Retail’s Identity Gap in the Age of AI Fraud

It’s an alarming time for retailers. According to Deloitte, only 3 percent feel well prepared to address artificial intelligence risks, underscoring a need to rethink cybersecurity strategies. As AI reshapes today’s threat landscape, brands must evaluate how attackers are targeting their systems, why traditional defenses are failing, and what practical steps can help reduce risk.

AI’s Impact on the Retail Threat Landscape

Retailers are often the primary target of cyberattacks due to the large volume of customer data they store. For years, the most common threats facing them ranged from ransomware and data breaches to supply chain disruptions and social engineering attacks such as phishing.

Today, the evolution of AI is rapidly escalating the threat environment by making attacks more sophisticated and easier to deploy and scale. In the past year alone, 69 percent of retailers experienced AI-enabled fraud. Additionally, AI is introducing new attack methods like deepfake videos, which are rising by 1,100 percent year-over-year (YoY) globally.

Exposure at the Identity Layer

Comprehensive cybersecurity typically consists of seven layers of protection, each intended to help detect, prevent and eliminate threats across an organization.

For retailers, attacks are increasingly occurring within the identity layer (i.e., the framework that verifies customers’ identities on websites or apps and regulates employee access to internal systems). Identity fraud in e-commerce increased 137 percent in 2024 and continues to steadily rise YoY, meaning retailers are inadequately protecting themselves against these types of attacks and potentially leaving the door wide open for cybercriminals to gain control of their entire systems.

The Shortcomings of Traditional Verification Methods

Most retailers today are relying on complex password policies, multifactor authentication (MFA), encryption, and other traditional security tactics to authenticate customers and employees. However, cybercriminals can still bypass these defenses, and AI is only making it easier to do so.

In the first half of 2025 alone, credential theft jumped 800 percent, totaling 1.8 billion stolen credentials. The harsh reality is strong passwords cannot withstand phishing, data breaches, or credential stuffing. In contrast, MFA brings an additional layer of security, but it's not immune to SIM-swapping and other sophisticated attacks. Additionally, the approach can impact user experience, leaving customers and employees frustrated with the additional steps required to access their accounts.

To effectively reduce risk while ensuring a seamless experience, retailers must recognize that common identity verification methods are no longer the answer.

Surefire Identity Protection in 2026

The only way to secure digital identities in today’s threat landscape is by deploying hardware-based authentication as a last line of defense. Hardware, particularly SIM cards, remains one of the most trusted forms of security and a powerful defense against growing identity-based threats. Unlike traditional software-based security methods that leave gaps for attackers to exploit, hardware can’t be easily hacked or faked.

For example, SIM-based authentication ties users’ identities to the unique credentials on their devices. This encrypted, network-level verification makes it nearly impossible for attackers to gain unauthorized access to internal systems. Compared to MFA, SIM-based authentication provides strong protection against identify-based threats, without compromising the user's experience through multistep verification processes.

For retailers, adopting dependable identity authentication methods is no longer optional; it’s a requirement.

Closing the Retail Identity Gap

To remain secure in 2026 and beyond, retailers must acknowledge the ever-growing threat of fraud and identity theft, and understand the innate risk of relying on software alone in their security strategies. Only hardware-based authentication can give retailers confidence that account users are legitimate and the chance of their systems being hacked is near zero.

Delay only increases exposure. The organizations that wait could easily be the next victim.

Ran Ben-David is the founder and CEO of Unibeam, a digital identity company that uses SIM and eSIM as a hardware-backed trust anchor to combat AI-driven fraud.