AI & Deepfake Scamshigh

KYC Bypass with AI Deepfakes: Financial Accounts Opened with Fake Faces

Criminal groups are using AI-generated deepfake videos and photos to bypass Know Your Customer (KYC) facial recognition checks at banks, cryptocurrency exchanges, and financial services — opening accounts under false identities.

Global Financial Institutions·2024·2 min read

Background

Financial institutions use facial recognition as part of KYC onboarding: customers submit a photo ID and take a selfie or video that is compared to the ID. AI deepfake tools have made it possible to generate convincing real-time video of a face matching a stolen identity document.

The Attack

Attack techniques include: submitting an AI-generated still image that passes liveness checks if the check only requires a static selfie; using real-time deepfake software (like DeepFaceLive) to pass video-based liveness checks by streaming a generated face that matches a fake or stolen ID; or using AI face-swap tools on a video of a real person to match the face to a fraudulent ID. Financial institutions in Europe, the US, and Asia reported increased rates of synthetic identity fraud. Some KYC vendors reported AI-generated bypass attempts in up to 25% of attempted fraudulent onboardings.

Response

KYC vendors began adding presentation attack detection specifically targeting deepfake video. The UK's Financial Conduct Authority issued guidance on AI risks in KYC. Regulators required additional liveness detection layers. Some institutions added document authenticity verification combined with ID database cross-checks.

Outcome

Synthetic identity fraud using AI-generated faces became a multi-billion dollar problem for financial services globally. The arms race between deepfake quality and liveness detection algorithms continues to escalate.

Key Takeaways

  1. KYC facial verification must include liveness detection capable of detecting AI-generated deepfake video, not just static photos
  2. Identity verification must combine facial recognition with independent data source cross-referencing
  3. Financial institutions should monitor for patterns in fraudulent account opening attempts that suggest tooling
  4. Regulators must update KYC standards continuously as AI deepfake capabilities improve

How to Prevent This

All guides
advanced

Add video call verification for high-risk identity scenarios — deepfakes can pass audio-only checks

AI voice cloning passes telephone and audio-only verification. Deepfake video is advancing rapidly and can fool video calls under certain conditions. For the highest-risk identity scenarios — executive approval for large wire transfers, contractor onboarding with system access, MFA reset for privileged accounts — require a video call where the individual physically holds a company-issued badge next to their face. Current deepfake video technology struggles to render highly specific, real-time items accurately. Combine with a live action challenge: ask the person to perform a specific physical action (show a specific finger count, write a code word on paper) that a pre-recorded deepfake cannot anticipate.

See: AI KYC Bypass DeepfakesAI & Emerging Threats
KYC bypassdeepfakesynthetic identityfacial recognitionfinancial fraud

More in AI & Deepfake Scams

2024critical

Deepfake CFO Video Call: Hong Kong Finance Worker Pays $25 Million

2 min readAI & Deepfake Scams
2019high

First Documented AI Voice Clone Fraud: CEO's Voice Transfers €220,000

2 min readAI & Deepfake Scams
2022high

AI LinkedIn Fake Profiles: North Korea Uses Generated Faces to Infiltrate Tech Companies

2 min readAI & Deepfake Scams