Nearly half of all companies encountered deepfakes in their business processes this year, according to Regula’s deepfake report. What started as a fun type of content creation in the late 2010s has now become a serious threat across various sectors, including identity verification (IDV).
In this blog post, we’ll explore what deepfakes are and how they are used for fraud; plus, we’ll provide some essential defense tactics for businesses.
What are deepfakes?
Deepfakes refer to "synthetic media" created or altered using artificial intelligence (AI), specifically through machine learning (ML).
On a technical level, deepfake generation relies on deep learning techniques. As a subset of ML, deep learning involves neural networks, which mimic the brain's logical structure. These networks are trained on large datasets to perform tasks like data parsing, classification, and generation. The datasets used may include images, videos, audio, and/or text.
In practice, deepfakes use and manipulate real images, videos, and audio samples, which people can use to create inauthentic content.
From this perspective, people using ChatGPT as a "co-worker" for text or image generation are also creating a type of deepfake. This applies to customer persona creators who often use photos of non-existent individuals as composite images for different target audiences.
For this reason, many deepfake generators include disclaimers, emphasizing the creator’s responsibility for the content they generate.
Unfortunately, the technology is also widely exploited by fraudsters who show little regard for ethics.
Deepfake types: A quick and detailed explanation
Simply put, criminals use three main types of deepfakes to bypass IDV:
Image-based deepfakes | Video-based deepfakes | Audio-based deepfakes |
---|---|---|
Generating a fake photo of an ID document or a user’s selfie | Simulating a person’s live appearance | Mimicking a user’s voice |
However, there is a more complex classification based on how deepfakes are created. The most common methods include:
Face swap: This "simple" deepfake places one person’s face or head onto another’s body. It's a popular filter on social media platforms like TikTok or Snapchat and can be used in both images and videos.
Lip syncing: A voice recording from one context is mapped onto a video from another, making the subject say something new but inauthentic. It’s widely used in entertainment and political disinformation.
Puppet deepfakes: These use Generative Adversarial Networks (GAN), where one network (“generator”) generates fake content and another (“adversary”) detects flaws in the presented result. Through many iterations, the GAN creates a realistic "puppet" that mimics the target’s facial or body movements.
Now, let’s look at how these synthetic media are used for fraud.
How deepfakes attack companies
As a fully digital asset, deepfakes primarily target businesses where customer interactions, including onboarding, are conducted online. The issue is compounded as more companies shift to digital platforms, making the deepfake threat more pervasive and pernicious.
In 2024, nearly half of all companies in the Banking, FinTech, Crypto, Technology, Telecommunications, Aviation, Healthcare, and Law Enforcement sectors surveyed by Regula reported encountering both audio and video deepfakes.
Importantly, the idea that fraudsters are creating innovative deceptive techniques with this tool is incorrect. It’s more accurate to say that the emergence of deepfakes and the increasingly affordable and accessible ways to generate them have made it easier for criminals to improve upon “old” methods.
Presentation attacks
This type of attack involves spoofing biometric face authentication systems or creating fraudulent accounts using fake portraits. In both cases, deepfakes can mimic a real person or depict a non-existent individual.
These deepfakes can then be displayed as printed or on-screen images or videos during onboarding or customer re-verification.
Injection attacks
This is a more sophisticated version of a presentation attack, where fraudsters directly insert false biometric data into the IDV process without using a physical camera or microphone. This method allows them to bypass facial or voice recognition systems. Deepfakes are used to mimic a real user with lifelike videos and synthesized voice prints.
Submission of AI-generated IDs
Deep learning has been adopted by underground services like OnlyFake, which can generate realistic images of passports, driver’s licenses, and other identity documents. These images appear highly plausible, mimicking security features and backgrounds, such as carpeting or a marble countertop, as if a real user took the photo in a hotel room or kitchen. These fakes can be used to pass ID verification.
What can companies do today to make their systems ready?
With the rise of deepfakes, businesses must upgrade their IDV systems by adopting advanced technologies and adding more security layers. Fraudsters are relentless in their efforts to deceive companies, and sometimes they adopt new technologies faster than organizations do.
Businesses that contribute to developing an identity fraud detection and prevention framework can adjust their IDV processes accordingly. This system includes multiple components: a dedicated team of fraud and risk managers, compliance officers, trained to detect anomalies and recognize deepfakes, and a robust IDV solution based on advanced technology and a comprehensive identity document template database.
Liveness detection is another must-have for IDV. Both passive and active liveness checks ensure that the person on the other end is real while detecting deepfake attributes like artificial skin tone, moiré noise, and unnatural shadows. This method also applies to identity documents by verifying the presence of dynamic security features, such as holograms.
Additionally, companies can monitor other fraud signals when verifying new customers or authenticating existing ones. For example, many businesses perform IP checks to detect inconsistencies in user behavior patterns.
This holistic approach to IDV creates a multi-layered defense system that addresses all aspects of customer verification while considering key risks. Constant monitoring and regular updates are also crucial to this strategy.
Importantly, the deepfake threat extends beyond business, affecting stakeholders in other sectors like news media, social media, law enforcement, and government. With the introduction of AI regulatory frameworks, such as the European Union AI Act and anti-deepfake regulations in China, a global shift in compliance requirements can be expected in the future.
Partner with Regula to stay ahead of sophisticated identity fraud
Working with vendors offering comprehensive IDV solutions is critical to maintaining secure verification processes. Regula provides a set of advanced technologies, including:
Facial recognition and face matching
Liveness checks for selfies and identity documents
Extended authenticity checks
Digital verification of passports, driver’s licenses, visas, residence permits, voter cards, and other IDs from 251 countries and territories
Fully customizable and 100% on-premises solutions
Let’s discuss your concerns, requirements, and expectations to find the solution that works for you!