Deepfake tech shows that KYC and fraud detection are increasingly different requirements

It’s been a wild week for global fraud professionals with the appearance of new Fake ID websites marketing the ability to create deep-fake digital replicas of government-issued photo IDs from many countries including the UK, US, Canada and Australia.? Deep fakes are highly realistic digital manipulations of audio, images, or video and can be used to evade traditional Know Your Customer (KYC) processes present in on-boarding journeys for financial services, crypto and betting accounts, dating apps, and beyond.

Not only is this technology incredibly powerful and (apparently) capable of evading sophisticated digital KYC processes, it’s also available for the very accessible price of $15/document!? The combination of sophisticated and cheap technology means the potential for mass scale, and potentially, mass destruction.

While this new website looks to be only selling digital versions of these documents currently, that shouldn’t provide much comfort to those relying physical KYC processes, given the similarly increasing sophistication of 3D printing capabilities, which when matched with this new digital deepfake capability, could readily churn out high-quality physical fake IDs at a fraction of the price of what it currently costs organized crime to produce comparable high-quality fakes.

In lending or on-boarding customer journeys, KYC can typically appear near the start of a journey before many of the credit bureau or traditional fraud detection tools are invoked.? Imagine the damage that could be done with a high-quality deep fake that passes KYC and thereafter all of the credentials that are submitted to the bureaus or downstream fraud solutions, are based on the credentials of that deepfake ID; either synthetic or stolen (true name).

For authentication processes that rely solely on digital customer interaction, this means that the KYC solutions used in these processes are now even more vulnerable to ai-enabled fraudsters.

For authentication processes that rely more on physical interaction, it puts a much higher degree of onus on the “checker” of the ID and their ability to spot a fake, before it (and the credentials) get passed into the system and a new application or account is created.

In either case, vulnerability to this fraud vector during the KYC process has now increased dramatically with the introduction of this new technology, in the hands of bad actors.

But there is an answer to this: a modern digital fraud stack that not only includes the KYC process, but other data points and parameters to validate the KYC decision itself.

Since our pivot into Enterprise Software 2 ? years ago, one of the things we’ve said repeatedly to prospective customers is that we need to separate KYC/IDV (regulatory, including FINTRAC in Canada) requirements, from fraud detection requirements.? These are increasingly not the same requirements, and can’t be solutioned with the same (antiquated) tools.?

As a former on-line BNPL travel marketplace, we know this at Paays from first-hand experience:? Fraud detection and prevention may start with a KYC process (depending on the journey), but it certainly doesn’t end there.? And with the introduction of these new, powerful, easy and cheap to use deep-fake capabilities, it’s now imperative to go beyond KYC and add digital fraud tools that can enable a stronger validation and prove that “this person is who they say they are”.

Regulators will take time to catch up to this new reality and adjust their requirements, to make the process stronger.? In the meantime, fraudsters now have a wide-open opportunity to cheaply scale this kind of fraud to a broad range of lending use cases (credit cards, auto loans, mortgages, etc.), and more broadly financial services in general.?

Participants that understand the difference between KYC and Fraud Detection/Prevention, and can see the increasing threat that Ai-generated deepfakes present, have the opportunity to protect themselves from these threats.? Others, who rely solely on KYC as a means of detecting and preventing fraud, and can't see the vulnerabilities that now exist due to deepfake technology, are in for a rude awakening.

?

David A. Fry

CEO, Paays