David Fry

Founder & CEO

Rising Discrepancies: Deepfake Tech Highlights Distinct Demands in KYC and Fraud Detection 

Article Summary: This article explores the urgent challenges posed by the emergence of deepfake technology in the realm of global fraud, particularly affecting the processes of Know Your Customer (KYC) and fraud detection. Recent developments have unveiled websites offering highly realistic deep-fake digital replicas of government-issued IDs for as little as $15, undermining traditional KYC procedures used by financial services, crypto platforms, betting accounts, and dating apps. The ease and affordability of this technology signal a potential for widespread misuse, further complicated by advances in 3D printing that could produce tangible fake IDs. This situation escalates the vulnerability of digital and physical authentication processes to AI-enabled fraud, highlighting a critical need for a modern digital fraud detection approach that goes beyond conventional KYC methods. The blog emphasizes the distinction between regulatory KYC/IDV requirements and fraud detection, advocating for an integrated fraud stack that enhances validation and fraud prevention measures.

It’s been a wild month for global fraud professionals with the appearance of new Fake ID websites marketing the ability to create deep-fake digital replicas of government-issued photo IDs from many countries including the UK, US, Canada and Australia.  Deep fakes are highly realistic digital manipulations of audio, images, or video and can be used to evade traditional Know Your Customer (KYC) processes present in on-boarding journeys for financial services, crypto and betting accounts, dating apps, and beyond.

Not only is this technology incredibly powerful and (apparently) capable of evading sophisticated digital KYC processes, it’s also available for the very accessible price of $15/document!  The combination of sophisticated and cheap technology means the potential for mass scale, and potentially, mass destruction.

While this new website looks to be only selling digital versions of these documents currently, that shouldn’t provide much comfort to those relying physical KYC processes, given the similarly increasing sophistication of 3D printing capabilities, which when matched with this new digital deepfake capability, could readily churn out high-quality physical fake IDs at a fraction of the price of what it currently costs organized crime to produce comparable high-quality fakes.

In lending or on-boarding customer journeys, KYC can typically appear near the start of a journey before many of the credit bureau or traditional fraud detection tools are invoked.  Imagine the damage that could be done with a high-quality deep fake that passes KYC and thereafter all of the credentials that are submitted to the bureaus or downstream fraud solutions, are based on the credentials of that deepfake ID; either synthetic or stolen (true name).

For authentication processes that rely solely on digital customer interaction, this means that the KYC solutions used in these processes are now even more vulnerable to ai-enabled fraudsters.

For authentication processes that rely more on physical interaction, it puts a much higher degree of onus on the “checker” of the ID and their ability to spot a fake, before it (and the credentials) get passed into the system and a new application or account is created.

In either case, vulnerability to this fraud vector during the KYC process has now increased dramatically with the introduction of this new technology, in the hands of bad actors.

But there is an answer to this: a modern digital fraud stack that not only includes the KYC process, but other data points and parameters to validate the KYC decision itself.

Since our pivot into Enterprise Software 2 ½ years ago, one of the things we’ve said repeatedly to prospective customers is that we need to separate KYC/IDV (regulatory, including FINTRAC in Canada) requirements, from fraud detection requirements.  These are increasingly not the same requirements, and can’t be solutioned with the same (antiquated) tools. 

As a former on-line BNPL travel marketplace, we know this at Paays from first-hand experience:  Fraud detection and prevention may start with a KYC process (depending on the journey), but it certainly doesn’t end there.  And with the introduction of these new, powerful, easy and cheap to use deep-fake capabilities, it’s now imperative to go beyond KYC and add digital fraud tools that can enable a stronger validation and prove that “this person is who they say they are”.

Regulators will take time to catch up to this new reality and adjust their requirements, to make the process stronger.  In the meantime, fraudsters now have a wide-open opportunity to cheaply scale this kind of fraud to a broad range of lending use cases (credit cards, auto loans, mortgages, etc.), and more broadly financial services in general. 

Participants that understand the difference between KYC and Fraud Detection/Prevention, and can see the increasing threat that Ai-generated deepfakes present, have the opportunity to protect themselves from these threats.  Others, who rely solely on KYC as a means of detecting and preventing fraud, and can’t see the vulnerabilities that now exist due to deepfake technology, are in for a rude awakening.

 

Join the conversation in-person and be apart of the ongoing innovation in lending:

Bankers Summit

2024 Bankers Summit

On May 15th, 2024, discover how next-gen FIs are partnering with fintech to accelerate innovation. Join over 500 banks, credit unions and fintechs in our networking hall building partnerships. The expert panels will take a deep dive into Core Modernization, BaaS, Embedded, Sustainable Finance and much more. Register here.