Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Identity verification helps prevent fraud by requiring would-be fraudsters to verify that they are real people and who they say they are. But what about a user who opens an account with their legitimate ID and selfie and then hands the keys to a bad actor? That’s exactly what happens with identity muling, and this type of second-party fraud can be difficult to detect.

In April 2026, Mexican President Claudia Sheinbaum announced that individuals will no longer need a Federal Taxpayer Registry (RFC) number to open an N2 or N3 bank account. As the country continues its transition to cashless payments, this move has the potential to bring more than 32 million unbanked, informal workers into the financial system. But it doesn’t come without risk.

For many security teams, the 2023 MGM Resorts cyberattack was a wake-up call. A single vishing attack exploited weak identity assurance in help desk workflows and disrupted casino and hotel operations for days, causing hundreds of millions in losses and reputational damage. The breach revealed a disconcerting new reality: Just one compromised employee account can enable attackers to bypass the entire security perimeter, regardless of an organization’s size or security budget.

Addressing these potentially competing priorities is difficult with today’s technology, and it's an active area of work for government agencies and private organizations alike. But we think there’s a potential path forward if regulations and organizations limit what you have to share, who you have to share data with, and how your data can be used.

During identity verification, organizations typically have to decide between increasing security controls and improving user conversion. Tighter checks mean more abandonment, and smoother flows mean more risk. Most verification flow design is an exercise in finding the right tradeoff. Mobile driver's licenses (mDLs) are different. Because an mDL is cryptographically signed by the issuing DMV and presented directly from a user's device, it's both faster to verify and harder to fake.

AI agents have developed advanced capabilities faster than most would have imagined. In enterprise contexts, workforces are delegating more and more tasks to them. While the promise of increased productivity is enticing, the shift from deterministic automated tools to agentic autonomous systems introduces security risks that most enterprises haven’t prepared for.

Imagine spending weeks moving a strong job candidate through a rigorous interview process. The hiring manager is excited for their new hire and collaborates with multiple teams to prepare for a smooth onboarding. But on day one, a completely different person shows up for the job. For too many companies, scenarios like this have become disturbingly common. Besides introducing serious security risks, fake job candidates waste valuable talent team resources.

As a fraud analyst at Persona, I have to balance working on fraud escalations for specific customers and keeping an eye on cross-customer (and cross-industry and cross-region) fraud trends. The work naturally overlaps, as one escalation can turn into a trend as fraud rings move on to new targets. And, getting ahead of large trends helps us stop escalations. I have a lot of tools at my disposal, but I want to discuss Graph, Persona’s real-time link analysis product.

On 1 July 2026, Australia's Tranche 2 reforms take effect. If you're a lawyer, accountant, real estate agent, conveyancer, precious metals dealer, or trust and company service provider, this deadline likely applies to you. Tranche 2 extends Australia's AML/CTF obligations to approximately 100,000 businesses that were previously unregulated.

Persona’s FedRAMP Moderate Authorization status gives federal agencies a secure and highly configurable option for verifying users, preventing fraud, and securing digital services. The US Government Accountability Office (GAO) estimates the federal government loses $233 billion to $521 billion to fraudsters annually. And many agencies are facing a significant challenge as they modernize their digital operations.