Follow Us! ThumbsUp 20 3997 6090
Deepfakes are coming in identity spoofing – the only question is when

Deepfakes are coming in identity spoofing – the only question is when

Author avatar

by Bence Jendruszak

Not a month seems to pass without a viral sensation around the development of deepfake technology. The latest bit of news was of course the creators of South Park launching a new web series based entirely on the technology.

At a first glance, deepfakes are obviously getting better and more convincing, but as they mentioned it was probably the most expensive short they ever created, so it seems that it’s application is still prohibitively expensive for most users – and fraudsters.

I mention this because during the last SEON webinar on online lending, our guest Kaspars Magaznieks mentioned that they have seen some attempts at fraud by people who were using simple face swap technologies in an attempt to beat their risk checks.

While this may seem like yet another funny story, this does present a pressing problem. We have seen in the past for example that scammers were able to use deepfake audio in what is known as CEO fraud – that is, impersonating a key decision maker at a company to issue fraudulent payouts – and such scams seem to be so lucrative that it’s driving a professionalisation among scammers in what is now called as ‘CrimeOps‘.

So while individual, one-off cyber criminals would only have access to toys such as Face Swap, who’s to say that a more professional outfit won’t try using deepfakes on a lower and wider level, be it chargeback fraud or abusing promotional programs?

With the penetration of smartphones everywhere, KYC procedures by large moved onto biometric authentication – that is, asking for not just government IDs, but selfies from the customer holding them. This is only logical, as it’s easy – if annoying – for legitimate customers to do, and so far has proven reliable in raising the barrier for carders who would maybe have access to the documents, but not to the associated face.

However, we have seen in the past few months that this shift in the industry is forcing innovation on the criminal side as well. An entire cottage industry has popped up designed to deliver such selfies to criminals, and we have seen how enterprising fraudsters were able to dupe such KYC processes in the year’s biggest poker botting scandal.

how fraudsters use face swap to commit hack the authentication process

Economically speaking this means that there is already a demand for convincing identity spoofing solutions, and deepfakes will be able to satisfy that demand.

The question is not “if” but “when”: from the fraudsters point of view, if the potential reward is big enough and the risk low enough, sooner or later some business will get hit by an attack designed to beat biometric KYC via deepfakes.

The industry response so far has been moving forward towards something called live facial feature detection – sort of like a CAPTCHA that you have to solve with your face, smiling or grimacing into your camera. As far as easy onboarding processes go, this doesn’t seem like an optimal solution at all, not to mention the plain weirdness of it, which is sure to rub legitimate customers the wrong way.

We believe we can at least take some of that pain away by using digital footprints to flag suspicious users instead of treating every potential customer as a hacker straight out of a sci-fi movie. 

But by the looks of it, fraud attempts powered by deepfake technology are coming, and they will only grow bigger and bolder as the technology advances and becomes more accessible to a wider, less tech-savvy audience.

Share article

See a live demo of our product

Click here

Author avatar
Bence Jendruszak

Bence Jendruszák is the Chief Operating Officer and co-founder of SEON. Thanks to his leadership, the company received the biggest Series A in Hungarian history in 2021. Bence is passionate about cybersecurity and its overlap with business success. You can find him leading webinars with industry leaders on topics such as iGaming fraud, identity proofing or machine learning (when he’s not brewing questionable coffee for his colleagues).

Sign up for our newsletter

The top stories of the month delivered straight to your inbox