2025 saw a sharp rise in fraud across African digital platforms, fueled by AI-powered attacks and increasingly coordinated fraud networks. Businesses in fintech, crypto, e-commerce, and digital services lost millions to sophisticated schemes while customer trust eroded.

Moving into 2026, for founders, fraud managers, and product leads, one question remains top of mind: How do you protect your platform against evolving fraud threats without slowing growth or incurring financial losses?

Fraud today is no longer opportunistic or isolated. It’s highly organized and continuously adapting to bypass systems and tools meant to prevent it.

Released in December 2025, the Dojah Fraud Insights Report draws from real-world fraud intelligence across African platforms. 

Combining expert perspectives on risk patterns across fintech, crypto, and digital services, this article highlights six emerging fraud trends African businesses must prepare for in 2026,  and practical steps to safeguard your platform.

Sleeper Accounts and Long-Game Fraud

Sleeper accounts are becoming one of the most effective entry points for fraud in Africa. This typically occurs when a user passes onboarding checks, leaves an account dormant for an extended period, and later returns to carry out high-value or coordinated transactions through that previously inactive account.

In 2025 alone, Nigerian banks recorded a 71.5% increase in dormant and sleeper accounts, with over 33 million inactive accounts across the system. This trend suggests a deliberate strategy by fraud networks to exploit time, trust, and system blind spots.

This pattern is highlighted in the Dojah Fraud Insights Report by Tolulope Ekundayo, Fraud Manager at Wema Bank. He describes sleeper accounts as some of the most vulnerable entry points in fraud cases, citing incidents where accounts opened nearly a year earlier were later activated for coordinated fraud.

 The key insight is simple: inactivity on your platform is not neutral. Dormancy is a risk signal, as dormant accounts can be exploited for long-game fraud. Your fraud defenses need to move beyond onboarding checks to include real-time monitoring across the user journey. 

Steps to take

Some key steps to take when preparing your platform to spot long-game fraud include:

• Auto-flag dormant accounts on reactivation

When an account remains inactive for an extended period and suddenly becomes active, it should be flagged automatically for review. Sudden activity following dormancy, especially involving high-value transactions, is rarely accidental.

• Reassess risk for returning users

Risk rules should not remain static. Users returning after long periods should be reassessed and, where necessary, subjected to additional verification rather than trusted at the same level as continuously active users.

• Monitor beyond onboarding with real-time signals

Fraud detection needs to extend across the entire user lifecycle and include active monitoring that spots unusual behavior as it happens. Continuous monitoring helps you identify emerging risks early and intervene before dormant accounts are exploited. 

 Insider Fraud

Insider fraud is one of the most damaging yet often overlooked threats to African businesses. It occurs when employees or trusted insiders exploit access to systems, KYC data, or transaction controls to carry out high-value fraud. Unlike external attacks, these incidents are quieter, highly targeted, and often go undetected until the impact is severe.

Farouk Juniad, Head of Fraud at Kuda, emphasizes in the Dojah Fraud Insights Report: “External fraud makes a lot of noise, but insider fraud hits the bull’s-eye.” He highlights insider threats and social engineering as two of the most critical and evolving risks facing financial institutions today. 

 Insider fraud incidents not only result in high-value attacks but can also significantly erode customer trust, as users become hesitant to transact when a platform appears insecure. Farouk Juniad noted that in just eight months, Nigerian banks reportedly lost over ₦22 billion to insider-related glitches, which impacted public perception and confidence.

Steps to Take

Reducing insider fraud requires visibility into internal behavior, not just customer activity. Some key steps include:

• Monitor internal access and activity patterns

Track how employees interact with systems and data. Repeated attempts to bypass controls or unusual access patterns can signal abuse.

• Apply anomaly detection for staff actions

Automated alerts should flag irregular behavior such as unauthorized workflow changes or repeated override attempts before losses occur.

• Limit and review privileged access regularly

Access rights should be granted on a need-to-know basis and reviewed frequently. Regular audits reduce the risk of employees exploiting overlooked permissions. 

KYC Farming & Identity Recycling

Identity fraud has long been rampant, and in 2026, it poses an even greater threat to your business, especially if you operate a fintech or digital platform. KYC farming is used by organized fraud rings to generate multiple verified accounts with real IDs harvested from unsuspecting individuals through fake schemes, enabling fraudsters to open accounts under several identities.

In the report, Yinka Avoseh, Fraud Manager at Flutterwave, describes a thriving underground network where identities are collected en masse, often disguised as grant applications or SIM registration processes. Some remain dormant for years before use, and Avoseh notes cases where individuals were implicated in fraud schemes they never committed. He emphasizes that “the card owner is not always the card holder,” highlighting the critical difference between identity and authenticity.

Gbenga Oyerinde, Fraud Manager at FairMoney, also alludes that government ID verification, such as BVN or NIN checks, is no longer enough to protect your fintech or digital platform. In one case, a single individual used multiple BVNs with identical face images to apply for loans across different states in Nigeria, illustrating the sophistication of modern identity fraud.

Steps to Take

Preventing identity recycling requires layered verification and continuous monitoring. You must:

• Detect identity reuse across accounts

Consistently reverify identities that return to your platform. Ensure that login attempts, loan requests, or other high-value actions match the original account holder.

• Apply biometric verification with liveness checks

Don’t stop at ID verification. Confirm that the person behind the ID is authentic using face match and liveness detection, and continuously monitor early-stage account activity for anomalies.

• Monitor post-login behavior and transaction patterns

After initial verification, track changes in login behavior, transaction activity, and unusual account actions. Flag any suspicious activity that deviates from normal patterns for review immediately. 

Synthetic Identity Fraud

Synthetic identity fraud remains one of the hardest types of fraud to detect globally. Unlike KYC farming, synthetic identities blend real and fabricated information, often appearing legitimate until account activity begins.

Olayinka Ajumo, Fraud Risk and AML Manager at Betika, provides insight into the impact of synthetic identity fraud on fintechs, which can lead to financial losses and even legal consequences. He cites a case where a fraudster created a spoofed account using fake information, resulting in a ₦200M lawsuit. 

Platforms exposed to synthetic identities risk regulatory sanctions or criminal liability, particularly when accounts are tied to illicit financial flows. 

Steps to Take

Preventing synthetic identity fraud requires updating your fraud systems with advanced tools and processes. Key steps include:

• Validate identities across multiple signals

Confirm account authenticity using a combination of identity documents, device fingerprints, and behavioral analytics to reduce reliance on single-point verification.

• Flag inconsistencies in identity, device, and behavior

Use real-time liveness detection, face match, and anomaly monitoring to catch synthetic accounts as they interact with your platform. These methods help detect unusual activity early, before it escalates into major losses.

• Leverage AI-powered predictive analysis

Predictive models analyze historical and real-time data to flag patterns indicative of synthetic identities, enabling early detection. AI tools can be implemented on your platform to monitor and anticipate potential fraud attacks.

Account Takeover Fraud

Account takeover (ATO) fraud occurs when criminals hijack existing accounts to carry out unauthorized transactions, bypassing security controls. Criminals target existing accounts because they are more profitable than creating new ones, allowing them to exploit trust, credit limits, and linked financial instruments. 

A notable example comes from a 2025 Microsoft investigation, which revealed an ATO fraud attack through a phishing subscription run across 94 countries, compromising at least 5,000 accounts and highlighting how ATO fraud can operate at scale, like a professional enterprise.

Oluwasegun Ojumola, Fraud Manager at Piggytech, also notes that ATO fraud attacks involving AI-generated documents or identities can easily bypass basic KYC checks.

Steps to Take

Olayinka Ajumo, Fraud Manager at Betika, recommends several strategies to mitigate account takeover fraud:

• Internal monitoring systems

Use real-time monitoring dashboards and detailed data logs to track account activity. Unusual logins, multiple failed attempts, or changes in account details can trigger alerts and early intervention.

• Behavioral risk segmentation

Apply risk-based user profiling to identify high-risk accounts and prioritize monitoring. “Every user isn’t equal, so every user shouldn’t be monitored the same,” Ajumo notes, emphasizing tailored fraud detection.

• Geo-behavioral analytics

Track account behavior by device and location. If a user logs in from Kenya but is known to access your platform from Tanzania, this inconsistency can flag the account for review and additional verification.

Crypto & P2P–Related Fraud

Crypto and P2P–related fraud is increasingly occurring after onboarding, especially within peer‑to‑peer trading and transfers. Mule accounts play a central role, enabling criminals to move illicit funds through multi-step transactions that are hard to trace. As crypto adoption grows across Africa, these schemes are becoming a preferred channel for money laundering, making them a major risk for crypto platforms in 2026. 

Japhet Gana, Head of Fraud at Yellow Card, highlights how sophisticated these attacks have become. In one incident, a dormant crypto mule network suddenly reactivated within minutes. While the activity initially appeared benign, multiple accounts followed identical patterns. Using layered alerts, device intelligence, and behavioral scoring, Japhet's fraud team identified and contained the threat in under an hour, preventing what could have escalated into a multi‑country loss.

This case underscores a critical reality for crypto founders and fraud managers: abuse in crypto and P2P environments often hides within complex transaction flows.

Steps to Take

To protect your crypto or P2P platform, you need defenses that go beyond the entry point and operate in real-time. Such as:

• Monitoring crypto and P2P transactions continuously

Track transactions as they occur, not just at entry points. Continuous monitoring helps surface suspicious activity patterns that only emerge after accounts become active.

• Detecting velocity abuse and transaction layering

Flag rapid fund movements, circular transfers, and sudden spikes in activity across linked accounts. These are common signals of mule networks attempting to obscure fund origins.

• Tracking wallet activity and behavioral patterns

Correlate wallet behavior with device, location, and historical usage data. Being able to trace how wallets interact over time makes it easier to identify coordinated abuse before it spreads across regions.

Fraud in 2026: Rethinking Post-Onboarding Risk

Fraud in 2026 is no longer just a one-off threat but a full-scale, organized operation. 

As Farouk Juniad notes: “Fraud is now its own industry, capitalized like a Tier-1 bank. And it’s evolving faster than most institutions can respond.”

Initial KYC checks at onboarding remain necessary, but they are no longer sufficient. You need to adopt continuous monitoring, behavioral intelligence, and lifecycle-based risk assessment to stay ahead.

Curated from leading fraud experts across Africa, the Dojah Fraud Insights Report equips founders, fraud managers, and product leads with actionable intelligence on emerging fraud patterns.

Download the Fraud Insights Report to explore a deeper breakdown of 2026 fraud trends.

And if you want to see how continuous risk intelligence can help protect your platform beyond onboarding, speak with the Dojah team today.

Frequently Asked Questions on 2026 Fraud Trends in Africa

1. What are the biggest fraud trends in Africa for 2026?

Sleeper account fraud, insider fraud, KYC farming and identity recycling, synthetic identity fraud, account takeover fraud, and crypto/P2P-related mule networks are among the biggest fraud trends in Africa for 2026.

2. Why are onboarding and initial KYC checks no longer enough to prevent fraud?

Most fraud in 2026 happens after onboarding, where attackers exploit dormant accounts, trusted access, identity reuse, and behavioral blind spots that static KYC cannot detect.

3. How does KYC farming differ from synthetic identity fraud?

KYC farming uses real identities that are harvested and reused at scale, while synthetic identity fraud blends real and fabricated data to create identities that often evade detection until after activity begins.

4. What role does behavioral monitoring play in preventing fraud?

Behavioral monitoring helps you detect anomalies in login patterns, transactions, device use, and account activity, allowing you to identify fraud early and respond in real time.

5. How can I reduce post-onboarding fraud risk on my platform in 2026?

You can reduce risk by combining continuous monitoring, biometric verification with liveness checks, device and behavioral intelligence, velocity controls, and risk-based user segmentation.