News
Deepfake Fraud: How AI is Bypassing Biometric Security in Financial Institutions
December 2024 by Group-IB
In late August 2024, a prominent Indonesian financial institution reported a deepfake fraud incident impacting its mobile applications, and Group-IB threat intelligence specialists set out to determine exactly what had happened.
The research published today, led to the identification of over 1,100 deepfake fraud attempts by one of our Indonesian clients, where AI-generated deepfake photos were used to bypass their digital Know Your Customer (KYC) process for loan applications.
The key discoveries resulting from the Group-IB investigation are:
• Financial and Societal Impact of Deepfake Fraud: The widespread use of deepfake technologies for fraud poses significant financial risks, with potential losses in Indonesia alone estimated at $138.5 million USD. The social implications include threats to personal security, financial institution integrity, and national security.
• Deepfake Technology Bypasses Biometric Security: Fraudsters used AI-generated deepfake images to bypass biometric verification systems, including facial recognition and liveness detection, to impersonate victims and fraudulently access financial services.
• Advanced Fraud Methods Involving App Cloning: The use of app cloning allowed fraudsters to simulate multiple devices and bypass security mechanisms, highlighting vulnerabilities in traditional fraud detection systems.
• Virtual Camera Applications in Fraud: Fraudsters exploited virtual camera software to manipulate biometric data, using pre-recorded videos to mimic real-time facial recognition during KYC processes, deceiving institutions into approving fraudulent transactions.
• AI-Powered Face-Swapping Technologies: AI-driven face-swapping tools enabled fraudsters to replace a victim’s facial features with those of another person, further complicating the detection of fraudulent attempts in biometric verification.
