The mirror test: when identity isn't what it seems

Oct 8 / Leonard Nwogu-Ikojo

How do you spot a fake when it looks flawless? In this fictional case study, a seemingly legitimate passport photo hides a subtle digital clue—a perfectly blurred edge revealing AI manipulation. What began as routine onboarding turns into the discovery of a synthetic identity linked to multiple fraudulent applications. The case highlights how AI-generated IDs challenge traditional verification methods, and why the AMLR now calls for enhanced due diligence and multi-source verification in non-face-to-face onboarding. In today’s landscape, perfection itself can be the biggest red flag.



This article is intended for educational and informational purposes only and does not constitute legal, regulatory, or professional compliance advice. The scenario and recommendations provided are illustrative and may not capture all applicable requirements or risks in specific cases. Readers should follow their organization’s internal policies, data protection requirements, and seek professional advice tailored to their circumstances.

Case snapshot: the blur on the ear

Max was on the final stretch of his daily onboarding queue, with a new retail client file staring back at him. The automated system had given the applicant a provisional green light, with all checks passed and a medium confidence score. The client, a young professional claiming to work in IT consulting, had provided a scanned EU passport and a utility bill.

Everything looked fine. The document was high-resolution, the colors vibrant, and the text crisp.

But as Max zoomed in on the passport photo, a familiar, unsettling feeling crept in. He noticed a faint, symmetrical blur around the edges of the applicant's ear—a digital artifact too neat for a real photograph, as if a perfect cutout had been pasted onto the background.

“AI?” Max muttered to himself, the hairs on his arms standing up.

“An ID that looks okay isn’t always authentic?”, added Ella who was walking by holding up a cup of tea.

"I'll check the customer's address," Marcus chimed in, already typing. The address was real, but his telecom check revealed a more disturbing pattern. The same mobile number was linked to not one, but three other recent applications across different banks, all with different names and addresses.

The puzzle now clicked into a terrifying picture: this wasn't a single fraud attempt. This was a systematic effort to create a network of accounts, with this flawless synthetic identity as the first in a long line.

Regulatory lens: identity under AMLR

  • Under the AMLR, Articles 19 and 22 obliges institutions to apply customer due diligence, including reliable and independent verification of identity.
  • For non-face-to-face onboarding, enhanced measures must be applied to mitigate impersonation and forgery risks.
  • Firms are expected to test the integrity of digital IDs and use multiple independent data sources.
  • The growing threat of AI-generated IDs (deepfake photos, synthetic documents) makes reliance on a single verification tool risky.

Final thought: identity verification in the age of AI.

Fraudsters no longer present crude fakes. They craft identities that seem fine until you pull at the digital threads. It signifies a fundamental shift in how financial criminals operate. In the past, fraudsters relied on crude forgeries—documents with misspellings, poor quality stamps, or inconsistent fonts. These were imperfect and thus, easier for trained human eyes to spot.

Today, with sophisticated AI tools and access to vast data, criminals create synthetic identities that are flawlessly consistent across every data point. The documents are high-resolution, the signatures are perfect, and the information is seamlessly aligned. This very perfection, the lack of human-like flaws or inconsistencies, becomes the red flag. The "problem" is that the identity is too clean, too perfect, and lacks the very imperfections that signal authenticity in the real world.

As compliance professionals, we must understand our role and responsibilities in the bigger picture.

Created with