Our latest report "Deepfakes Vs Biometric Identity Verification" is out. Download it

Deepfakes vs biometric KYC verification

Sensity Team 05/19/2022

Online scams have always been a concerning issue, but since the 2020 covid-19 pandemic we have witnessed a large increase in criminal activities such as frauds, illegal transactions and identity thefts, which are becoming extremely sophisticated and hard to detect for any organization operating online. 

As the illegal use of deepfakes rises, adopting due diligence procedures in order to protect customers is now a priority for governments, financial institutions and businesses.

To prevent and reduce illegal transactions, national government agencies in every country require a practice known as KYC (Know Your Customer), specifically created to verify an individual’s identity online. 

The number of interactions requiring KYC are numerous and involve almost every kind of financial transaction, from opening a bank account to purchasing a flight ticket.

Common steps in KYC solutions

KYC methods used by most businesses operating globally entail few different steps. Usually the system includes ID verification, in which the user has to show an identification document. Face Matching, consisting in checking the correspondence of ID document photos with live face images obtained through selfies, and Liveness, which consists in matching the user’s identity with that of the person in front of a camera by making him performing actions (active liveness) or simply verifying it by analyzing elements like depth and reflection (passive liveness).

Spoofing KYC With Deepfakes 

Most businesses who rely on KYC methods are unaware that in spite of their efforts to avoid online scams, not well designed ID verification, Face Matching and Liveness (both active and passive) can still not provide sufficient security. 

As technology evolves, deepfakes can easily spoof KYC systems and be increasingly dangerous. Moreover, fraudsters don’t need to invest a great amount of money to be highly effective in their attacks. As demonstrated in our new report, sometimes all they need are inexpensive special phones available on the market for a few hundred dollars, able to hijack the mobile camera and inject pre-made deepfake models, as happened in a giant scam against China’s taxation system in 2021. 

AI face swap performed on ID picture. It’s sufficient having one picture of the target to use his face

Our Innovative Approach

As known in academic studies, open-source face recognition models are widely exposed to deepfake attacks.

Therefore, a highly effective KYC system must include solutions that run at the same pace of the menaces we encounter. The first step to achieve this objective is to identify the weaknesses of the most common KYC methods currently used by dozens of companies and millions of customers around the globe. 

This has been the main focus of our latest report, in which we have developed the industry-first Deepfake Offensive Toolkit (DOT), performing penetration testing on KYC verification systems. With this kind of innovative approach, we can use a powerful tool internally with a Red Team approach to improve our own identity services, developing superior security solutions.

Face matching and liveness can be easily fooled by deepfakes

Spotting Biometric KYC Vulnerabilities  

As we explain in detail in the report, with the help of DOT we developed a protocol in four steps, testing penetration into commercially deployed KYC systems and verifying their real effectiveness. Our toolkit was essential to simulate deepfake digitally injected attacks and the results were quite surprising.

Specifically, most of the services for ID verification and face matching commonly available are defenseless to face swaps; also, the most common Active and Passive Liveness detection, widely used KYC techniques worldwide, can easily be spoofed by deepfakes able to reproduce in real time faithfully facial landmark movements. 

Based on these results, we were able to elaborate a game changing approach. Our identity verification solution employs deepfake detection algorithms in every step of the process.For more information on how fight back Deepfakes KYC spoofing attempts, contact us at: info@sensity.ai

Share the article:

Next Articles

Sensity AI: The Ultimate Fake Document Detection Software

As digital technology evolves on a daily basis becoming more and more accessible to everybody, the number of tools in the hands of fraudsters is constantly growing. For this reason, online crimes are now one of the most concerning issues for a great number of businesses. Real estate, insurance, trading, wealth management, along with many […]
Sensity Team
what is KYC verification

What is KYC Verification? The all-in-one Solution

KYC is the practice of verifying an individual’s identity in compliance with laws and regulations, primarily for Anti-Money Laundering purposes. In response to the pronounced inability to detect and prevent online fraud, the KYC process has been introduced to reduce instances of illegal transactions. The increasing adoption of technologies led to the rise in cases […]
Sensity Team