Listen to this article in summarized format
×
Subscribe to
Unlock AI Briefing and Premium Content
New Year Offer 24 Hours Left
Subscribe NowAlready a member? Sign In
What's Included
- Exclusive Stories
- Daily ePaper Access
- Smart Market Tools
- Curated Investment Ideas
- Ad-lite Experience
Subscription
Know Your Customer (KYC) and other identity frameworks have enabled India’s digital economy to grow quickly, but with the rise of complex, artificial intelligence (AI)-powered fraud, simply knowing someone’s identity is no longer enough to predict their behaviour. Trust is no longer a single check but an ongoing, data-driven operation in this changing environment. Ashok Hariharan, CEO of identity verification firm IDfy, in an interview with The Economic Times Digital, shares how the company is transforming the concept of trust into a dynamic, context-sensitive layer that spans the entire user lifecycle. Edited excerpts.
The Economic Times (ET): Identity is just the first layer of trust. How is IDfy redefining trust beyond traditional KYC in today’s digital ecosystem?
Ashok Hariharan (AH): Identity just answers “Who are you?”, which is the first step. But it does not answer, “How do you behave?” or “What are your potential motivations and what risks do you carry?” and most importantly,” Can you be trusted at this moment and over time?”
IDfy is expanding the “trust” from static identity verification to continuous, context-driven trust intelligence. Instead of a one-time KYC check, we evaluate over 500 risk signals across the entire user lifecycle during onboarding, transactions, and ongoing engagement.
ET: If KYC fraud has largely been solved, where exactly is fraud shifting today, and how are businesses underestimating these new risks?
AH: KYC fraud has not been solved; it has evolved faster than most people realise. What is happening now is categorically different. We are tracking a 98% spike in tampered identity documents, a 71% rise in third-party prompting for mule accounts, and a 60% jump in fraudulent V-KYC profiles over the past two quarters alone. These are not isolated data points; they are signals of a systemic shift.
Fraudsters are early adopters of technology. Driven by AI, fraud has gone professional. Fraud-as-a-Service is a real economy now, complete with organised networks that manufacture synthetic identities, procure mule accounts on demand, and deploy deepfakes at scale.
Most businesses, on the other hand, are laggards in technology adoption. They are over-indexed on fraud prevention at onboarding, underestimating the dynamic and evolving nature of fraud and the need for continuous monitoring and alternate risk signals.
ET: Many companies still focus heavily on onboarding. How important is post-onboarding monitoring in preventing fraud, and where are most companies falling short?
AH: Treating onboarding as the finish line is a massive blind spot for businesses today. Getting a user through the door is just step one; the real vulnerability lies in what they do once they are inside. Fraudsters know exactly how to pass KYC. They establish clean “sleeper” accounts and wait months before activating them for coordinated fraud or money laundering.
Post-onboarding monitoring is absolutely critical because trust cannot be a one-time stamp; it must be a dynamic, ongoing state. Most companies fall short by relying entirely on static, point-in-time approvals, completely failing to track behavioural shifts, sudden device anomalies, or uncharacteristic transaction spikes. To truly protect their digital ecosystems, businesses must transition from a “check and forget” mindset to continuous, real-time risk intelligence across the entire user lifecycle.
The problem is not intent. Most institutions genuinely want to monitor. The problem is infrastructure, static KYC systems that were not built for continuous intelligence. Re-KYC happens once every few years, not in response to real-world signals. The question is not whether you can afford continuous monitoring. It is whether you can afford not to have it.
ET: With fraudsters increasingly using AI, how is IDfy leveraging AI to stay ahead, and what signals matter most in detecting emerging fraud patterns?
AH: The reality is that fraudsters have weaponised AI to scale deepfakes, fabricate documents, and automate attacks, so the only way to survive is to use AI to catch AI. At IDfy, we realised early on that surface-level automation was not enough, which is why we built our foundational AI models in-house to analyse deep behavioural intelligence rather than just verifying a static document.
Here is a concrete example. Our internal data flagged J&K’s Budgam and Pulwama districts as high-risk in Q4 FY25. Cyber Police Kashmir held a press conference in April 2025, disclosing 7,200 mule accounts, a full quarter after our flag. In Malappuram, Nuh in Haryana, the migration of the Jamtara ring to Deoghar and Hazaribagh, we identified each of these 1-2 quarters before enforcement action or public disclosure. Almost 85-90% of our flagged districts were independently confirmed via I4C/MHA data in the same or following quarter.
Our intelligence layer is built specifically on the Indian context, identity documents, UPI (Unified Payments Interface) and bank data from over 1,000 banks, PII models trained on real Indian data. Generic global fraud models miss India entirely. The nuances of how a UPI narration string encodes transaction type, the formatting that tells of a tampered SBI statement, and the face-match patterns specific to deepfake injection in low-bandwidth V-KYC sessions require purpose-built models. That is our moat.
ET: You work across banks, fintechs, and gig platforms. How does risk assessment differ across these sectors, and why can’t a one-size-fits-all approach work?
AH: The fraud attack surface looks completely different depending on who you are and who your customer is. A bank doing savings account onboarding is primarily worried about mule accounts and synthetic identities. The fraud here is structural and network-driven. An NBFC doing digital lending has income inflation as its existential threat; borrowers running P2P transfers through related accounts to manufacture a salary history that does not exist. For a gig platform, the question is entirely different: is this person who they say they are, and are they safe to put in someone's home or behind a delivery vehicle?
The risk signals that matter for each are fundamentally different. For a bank, geographic risk clustering and third-party prompting patterns at V-KYC are lead indicators. For a lender, salary fraud detection, our AI decodes narration across over 1,000 bank statement formats of Indian banks with 98% accuracy to distinguish genuine salary credits from circular transfers, which is mission critical. For a gig platform, criminal history checks, FIRs, KYC verification, and employment background screening are of foremost importance.
A one-size-fits-all approach does not fail at the edges. It fails at the core because it forces a mismatch between the actual threat model and the detection architecture. That is why we have built persona-specific risk configurations within a unified stack, the same infrastructure, and context-aware decisioning.
ET: With the DPDP coming into force, how is IDfy embedding privacy and consent into its products while still enabling real-time fraud detection?
AH: At IDfy, we think this is the wrong way to frame the problem. This is not about balancing privacy and fraud; it is about redesigning systems, so both become stronger together.
What we are seeing on the ground is that consent alone is not enough. The shift is toward full-stack data governance, where every data point is purpose-bound, traceable, and enforceable in real time.
At IDfy privacy is embedded at the data layer, not just the interface; consent is machine-readable and actionable, not static and fraud systems operate within governed, policy-driven environments.
With Privy, we are extending our real-time decision-making strengths to ensure every decision is not just fast, but compliant, explainable, and defensible by design. From where we stand, working on some of the earliest DPDP implementations in the country, this is not a compliance exercise. It is a data transformation moment.
ET: IDfy is positioning itself as a “Unified Trust Stack” player. How does that translate into revenue today? What was your revenue for fiscal FY25, and what was your estimated revenue in FY26?
AH: The “Unified Trust Stack” isn’t just a positioning statement; it’s our foundational strategy. We are moving away from point solutions to platform solutions, enabling fraud prevention and risk management across the lifecycle of a customer. This has enabled us to grow consistently at about 30% in recent years.
ET: With the recent Rs 476 crore Series F raise, what are the top three growth bets you are deploying capital into? Is the focus more on product depth, geographic expansion, or aggressive enterprise sales?
AH: The fundraiser will help us in strengthening our trust infrastructure, driven by innovation, inorganic growth and international expansion.
First, we are deepening product innovation within our TrustStack to combat escalating global AI-driven fraud. Second, focusing on strategic acquisitions to consolidate the fragmented trust-tech ecosystem. Third, expanding our footprint in international markets across Southeast Asia and the Middle East.
ET: Fraud detection and underwriting are traditionally cost centres. How are you positioning IDfy as a revenue enabler for clients rather than just a compliance layer?
AH: If you treat fraud detection and underwriting as cost centres, you either leave revenue on the table or pay for it later through elevated NPAs (non-performing assets) or worse, both.
At IDfy, we shift the lens from cost to value, treating them as revenue enablers by directly impacting both sides of the P&L, growth, and risk. On the growth side, IDfy improves conversion by enabling fraud-free, low-friction onboarding, and on the risk side, IDfy’s real-time risk intelligence allows for better underwriting decisions.
ET: As you expand across South and Southeast Asia, what does your international revenue contribution look like today, and what is the target over the next 2-3 years?
AH: While we are actively scaling our presence across Southeast Asia and the Middle East, our foundational mission has been solving for the sheer scale and complexity of the ‘India Stack’ and ‘Bharat’. While currently less than one-fifth of our revenue comes from international markets, the contribution is expected to increase to a quarter of our business in the near term, driven by international expansion but accompanied by strong domestic growth as well.
The Economic Times (ET): Identity is just the first layer of trust. How is IDfy redefining trust beyond traditional KYC in today’s digital ecosystem?
Ashok Hariharan (AH): Identity just answers “Who are you?”, which is the first step. But it does not answer, “How do you behave?” or “What are your potential motivations and what risks do you carry?” and most importantly,” Can you be trusted at this moment and over time?”
IDfy is expanding the “trust” from static identity verification to continuous, context-driven trust intelligence. Instead of a one-time KYC check, we evaluate over 500 risk signals across the entire user lifecycle during onboarding, transactions, and ongoing engagement.
ET: If KYC fraud has largely been solved, where exactly is fraud shifting today, and how are businesses underestimating these new risks?
AH: KYC fraud has not been solved; it has evolved faster than most people realise. What is happening now is categorically different. We are tracking a 98% spike in tampered identity documents, a 71% rise in third-party prompting for mule accounts, and a 60% jump in fraudulent V-KYC profiles over the past two quarters alone. These are not isolated data points; they are signals of a systemic shift.
Fraudsters are early adopters of technology. Driven by AI, fraud has gone professional. Fraud-as-a-Service is a real economy now, complete with organised networks that manufacture synthetic identities, procure mule accounts on demand, and deploy deepfakes at scale.
Most businesses, on the other hand, are laggards in technology adoption. They are over-indexed on fraud prevention at onboarding, underestimating the dynamic and evolving nature of fraud and the need for continuous monitoring and alternate risk signals.
ET: Many companies still focus heavily on onboarding. How important is post-onboarding monitoring in preventing fraud, and where are most companies falling short?
AH: Treating onboarding as the finish line is a massive blind spot for businesses today. Getting a user through the door is just step one; the real vulnerability lies in what they do once they are inside. Fraudsters know exactly how to pass KYC. They establish clean “sleeper” accounts and wait months before activating them for coordinated fraud or money laundering.
Post-onboarding monitoring is absolutely critical because trust cannot be a one-time stamp; it must be a dynamic, ongoing state. Most companies fall short by relying entirely on static, point-in-time approvals, completely failing to track behavioural shifts, sudden device anomalies, or uncharacteristic transaction spikes. To truly protect their digital ecosystems, businesses must transition from a “check and forget” mindset to continuous, real-time risk intelligence across the entire user lifecycle.
The problem is not intent. Most institutions genuinely want to monitor. The problem is infrastructure, static KYC systems that were not built for continuous intelligence. Re-KYC happens once every few years, not in response to real-world signals. The question is not whether you can afford continuous monitoring. It is whether you can afford not to have it.
ET: With fraudsters increasingly using AI, how is IDfy leveraging AI to stay ahead, and what signals matter most in detecting emerging fraud patterns?
AH: The reality is that fraudsters have weaponised AI to scale deepfakes, fabricate documents, and automate attacks, so the only way to survive is to use AI to catch AI. At IDfy, we realised early on that surface-level automation was not enough, which is why we built our foundational AI models in-house to analyse deep behavioural intelligence rather than just verifying a static document.
Here is a concrete example. Our internal data flagged J&K’s Budgam and Pulwama districts as high-risk in Q4 FY25. Cyber Police Kashmir held a press conference in April 2025, disclosing 7,200 mule accounts, a full quarter after our flag. In Malappuram, Nuh in Haryana, the migration of the Jamtara ring to Deoghar and Hazaribagh, we identified each of these 1-2 quarters before enforcement action or public disclosure. Almost 85-90% of our flagged districts were independently confirmed via I4C/MHA data in the same or following quarter.
Our intelligence layer is built specifically on the Indian context, identity documents, UPI (Unified Payments Interface) and bank data from over 1,000 banks, PII models trained on real Indian data. Generic global fraud models miss India entirely. The nuances of how a UPI narration string encodes transaction type, the formatting that tells of a tampered SBI statement, and the face-match patterns specific to deepfake injection in low-bandwidth V-KYC sessions require purpose-built models. That is our moat.
ET: You work across banks, fintechs, and gig platforms. How does risk assessment differ across these sectors, and why can’t a one-size-fits-all approach work?
AH: The fraud attack surface looks completely different depending on who you are and who your customer is. A bank doing savings account onboarding is primarily worried about mule accounts and synthetic identities. The fraud here is structural and network-driven. An NBFC doing digital lending has income inflation as its existential threat; borrowers running P2P transfers through related accounts to manufacture a salary history that does not exist. For a gig platform, the question is entirely different: is this person who they say they are, and are they safe to put in someone's home or behind a delivery vehicle?
The risk signals that matter for each are fundamentally different. For a bank, geographic risk clustering and third-party prompting patterns at V-KYC are lead indicators. For a lender, salary fraud detection, our AI decodes narration across over 1,000 bank statement formats of Indian banks with 98% accuracy to distinguish genuine salary credits from circular transfers, which is mission critical. For a gig platform, criminal history checks, FIRs, KYC verification, and employment background screening are of foremost importance.
A one-size-fits-all approach does not fail at the edges. It fails at the core because it forces a mismatch between the actual threat model and the detection architecture. That is why we have built persona-specific risk configurations within a unified stack, the same infrastructure, and context-aware decisioning.
ET: With the DPDP coming into force, how is IDfy embedding privacy and consent into its products while still enabling real-time fraud detection?
AH: At IDfy, we think this is the wrong way to frame the problem. This is not about balancing privacy and fraud; it is about redesigning systems, so both become stronger together.
What we are seeing on the ground is that consent alone is not enough. The shift is toward full-stack data governance, where every data point is purpose-bound, traceable, and enforceable in real time.
At IDfy privacy is embedded at the data layer, not just the interface; consent is machine-readable and actionable, not static and fraud systems operate within governed, policy-driven environments.
With Privy, we are extending our real-time decision-making strengths to ensure every decision is not just fast, but compliant, explainable, and defensible by design. From where we stand, working on some of the earliest DPDP implementations in the country, this is not a compliance exercise. It is a data transformation moment.
ET: IDfy is positioning itself as a “Unified Trust Stack” player. How does that translate into revenue today? What was your revenue for fiscal FY25, and what was your estimated revenue in FY26?
AH: The “Unified Trust Stack” isn’t just a positioning statement; it’s our foundational strategy. We are moving away from point solutions to platform solutions, enabling fraud prevention and risk management across the lifecycle of a customer. This has enabled us to grow consistently at about 30% in recent years.
ET: With the recent Rs 476 crore Series F raise, what are the top three growth bets you are deploying capital into? Is the focus more on product depth, geographic expansion, or aggressive enterprise sales?
AH: The fundraiser will help us in strengthening our trust infrastructure, driven by innovation, inorganic growth and international expansion.
First, we are deepening product innovation within our TrustStack to combat escalating global AI-driven fraud. Second, focusing on strategic acquisitions to consolidate the fragmented trust-tech ecosystem. Third, expanding our footprint in international markets across Southeast Asia and the Middle East.
ET: Fraud detection and underwriting are traditionally cost centres. How are you positioning IDfy as a revenue enabler for clients rather than just a compliance layer?
AH: If you treat fraud detection and underwriting as cost centres, you either leave revenue on the table or pay for it later through elevated NPAs (non-performing assets) or worse, both.
At IDfy, we shift the lens from cost to value, treating them as revenue enablers by directly impacting both sides of the P&L, growth, and risk. On the growth side, IDfy improves conversion by enabling fraud-free, low-friction onboarding, and on the risk side, IDfy’s real-time risk intelligence allows for better underwriting decisions.
ET: As you expand across South and Southeast Asia, what does your international revenue contribution look like today, and what is the target over the next 2-3 years?
AH: While we are actively scaling our presence across Southeast Asia and the Middle East, our foundational mission has been solving for the sheer scale and complexity of the ‘India Stack’ and ‘Bharat’. While currently less than one-fifth of our revenue comes from international markets, the contribution is expected to increase to a quarter of our business in the near term, driven by international expansion but accompanied by strong domestic growth as well.
Add 
as a Reliable and Trusted News Source
as a Reliable and Trusted News Source
Add Now!
ETPrime Membership
