fraudulent, a figure growing by a staggering 30% year-on-year. This rising tide necessitates a re-evaluation of current strategies and a concerted effort across industries.

Juan Camilo López from N26 painted a vivid picture of the evolving threat landscape, noting a significant shift towards the full automation of phishing processes. What once took months can now be achieved in minutes with the aid of AI, allowing fraudsters to quickly create and resell sophisticated phishing kits on the dark web. While traditional call-based scams still exist, they are becoming less cost-effective for fraudsters due to the operational overhead.

A more concerning trend, according to López, is the rise of malware, particularly prevalent in the European market. These attacks often begin with a seemingly innocuous SMS, followed by a call instructing victims to download a “security certificate,” exploiting a lack of user awareness about basic digital hygiene. The discussion also underscored the persistent threat of SIM swap fraud, a critical concern as it extends liability beyond banks to other platforms where a user’s compromised identity might lead to losses.

Both López and Aditya Kumar from Vodafone emphasized that the human element remains the weakest link in the security chain. Fraudsters are increasingly employing sophisticated, intelligent attacks, often leveraging AI and Generative AI, making it incredibly difficult even for trained professionals or automated systems to discern legitimate user activity from a phishing attempt. The panelists agreed that beyond financial losses, the erosion of customer trust is the most significant consequence of successful fraud.

The Call for Collaboration: Telcos as the First Line of Defense

A central theme throughout the discussion was the urgent need for greater collaboration between financial institutions, telcos, and technology providers. Ivan Marjanovic-Zulim highlighted the unique position of telcos as the “anchor of the identity of the user” due to their direct access to user information through SIM card registration and network usage. He lamented that restrictive regulations, particularly in the EU, often prevent telcos from utilizing valuable traffic data, such as call patterns, to proactively identify and mitigate fraud, a practice successfully employed in the UK.

Juan Camilo López echoed this sentiment, expressing frustration that despite numerous discussions, a concrete, actionable plan for data sharing across institutions in Europe has yet to materialize. He argued that telcos should establish the “first perimeter” of defense, given their control over network and communication channels. This would involve tackling issues like the hosting of malicious websites and the provision of networks used by fraudsters for their calls, before the onus falls solely on banks to recover lost funds.

Aditya Kumar affirmed Vodafone’s commitment to building this first line of defense through heavy investment in real-time fraud detection using AI and ML models, as well as strict zero-trust security policies. He shared a compelling example of an organization requiring employees to return to office work due to the higher incidence of attacks occurring on less secure home networks, illustrating the pervasive nature of the threat.

The panel also explored whether the future of verification lies outside traditional technological approaches, touching upon concepts like public and private keys and blockchain. While Aditya Kumar acknowledged the ongoing research and development in AI, he also pointed out the inherent challenges of new security measures, such as DigiCert’s reduced certificate validity period which, while limiting exposure to compromised keys, also creates new attack vectors during the renewal process.

Crucially, Juan Camilo López stressed the need for proactive, industry-wide collaboration. He observed that fraudsters possess highly organized networks for sharing tools and strategies, a level of cooperation largely absent among those fighting fraud. He advocated for a pragmatic and easy-to-start platform for sharing analysis and intelligence, lamenting Europe’s slow progress in this area. He also praised the proactive solutions of some neobanks, like Revolut, for their robust platforms enabling reporting of suspicious accounts and transactions.

Bringing a powerful perspective from the solution end, Hubert Behaghel of Veriff emphasized that the focus should be less on just systems and technology, and more on facilitating fundamental conversations and agreements that allow for the mechanical sharing of data. He articulated that the industry often gets bogged down in the intricacies of technology when the more critical first step is simply to establish a shared understanding and the permission to exchange vital information.

Behaghel highlighted how platforms like Veriff are designed to facilitate this mechanical data sharing. He specifically mentioned Veriff’s cross-linking technology, which operates as a “trauma mechanism.” In his analogy, when fraud is detected with one customer, the thousands of data points collected during that session—such as document, device, network, and behavioral indicators—are analyzed. If these data points are associated with fraud, they are amplified into strong signals for subsequent sessions. This allows Veriff to detect anomalies and patterns across devices and networks, even flagging suspicious activity across different industries.

He further explained that Veriff has key performance indicators (KPIs) to measure the lead time it takes to learn a modus operandi (MO) in one industry and propagate that learning to all others. Veriff’s platform also empowers clients to manage their own blacklists, blocking IDs or faces that have previously been associated with risky situations. Behaghel acknowledged that regulation can indeed be a challenge in this context, but he firmly believes that the more centralized, horizontal platform intelligence can be built, the greater the chances of scaling these learnings. He urged the audience to think of Veriff as precisely such a platform, one that can “facilitate some of the learnings to be able to boost and actually band behind the common enemy that we have, which are these extremely creative fraudsters.” He also noted that simply talking about systems and technology wasn’t enough; the real breakthrough would come from a “first conversation, agreement,” and enabling legislation that gives permission for data sharing between entities like Veriff and Deutsche Telekom.

The Path Forward: Dialogue, Technology, and Unified Action

As the discussion concluded, the panelists underscored the importance of continued dialogue and technological advancement. Ivan Marjanovic-Zulim expressed optimism that regulators are increasingly understanding the need to balance regulation with the ability to combat fraud effectively. He noted that Deutsche Telekom is actively engaging with regulators and investing in fast, reliable data acquisition from their networks to provide swift fraud mitigation solutions.

The key takeaways from this insightful panel were clear: the scale of online fraud is immense and growing, driven by automation and sophisticated social engineering. While financial institutions, telcos, and technology providers each have critical roles, true progress hinges on unprecedented levels of collaboration and data sharing. The future of fraud mitigation demands not only advanced technological solutions but also a shift towards proactive, unified action across the industry and, crucially, a more adaptive regulatory environment.