Fraud in Brazil: Why It’s So High (and How to Truly Stop It)

Key takeaways
 

Brazil is one of the most digitalized countries in the world, and at the same time, one of the hardest hit by identity fraud, with attempts surpassing 1.9 million in just the first three months of 2025.

Cell phone theft, fragmented civil identity, and weak consent controls make the country fertile ground for organized crime.

Traditional verification approaches, based on human review or one-off biometric checks, no longer work against deepfakes, impersonations, and systemic frauds like the INSS case.

The only effective strategy is a defense-in-depth framework that combines document verification, advanced biometrics, continuous monitoring, and traceable consent—backed by public-private cooperation.

Brazil lives in a paradox: it is one of the most digitalized countries in the world, but also one of the most vulnerable to identity fraud. For context, in the first quarter of 2025 alone, there were nearly 1.9 million attempted banking frauds, the highest figure since fraud monitoring began in 2023.

But that’s not the only concern. By February 2025, there was an attack every 2.2 seconds, representing an increase of nearly 40% compared to the previous year. In August 2025, the ANPD (Autoridade Nacional de Proteção de Dados) recorded more than 250 data breach incidents, while stolen passwords surged 160% year-over-year.

Identity fraud in Brazil isn’t an accident—it’s a profitable business. Criminal organizations mix physical theft, social engineering, artificial intelligence, and regulatory loopholes to run large-scale fraudulent operations.

In this article, we’ll explain how to stop identity fraud in Brazil and reduce its impact, so it doesn’t become a structural cost for organizations operating in the country.

Anatomy of the Problem: Why Brazil Is Fertile Ground

Five key factors make Brazil a hotbed for identity fraud:

• Hyper-digitalization and mobile economy. Over 200 million Brazilians have internet access, and platforms like Pix (a payment system created by the Central Bank of Brazil) are constantly exploited by fraudsters.
• Crime goes digital. From physical to online. Mobile phone theft (affecting 1 in 10 Brazilians) is the gateway to financial fraud: low risk, high reward.
• Fragmented identity. Brazil’s traditional ID (Registro Geral, RG) has historically been fragile, and scammers have taken advantage. Recently, a judge was discovered who for 45 years pretended to be a descendant of English nobility.
• Weak data and consent controls. A fraud scheme against over 4 million retirees through the National Social Security Institute (INSS) defrauded nearly R$6.3 billion. In July 2025, the STF (Supreme Federal Court) approved a reimbursement plan, and since May it has been mandatory to use biometrics to unlock payroll loans.
• Low digital literacy. Fraud kits (fake documents and selfies) are widely available. Combined with AI tools and the surge of deepfakes, this puts digitally vulnerable populations at serious risk.

From Cell Phone Theft to Identity Fraud: The Criminal Value Chain

In Brazil, a simple stolen phone can spark large-scale fraud. The country is a global leader in this type of theft: 1 in 10 Brazilians falls victim each year, and stolen devices rarely reappear in resale markets. Criminals want the data and access inside the phone.

What seems like a minor event becomes the entry point for identity and financial fraud:

1. Physical theft of the phone. Usually happens on the street. Gangs often work “on demand,” targeting victims by socioeconomic profile.
2. Initial access to the digital ecosystem. Attackers unlock devices (via social engineering, weak passwords, or direct extortion). This gives them access to messaging apps, banking, and digital wallets.
3. Account takeover. Criminals now control the victim’s accounts, enabling multiple fraud types:
   • Resetting passwords via SMS or email—commonly leading to SIM swap attacks, a major problem in Brazil.
   • Intercepting two-factor authentication (2FA) codes.
   • Hijacking WhatsApp, social media, Telegram, and email to scam contacts and expand fraud.
4. Fraudulent onboarding and impersonation. Photos, AI-generated deepfakes, or forged documents let criminals open new bank or fintech accounts, taking out loans in the victim’s name.
5. Quick monetization. With phone access, criminals rapidly cash out via:
   • Instant Pix transfers.
   • Small loans.
   • Online purchases.
   • Selling data on the dark web.
6. Laundering and scaling. Funds are moved through “money mules,” fintechs, or investment schemes. Between 2020–2024, a PCC-linked network laundered over R$52 billion this way.

The Criminal Equation: Low Risk, High Reward

Each link in the chain multiplies the value of the original theft. For victims, regaining account access can take weeks, but for criminals, the payoff is instant. A mid-range phone worth $500 can generate thousands in loans and transactions. Meanwhile, chances of arrest remain slim: police prioritize violent crime over digital fraud.

Impact on Financial Institutions and Fintechs

Fraud impacts banks and fintechs across three dimensions:

• Direct financial cost: fraud losses, chargebacks, unpaid loans.
• Reputational cost: user distrust in financial and e-commerce apps.
• Operational cost: customer support, legal disputes, recovery processes.

On top of this, fines from the Central Bank of Brazil or ANPD may apply if proper fraud controls aren’t in place.

Why Traditional Approaches Fail

Most identity verification solutions used by banks, fintechs, or iGaming companies in Brazil are outdated compared to today’s fraud sophistication. What worked a few years ago is now ineffective.

First, manual review doesn’t scale. Document and selfie checks are slow, costly, and easily outsmarted by fake IDs or AI deepfakes.

Second, standalone biometrics create a false sense of security. A selfie at onboarding—without robust liveness detection or supporting signals (IP, geolocation, document analysis)—is too weak a control.

Finally, many companies still see verification as a one-time action at onboarding, when it must be ongoing. Periodic biometric authentication or random IP/geolocation checks can significantly cut fraud rates.

What Works: A Defense-in-Depth Framework

Against entrenched, systemic fraud like Brazil’s, the only effective solution is a defense-in-depth framework. This isn’t about adding friction or costs—it’s about layering protections that reinforce one another.

A critical step is strengthening civil identity and digital credentials. The Carteira de Identidade Nacional is an important milestone but must be paired with modern authentication like biometrics.

Verification processes must evolve into fraud prevention systems. This means integrating document verification, liveness biometrics, Face Match 1:1, device/IP signals, and real-time behavioral analysis.

Continuous monitoring is already mandatory for many regulated entities and should be universal. Monitoring transaction patterns, cross-checking against sanctions/PEP lists, and spotting anomalies are essential.

Another pillar is traceable consent. The INSS case proved that without verifiable and revocable consent records, systemic fraud is inevitable. Regular audits and extra biometric checks for sensitive changes must be standard.

Finally, human factors matter. Digital literacy, especially among vulnerable groups, must go hand-in-hand with fast-response tools: instant account lock buttons and proactive alerts for suspicious activity.

Public Policy and Public-Private Collaboration

Private tech alone can’t solve Brazil’s identity fraud crisis. A coordinated framework is needed. The government must set clear compliance and consent standards, conduct independent audits, and penalize enablers. It should also launch massive digital literacy campaigns, especially for seniors and vulnerable communities.

Collaboration between banks, fintechs, telecoms, and regulators is crucial to combat SIM swap schemes and resale of leaked data. The Celular Seguro program, expanded in 2025 with banking app integration, is a strong step forward.

Compliance KPIs That Matter (Even to the CFO)

Fraud prevention isn’t an expense—it’s a value proposition investment. The way to prove it is by tracking the right KPIs:

• Quantitative metrics: reduced fraud/chargebacks, lower operating costs, faster verification, higher approval rates for legitimate users.
• Qualitative metrics: smoother onboarding, better customer satisfaction, stronger trust.

Framed this way, even finance teams see fraud prevention as a driver of profitability, not just a safeguard.

Didit: The Best Solution to Verify Identities and Stop Fraud in Brazil

Companies in Brazil face a dual challenge: complying with KYC/AML rules while defending against increasingly sophisticated fraud. The problem is local solutions have shown their limits. IDWall relies too heavily on human review, slowing onboarding, while Unico lacks an end-to-end platform, leaving exploitable gaps.

Didit changes that equation. Our technology is purpose-built to combat fraud in Brazil, helping businesses and individuals eliminate this systemic issue. We combine document verification, advanced biometrics, official source validation, and global screening into a flexible, open, and cost-effective platform. Plus, we offer the first unlimited free KYC plan, so any company can start verifying users without cost barriers.

With Didit, you can design tailored verification flows—from onboarding to biometric authentication—always aligned with Brazil’s fast-evolving regulations. The result: less fraud, more trust, and verification processes that add real business value.