Key Takeaways
- Financial firms’ fraud and risk teams must bolster know-your-customer safeguards in the face of increasingly effective deepfake technology.
- Rapid improvements in deepfake generation and other tools available to fraudsters are already challenging the integrity of remote identity checks.
- The problem is set to get worse, with criminal access to more advanced face-swapping tools expected to increase in the next 12 to 15 months.
- Illicit targeting of financial services firms and cryptocurrency platforms, as well as attempts to bypass KYC in sectors that have more recently adopted it, are also expected to rise.
- Experts recommend updating governance processes, regularly testing technical and human-led defenses, and increasing public-private intelligence sharing to track the latest innovations.
Introduction to Deepfake Technology and Its Implications
The increasing effectiveness of deepfake technology is posing a significant threat to financial firms’ know-your-customer (KYC) safeguards. Deepfake technology refers to the use of artificial intelligence (AI) to create realistic images, videos, and audio recordings that can be used to impersonate individuals. This technology has improved rapidly in recent years, making it easier for fraudsters to create convincing deepfakes that can be used to bypass identity checks. The World Economic Forum’s Cybercrime Atlas project has published a report warning of the risks posed by deepfake technology and the need for financial firms to bolster their KYC safeguards.
The Rise of Deepfake-As-A-Service Subscriptions
The report notes that deepfake-as-a-service subscriptions are now available on underground markets, providing ready-to-use images or videos for $10 to $50 per month. These subscriptions can be used to create convincing deepfakes that can be used to impersonate individuals, making it easier for fraudsters to bypass identity checks. Additionally, face-swapping tools that promise "turnkey face-swapping" are available for $1,000 to $10,000, while voice impersonation tools can be purchased for $1,000 to $3,000. These tools are making it easier for fraudsters to create convincing deepfakes, and the barrier to entry for AI-curious miscreants is being lowered.
The Ease of Creating Convincing Deepfakes
Creating a convincing deepfake of a real person is easier than ever, thanks to the abundance of digital source material available. Attackers can harvest samples from social media, webinars, or even past phone calls, and with as little as 10 seconds of audio, they can create a convincing clone of a colleague, superior, or family member. The report notes that the commercially available tools for creating deepfakes are not perfect, but they are improving rapidly. The World Economic Forum report author, Natalia Umansky, states that the analysis of 17 face-swapping tools and camera injection techniques reveals a clear shift towards real-time, high-fidelity impersonation capable of defeating digital KYC.
The Threat of Face-Swapping Tools
Face-swapping tools can be used to create entirely fictional personas, or synthetic identities, for opening accounts and committing fraud. These tools can also be used to impersonate real individuals, making it difficult for financial firms to distinguish between genuine and fake identities. The report warns that face-swapping tools can be used to bypass live verification, and some tools are expressly sold on cybercrime sites with a promise that they are able to reliably defeat KYC checks. The report predicts that in the next 12 to 15 months, criminal access to more advanced face-swapping tools will increase, as will illicit targeting of financial services firms and cryptocurrency platforms.
The Limitations of Camera Injection Tools
The report also reviewed eight camera injection tools, ranging from free software to applications costing anywhere from $10 to $3,000. These tools are used to bypass digital identity checks, but they are technically diverse and constrained by latency, content format requirements, and detectable device artifacts. The report notes that most camera-injection tools seem limited in their ability to reliably defeat modern KYC systems that use dynamic prompts and software development kit (SDK)-level integrity checks. However, experts expect that this will change as criminals develop better virtual camera drivers that provide greater stealth, alongside software offering improved real-time streaming capabilities with lower latency and discernable errors.
Recommendations for Financial Firms
The World Economic Forum report recommends that financial firms update their governance processes to account for the fast-evolving technology, regularly test technical and human-led defenses through red-teaming, and increase public-private intelligence sharing to track the latest innovations. This will help financial firms to stay ahead of the threats posed by deepfake technology and to protect their customers’ identities. The report also notes that detecting and flagging such fakery for fraud review teams will fall in part to financial firms’ KYC software vendors. By working together, financial firms can reduce the risk of deepfake-related fraud and protect their customers’ identities.
