The New
Fraud
Landscape.
Synthetic Identities, Deepfakes, and How Canada’s Defences Must Evolve
AI-driven identity fraud has moved from an emerging risk to an active, material threat to Canadian organizations across every sector. The tools are cheap, the attacks are scalable, and Canada’s defence posture has structural gaps that individual institutional investment cannot close.
Companion resource
Quick-Start Guide: Immediate Defences Against AI Identity Fraud
14 specific, low-cost actions for SMEs and professional firms – deployable within days.
Bottom line
Individual institutional investment is not enough. Sophisticated attacks now exploit gaps between institutions. A fabricated identity can open an account at one bank, build credit history at another, and monetize through a third, with no single organization ever seeing the full picture.
Why current protections are failing
Three Structural Gaps No Single Organization Can Close
Canada’s major financial institutions are investing. AI-enabled identity fraud is a system-level threat that requires system-level coordination.
01 | 02 | 03 |
Fragmented Threat Intelligence The CCCS, FinCEN, and vendor threat reports all contribute to the picture. No single resource synthesizes them into a unified, Canadian-contextualized model with actionable implementation guidance. The coordination layer does not yet exist. | Standards Without Canadian Implementation Guidance NIST SP 800-63-4 now mandates deepfake and injection-attack controls — but provides no Canadian regulatory mapping. Canada’s own guidance (ITSP.30.031 v3) predates generative AI entirely, leaving organizations to interpret U.S. and EU frameworks without sector-specific adaptation. | No Cross-Sector Identity Assurance Interoperability Synthetic identities exploit the gaps between institutions. Individual detection investment cannot close this gap without shared indicators, common verification standards, and the ability to trust identity assurance across sectors. PCTF has proven this is technically achievable — but scale requires ecosystem coordination. |
What is at stake by sector
Where the Exposure Is Highest
The structural defence gaps create differentiated risk across Canada’s economy. New account fraud and account takeover fraud are concentrated differently by sector — calibrating control investment to your dominant vector matters.
SECTOR | PRIMARY THREAT VECTORS | SPECIFIC RISK FACTORS |
Financial Services | Synthetic identity account opening; credit bust-out; deepfake-authorized payments; AML evasion | OSFI/FINTRAC obligations; open banking expansion; Payments Canada integrity; credit union exposure |
Legal | Remote client identity verification fraud; trust account exploitation; deepfake impersonation for conveyancing fraud | 700K+ remote IDV transactions reported by members; expanding remote practice; passports account for 44% of fraudulent documents submitted in the professional services sector globally |
Healthcare | Patient identity fraud; prescription fraud; benefits fraud; health data access | Provincial health card verification; Canada Health Infoway standards; health privacy legislation |
Government | Benefits fraud; synthetic identity for credential issuance; election interference; citizen service exploitation | Provincial digital ID programmes (BC: 4.6M users); federal service delivery; democratic process integrity |
Telecommunications | SIM swap fraud; subscriber identity fraud; account takeover; deepfake customer service manipulation | Telcos as identity verification anchor for other sectors; CRTC requirements |
Energy / Critical Infrastructure | Insider identity compromise; SCADA/OT access via identity exploitation; supply chain identity fraud | CCCS critical infrastructure designation; CI protection legislation; OT/IT convergence |
DIACC’s planned response
What Comes Next From DIACC
This briefing is the first in a series under the Fraud Resilience & AI Readiness pillar of DIACC’s 2025–2030 Strategic Framework.
Implementation Guide Controls for managing AI threat vectors (synthetic identities & deepfakes), mapped to PCTF conformance criteria and NIST SP 800-63-4 | PCTF Conformance Addendum Conformance criteria for AI-supported identity verification, integrated into the Pan-Canadian Trust Framework |
Sector-Specific Resources Beginning with financial services and legal, building on 700K+ verified identity transactions already in production | Trust Framework Expert Committee Open invitation for member organizations to contribute threat intelligence and engage in developing conformance criteria |
Get involved.
Review the briefing, contribute threat intelligence, or engage with TFEC by contacting us.
