IMAGE: Sumsub
Sumsub is a global full-cycle verification platform designed to secure the entire user journey, enabling businesses to onboard users quickly while ensuring compliance with regulatory standards. Sumsub leverages AI technologies to analyse and monitor extensive data, effectively sniffing out suspicious patterns and preventing advanced fraud attempts.
In July 2023, Sumsub established its APAC headquarters in Singapore, recognising the region’s rapid digital transformation and the corresponding rise in identity and synthetic fraud. This strategic move allows Sumsub to tap into Singapore’s vibrant fintech ecosystem and extend its reach across the region.
Synthetic fraud refers to the use of artificially created or manipulated identities to deceive systems, often for financial gain or unauthorised access. Deepfakes fall under this umbrella when they’re used to impersonate real people or fabricate identities—especially in identity verification processes, onboarding or authentication.
In an interview with Deeptech Times at Money20/20 Asia in Bangkok last month, Penny Chai, vice president for APAC at Sumsub, shared insights into how the company is leveraging a decade of expertise, advanced technologies and localised strategies to stay ahead in the fast-evolving identity verification landscape.
Below is an edited Q&A from the conversation, exploring Sumsub’s approach to combating fraud, navigating regulatory complexities, and capitalising on APAC’s digital growth.
Sumsub has rapidly expanded its presence in the identity verification and compliance space. What is the core of your competitive advantage, and how do you sustain it amid increasing global regulatory pressure and competition?
Our competitive edge stems from our 10-year history, which began at the dawn of remote onboarding during the early days of digital transformation. This head start allowed us to develop a robust machine learning system capable of recognising thousands of ID types and personas across diverse global markets—something competitors can’t replicate overnight.
In a crowded KYC market, where many providers rely on off-the-shelf technology, our proprietary AI algorithms give us a distinct advantage. We’ve also expanded beyond onboarding to offer lifecycle monitoring tools that track user behaviour, ensuring compliance with anti-money laundering (AML) and fraud prevention regulations.
This holistic approach not only builds trust for businesses but also stabilises digital ecosystems, particularly in high-stakes sectors like fintech and crypto. To sustain this amid regulatory pressure, we continuously refine our technology, while maintaining close alignment with global and regional compliance standards, so that we can ensure our solutions are both scalable and adaptable.
With deepfake and synthetic fraud on the rise, how is Sumsub adapting its strategy to stay ahead of increasingly sophisticated fraudsters, particularly in high-risk sectors like crypto and fintech?
Fraud has evolved at the same pace as technology, with fraudsters now operating as organised industries, offering services like “phishing as a service” or malware rentals. We anticipated this shift and implemented advanced liveness detection to catch deepfakes at the onboarding stage, well before the recent surge in synthetic fraud.
Our AI-driven platform layers multiple security measures—device fingerprinting, geolocation analysis, behavioural monitoring—to identify fraud networks. For example, we helped a client detect accounts created to exploit bonuses by analysing shared device usage, identical backgrounds in selfies, and behavioural anomalies.
Notably, 70 per cent of fraud occurs after onboarding, so continuous monitoring is critical. In crypto and fintech where risks are high, our multi-layered approach ensures we catch both opportunistic and coordinated fraud to help protect businesses and their ecosystems.
IMAGE: Deeptech Times
How is Sumsub leveraging advanced technologies like AI, machine learning and biometric authentication to enhance fraud detection and user verification? Are there specific innovations you’re particularly excited about?
Our technology stack is built on AI, machine learning and biometric authentication. Our GenAI analyses transaction histories and behavioural patterns to establish baselines, flagging anomalies like a user logging in at an unusual time or initiating an uncharacteristically large transaction.
Biometric tools, such as selfie-based face verification and optical character recognition (OCR) for ID scanning, are modular, to enable businesses to adopt specific components without needing the full suite. This flexibility is valuable for non-regulated sectors like retail or dating apps, where trust and efficiency are key.
I’m particularly excited about our decision to publish our proprietary AI model as an open system. It fosters collaboration with the next generation of developers, enhances our technology and gives back to the tech community. Another innovation is our transaction monitoring for Web3, which ensures compliance in crypto exchanges by tracking user activity across decentralised protocols.
Given the growing importance of explainability in AI, how is Sumsub ensuring that its AI-driven verification tools remain transparent and trustworthy, especially for regulators and end users?
Transparency is at the heart of our AI strategy. By publishing our AI model as an open system, we invite scrutiny and collaboration, which builds trust among developers, regulators and clients.
Our platform provides clear, layered insights—device data, geolocation, behavioural patterns—that are easily interpretable by regulators. This is critical in regulated markets, where explainability ensures compliance with AML and KYC mandates.
For end users, our tools such as selfie verification are intuitive, balancing robust security with a seamless experience. We also engage with regulators to align our solutions with their expectations, ensuring our AI decisions are both trustworthy and auditable, which is especially important in markets like Singapore and Hong Kong.
We’ve seen a sharp spike in identity fraud incidents across APAC. What macro or behavioural trends are driving this surge, and how should businesses prepare for what’s ahead?
The pandemic accelerated the shift to digital operations and remote onboarding, which unfortunately also exposed businesses to increased security vulnerabilities.
Rapid digitalisation in Southeast Asia, coupled with macroeconomic pressures, has created fertile ground for fraudsters using deepfake IDs or network fraud schemes. At the same time, how people behave in certain countries—like preferring face-to-face interactions in Indonesia and the Philippines—also affects how and where these frauds happen. Businesses should therefore adopt multi-layered security: AI for anomaly detection, biometrics for authentication, and continuous monitoring to catch post-onboarding fraud.
Localising solutions is crucial—clients in these markets value culturally aware, language-specific engagement. We address this by hiring local teams and partnering with regional integrators to build trust and tailor our platform to local needs.
From your vantage point, how are regulatory landscapes in APAC evolving in terms of digital identity, AML and KYC compliance? Are there particular markets that are leading the charge?
Singapore and Hong Kong, as APAC’s financial hubs, are leading policy innovation. For example, Singapore phased out SMS-based one-time passwords (OTPs) to curb phishing, a policy that spread to the Philippines within months.
APAC regulators collaborate through forums and align standards across Southeast Asia. Japan, while traditionally insular, is becoming more open to global dialogue and adapting policies to its cultural context.
Globally, APAC adopts frameworks like the U.S. travel rule, which Singapore and Hong Kong have implemented and are influencing the rest in the region. This interconnected regulatory landscape means policies proliferate quickly, mandating vendors like us to stay agile and ensure our platform supports cross-border compliance.
Sumsub has established a strong APAC foothold with its Singapore HQ and regional partnerships. What are your key priorities for the region, especially given the current macroeconomic headwinds?
Our Singapore HQ is a springboard for Southeast Asia’s emerging markets—Indonesia, Vietnam, and the Philippines—where technology adoption is leapfrogging. Despite macroeconomic challenges, we’re prioritising partnerships with system integrators and targeting high-growth sectors including payments, remittance and online gaming.
In the Philippines, the gaming market is a key focus, where verification enhances trust and compliance. We’re also hiring local teams to meet cultural demands, as clients in these markets value in-person engagement. Our platform’s customisability ensures it aligns with diverse regulatory requirements, enabling us to scale effectively and support clients’ growth in these dynamic economies.
How are you tailoring your go-to-market and product strategies for the diverse regulatory and digital maturity levels across Southeast Asian markets?
Our platform is designed to be highly customisable, allowing each deployment to fit local regulations and digital maturity levels.
For instance, in the Philippines, we target the booming gaming market, where verification builds trust for online casinos and gaming platforms. In Indonesia, we’ve hired local representatives to engage directly with clients that prioritise cultural alignment. Partnerships with integrators help us scale in sectors like crypto, payments and remittance.
In Web3, we serve over 60 per cent of the top 10 crypto exchanges and offer a travel rule solution that consolidates multiple protocols, hence simplifying compliance. This tailored approach ensures we meet the unique needs of each market while maintaining a unified, robust platform.
