{"id":26132,"date":"2026-01-21T07:00:59","date_gmt":"2026-01-21T06:00:59","guid":{"rendered":"https:\/\/cyberinsights.iainfraser.net\/?p=26132"},"modified":"2026-02-03T10:59:20","modified_gmt":"2026-02-03T09:59:20","slug":"ai-powered-fraud-in-2026","status":"publish","type":"post","link":"https:\/\/smecyberinsights.co.uk\/index.php\/2026\/01\/21\/ai-powered-fraud-in-2026\/","title":{"rendered":"AI-Powered Fraud Is Rising: What Ping\u2019s Keyless Deal Signals for UK SME Login Security\u00a0"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"SECURUS\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"AI-Powered\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t
Image Credit: Marcus Winkler via Pixabay <\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

Gibraltar:\u00a0 Wednesday, 21 January 2026 \u2013 07:00 CET<\/p>\n

AI-Powered Fraud Is Rising: What Ping\u2019s Keyless Deal Signals for UK SME Login Security<\/span><\/span>\u00a0<\/span>
\n<\/strong>By: Iain Fraser<\/a>\u00a0\u2013\u00a0Cybersecurity Journalist
\n<\/a>Published in Collaboration with SECURUS Communications<\/a>
\nGoogle Indexed on: 210126 at 09:15 CET<\/a>
\nSMECyberInsights.co.uk<\/a> | First for SME Cybersecurity News
\n<\/a>#SMECyberInsights #SMECybersecurity\u00a0<\/span><\/span>#SMECyberInsights\u00a0<\/span>#SME #<\/span>CyberSafe #CyberSecurity #<\/span>IdentitySecurity\u00a0<\/span>#<\/span>MFA<\/span>\u00a0<\/span>#<\/span>ManagedSecurity<\/span><\/span><\/em><\/p>\n

\ufeff<\/span>\ufeff<\/span><\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

AI-powered impersonation is making it easier to trick staff, bypass weak logins, and take over business accounts\u2014especially in UK SMEs where email and cloud apps are the lifeblood of operations. Ping Identity\u2019s acquisition of Keyless is a signal of where the market is\u00a0heading:\u00a0<\/span>stronger identity security using biometrics and re-verification<\/span><\/b>\u00a0to counter deepfakes and automated attacks. For UK small businesses, the takeaway is practical: upgrade authentication and verification before fraud does it for you.<\/span>\u00a0<\/span><\/p>\n

Why This Matters for UK SMEs<\/span><\/b>\u00a0<\/span><\/p>\n

This matters now because identity is the front door to your business\u2014email, accounting,\u00a0CRM\u00a0and file sharing\u2014and attackers increasingly target that door using AI to scale\u00a0scams\u00a0and defeat weak verification.<\/span>\u00a0<\/span><\/p>\n

Key benefits and risks for UK SMEs:<\/span>\u00a0<\/span><\/p>\n

* Revenue protection:<\/span><\/b>\u202ffewer invoice diversions and payment\u00a0scams\u00a0that hit cashflow directly.<\/span>\u00a0<\/span><\/p>\n

* Operational resilience:<\/span><\/b>\u202freduced downtime from account takeover and ransomware that starts with stolen credentials.<\/span>\u00a0<\/span><\/p>\n

* Reputation and trust:<\/span><\/b>\u202ffewer \u201cwe\u2019ve been hacked\u201d customer conversations and reputational damage.<\/span>\u00a0<\/span><\/p>\n

* Regulatory exposure:<\/span><\/b>\u202fstronger access controls reduce the likelihood of a personal data breach under GDPR\/ICO scrutiny.<\/span>\u00a0<\/span><\/p>\n

* Supply-chain credibility:<\/span><\/b>\u202fbetter authentication helps pass customer security questionnaires and insurance requirements.<\/span>\u00a0<\/span><\/p>\n

Authoritative Insights<\/span><\/b>\u00a0<\/span><\/p>\n

The current landscape is that\u00a0<\/span>phishing, credential theft, and social engineering remain the most common routes into organisations<\/span><\/b>, and AI is making these attacks more convincing and scalable.<\/span>\u00a0<\/span><\/p>\n

* The\u202f<\/span>UK Government Cyber Security Breaches Survey 2024<\/span><\/b>\u202fcontinues to highlight the prevalence of phishing and the\u00a0real business\u00a0impact of breaches\u2014cost, disruption, and recovery burden for smaller firms.<\/span>\u00a0<\/span><\/p>\n

* NCSC guidance (2024)<\/span><\/b>\u202fconsistently emphasises the fundamentals: multi-factor authentication, strong access control, secure configuration, patching, and good backup\/restore. These controls still stop\u00a0a large proportion\u00a0of attacks, including those \u201cenhanced\u201d by AI.<\/span>\u00a0<\/span><\/p>\n

* The\u202f<\/span>ICO (2023\u20132024) guidance on biometric data and data protection<\/span><\/b>\u202fis clear that biometrics used for uniquely\u00a0identifying\u00a0someone is typically\u202f<\/span>special category data<\/span><\/i>\u202funder UK GDPR. That\u00a0doesn\u2019t\u00a0mean \u201cdon\u2019t use it\u201d\u2014it means treat it with care: clear purpose, minimisation, security, retention, and transparency.<\/span>\u00a0<\/span><\/p>\n

* ENISA threat reporting (2024)<\/span><\/b>\u202fand major security vendor reporting through 2024\u20132025 repeatedly flag identity abuse, deepfakes and social engineering as growing concerns.<\/span>\u00a0<\/span><\/p>\n

So\u00a0what does a deal like Ping Identity + Keyless suggest? It reflects a broader shift toward\u00a0<\/span>identity systems that can detect higher-risk situations and step up verification<\/span><\/b>,\u00a0rather than relying on a single login event and a password\u00a0that\u2019s\u00a0already been reused somewhere since 2018.<\/span>\u00a0<\/span><\/p>\n

SME-Specific Impact<\/span><\/b>\u00a0<\/span><\/p>\n

For UK SMEs, identity risk looks different because you have fewer layers of defence\u2014and fewer people to spot anomalies quickly.<\/span>\u00a0<\/span><\/p>\n

Key SME traits that change your risk profile:<\/span>\u00a0<\/span><\/p>\n

* Limited in-house IT\/security:<\/span><\/b>\u202fyou may not have 24\/7 monitoring, so preventing account takeover matters more than detecting it later.<\/span>\u00a0<\/span><\/p>\n

* Cloud-first dependency:<\/span><\/b>\u202fMicrosoft 365\/Google Workspace, Xero\/Sage, and CRM platforms are high-value targets; one compromised admin account can cascade.<\/span>\u00a0<\/span><\/p>\n

* High-trust internal processes:<\/span><\/b>\u202f\u201cthe MD emailed me\u201d or \u201cFinance asked for this\u201d is easier to exploit in smaller teams, especially with AI-written messages.<\/span>\u00a0<\/span><\/p>\n

* Supplier and customer access:<\/span><\/b>\u202fshared portals, guest accounts, and third-party support create more identity edges to secure.<\/span>\u00a0<\/span><\/p>\n

* Fast decision-making:<\/span><\/b>\u202fSMEs can roll out stronger authentication quickly when leadership backs it\u2014often faster than large enterprises.<\/span>\u00a0<\/span><\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"AI-Powered\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

Upside & Downside Analysis<\/span><\/b>\u00a0<\/span><\/p>\n

Identity upgrades can feel like \u201csecurity friction\u201d,\u00a0but the business impact is usually the opposite when done well.<\/span>\u00a0<\/span><\/p>\n

Upside for SMEs<\/span><\/b>\u00a0<\/span><\/p>\n

Implementing stronger, modern authentication and verification delivers:<\/span>\u00a0<\/span><\/p>\n

* Fewer successful fraud attempts:<\/span><\/b>\u202fespecially invoice fraud and \u201curgent payment\u201d impersonation when paired with process controls.<\/span>\u00a0<\/span><\/p>\n

* Reduced breach likelihood:<\/span><\/b>\u202fstolen passwords become far less useful when MFA\/passkeys are\u00a0enforced\u00a0and risky logins are challenged.<\/span>\u00a0<\/span><\/p>\n

* Smoother audits and procurement:<\/span><\/b>\u202fyou can answer security questionnaires with confidence (\u201cMFA enforced\u201d,\u00a0\u201cconditional access\u201d,\u00a0\u201cprivileged accounts controlled\u201d).<\/span>\u00a0<\/span><\/p>\n

* Better user experience over time:<\/span><\/b>\u202fmodern options like passkeys and device-based authentication can reduce password resets and helpdesk pain.<\/span>\u00a0<\/span><\/p>\n

* Stronger customer trust:<\/span><\/b>\u202fdemonstrating\u00a0mature identity controls is increasingly a differentiator for B2B UK SMEs.<\/span>\u00a0<\/span><\/p>\n

Downside and Hidden Costs<\/span><\/b>\u00a0<\/span><\/p>\n

Ignoring identity modernisation\u2014or implementing it poorly\u2014creates predictable costs:<\/span>\u00a0<\/span><\/p>\n

* Account takeover and downtime:<\/span><\/b>\u202fattackers use compromised email to reset passwords elsewhere and move laterally into file stores and finance systems.<\/span>\u00a0<\/span><\/p>\n

* Fraud losses:<\/span><\/b>\u202fone convincing AI-assisted impersonation can trigger a same-day payment to the wrong account.<\/span>\u00a0<\/span><\/p>\n

* Data breach and reporting burden:<\/span><\/b>\u202fpersonal data exposure can lead to contractual fallout and potential ICO engagement, plus time-consuming notifications.<\/span>\u00a0<\/span><\/p>\n

* False confidence in \u201cbiometrics\u201d:<\/span><\/b>\u202fusing biometric tools without governance can create privacy risk, user pushback, and compliance headaches.<\/span>\u00a0<\/span><\/p>\n

* Shadow IT sprawl:<\/span><\/b>\u202fstaff adopt ad-hoc apps for convenience, increasing unmanaged identities and weak access paths.<\/span>\u00a0<\/span><\/p>\n

Quick Action Steps<\/span><\/b>\u00a0<\/span><\/p>\n

These are \u201cgood enough\u201d steps that fit typical UK SME budgets and time constraints.<\/span>\u00a0<\/span><\/p>\n

1. Map your critical accounts and \u201cblast radius\u201d.<\/span><\/b>\u202fIdentify\u00a0your email admin, finance admin, payroll, CRM admin, and cloud storage owners\u2014then protect those first.<\/span>\u00a0<\/span><\/p>\n

2. Enforce multi-factor authentication (MFA) everywhere it matters.<\/span><\/b>\u202fMFA means a second verification step (like an authenticator app) so stolen passwords alone\u00a0can\u2019t\u00a0log in\u2014start with email, finance, and admin accounts.<\/span>\u00a0<\/span><\/p>\n

3. Adopt passkeys where available.<\/span><\/b>\u202fPasskeys are phishing-resistant sign-ins tied to a device (often using Face ID\/fingerprint locally) and reduce reliance on passwords that can be stolen or reused.<\/span>\u00a0<\/span><\/p>\n

4. Implement step-up checks for high-risk actions.<\/span><\/b>\u202fRequire re-verification for payment changes, new payees, bank detail updates, and sensitive exports\u2014even if the user is \u201calready logged in\u201d.<\/span>\u00a0<\/span><\/p>\n

5. Tighten access and admin privileges.<\/span><\/b>\u202fRemove shared admin accounts, limit who can create mailbox\u00a0forwarding\u00a0rules, and review third-party access for your outsourced IT support.<\/span>\u00a0<\/span><\/p>\n

6. Add a fraud-proof payment process.<\/span><\/b>\u202fMandate call-back verification using a known number (not the one in the email) and a second approver for large payments.<\/span>\u00a0<\/span><\/p>\n

7. Use managed support for identity hardening if you\u2019re stretched.<\/span><\/b>\u202fA competent MSP\/MSSP can implement conditional access, device policies, and admin controls quickly\u2014often cheaper than a single incident.<\/span>\u00a0<\/span><\/p>\n

Looking Ahead (Future Trends & Importance)<\/span><\/b>\u00a0<\/span><\/p>\n

Over the next 1\u20133 years, UK SMEs should expect\u00a0<\/span>more deepfake-assisted impersonation<\/span><\/b>\u00a0and more attacks that target \u201ctrusted\u201d workflows like payments, supplier onboarding, and customer support resets. Acting now\u2014by modernising authentication, adding re-verification for risky actions, and tightening admin controls\u2014puts your business in a stronger position to grow without your logins becoming the weakest link.<\/span>\u00a0<\/span><\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"SECURUS\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t
<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

SECURUS Communications Ltd<\/strong><\/p>\n

Securus<\/a> <\/strong>is a managed communications Operator, providing next-generation network infrastructure and value added services to Managed Hosting providers and the ‘cloud generation’\u200b of enterprises. Securus<\/a> <\/strong>priority is to offer communication services that represent excellent value for money and are backed by exceptional levels of support.<\/p>\n

Contact Securus<\/strong>
\nSecurus Communications Ltd
\nStation Road, Landmark house, Hook, England RG27 9HA, GB
\nT: Enquiries:\u00a003451 283457<\/span><\/a>\u00a0| Service Desk: 03451 283458<\/a>
\nSecurus on LinkedIn<\/a> | Securus on “X”<\/a> | https:\/\/securuscomms.com<\/a><\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t

\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t

\n\t\t\t\t\t<\/span>\n\t\t\t\t\tLatest Posts from SECURUS Communications<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t<\/h2>\n\t\t\t<\/div>
\n\n
\n
\n\n
\n \n \n \"AI-Powered <\/a>\n\n \n