Why early detection is critical in stopping deepfake attacks

profile picture Elly Heath 6 min read
Woman presenting a 2d image trying to perform a presentation attack

Digital identity and age verification are becoming integral parts of customer onboarding and access management, allowing customers to get up and running on your platform fast. However as customer verification tools become more advanced, so too are fraudsters seeking to spoof systems by impersonating someone, appearing older than they really are or passing as a real person when they’re not. Deepfake attacks, which can mimic a person’s face, voice or mannerisms, pose a serious threat to any business using biometric customer verification.

In this blog, we explore why detecting deepfakes early is essential for maintaining trust, security and regulatory compliance.

 

What are deepfake attacks?

Deepfake attacks use AI-generated synthetic media, including altered videos, images and audio, to impersonate individuals. The aim is to manipulate or gain unauthorised access to systems or services, constituting a form of cyberattack.

They can occur as either presentation (direct) or injection (indirect) attacks. Presentation attacks attempt to spoof a system using paper images, 2D or 3D masks, screen images or video recordings, while injection attacks try to manipulate the verification process by replacing the live camera feed with pre-recorded or synthetic images or videos.

 

Why are deepfake attacks rising?

2024 saw a significant rise in deepfake attacks, with technological advancements, increased accessibility and financial incentives to blame. The rapid rise in powerful generative AI models has made it easier to create and use deepfake images and videos – all accessible to anyone with a laptop and webcam. With the cost of living increasing, the potentially huge economic gains of exploiting customer data are just too appealing for some.

The growing dependence on remote, biometric-first customer verification has opened up the playing field for fraudsters – particularly if businesses are relying on outdated automated systems, with little to no human involvement.

The lack of public awareness and regulation has also enabled hackers to exploit systems, with some businesses overestimating their ability to detect deepfakes or downplaying the risk entirely as there is no consistent regulatory framework for them to follow.

 

The cost of missing a deepfake and why early detection matters

The potential financial losses and reputational damage of missing a deepfake attack could have long lasting consequences. Below we highlight why early detection is critical.

Preventing fraud at the point of entry

Detecting a deepfake attack at the point of customer verification is the most effective line of defence. After this point, a bad actor can gain access to sensitive information – about both your business and your customers. By the time an attack is detected, it may be too late to safeguard critical company data.

Maintaining brand reputation and customer trust

A deepfake attack can cause customers to lose trust in your business’ security measures and so turn to your competitors’ products and services instead. Customers expect their personal data to be safe within your systems – failure to do so can result in reputational damage, public backlash via the media and significant financial losses.

Safeguarding company resources

Responding to a deepfake attack is very resource intensive for a business. Investigating compromised customer accounts, trying to reverse unauthorised transactions and mitigating reputational damage all requires significant time, money and human effort.

Remaining regulatory compliant

Identity data handling is strictly regulated by measures like GDPR, eIDAS and the UK Digital Identity and Attributes Trust Framework. Failing to meet regulatory requirements could result in legal and financial penalties.

 

How businesses can stay resilient against deepfake-enabled fraud

To counter the rise in deepfake attacks, businesses should incorporate the below measures as part of their customer verification process.

Advanced liveness detection ensures it’s a real person being verified with just a face scan, stopping a deepfake attack before it can occur.

Injection attack detection technology ensures images submitted for verification are genuine and camera takeover has not occurred with a deepfake image or video.

Biometric face matching and strong account authentication can be used to match your customer’s face to a document or existing profile so a fraudster cannot claim to be someone they’re not. This technology can be used during onboarding to ensure your customer is the owner of a document, when matching customers to existing or new profiles, or for secure re-authentication.

Adding multi-factor authentication (MFA) provides a second layer of defence. Even if a bad actor gets hold of a customer’s password, they can’t access the account without an additional factor. This could be a push notification, a text code or authentication using FaceID.

Privacy preserving facial age estimation technology is highly effective at estimating age using just a face scan and takes only a few seconds. This technology ensures someone is not able to appear older than they are with a deepfake image or video.

Human verification experts add additional assurance and may be able to spot signs of a deepfake that technology cannot. Counter Fraud teams also research the latest trends in deepfake attacks globally so can stay ahead of potential threats.

As critical as early detection is, evidence suggests that ongoing authentication is also vital in securing your business systems. At the point of onboarding, a biometric template of your customer’s face can be stored for future authentication against a live face scan – safeguarding your business in the long term.

The threat of deepfake attacks is constantly evolving and so must our defences. Detecting deepfakes at the point of verification – before they’re able to infiltrate your systems – is critical. By investing in robust detection technology and processes, businesses can protect their systems and maintain customer trust in a world where seeing is no longer believing.

To find out how Yoti can help your business detect deepfake attacks, get in touch.

Keep reading

How accurate can facial age estimation get?

Facial age estimation using machine learning has advanced significantly in recent years. But, a common and fair question still arises: How accurate can it really be? Can a system look at your face and accurately guess your age, especially when humans often get it wrong? The short answer is that it’s very accurate – but not perfect. We explain why.   The myth of 100% accuracy It’s important to set realistic expectations. No facial age estimation model can achieve 100% accuracy across all ages.  Human aging is highly individual and shaped by many external factors, especially as we get

6 min read
Synthetic identity fraud is committed by the theft of a real piece of persoanl information such as an SSN, and combined with false information to make up an entirely synthetic identity that often bypasses traditional checks

What is synthetic identity fraud? How it works and how to prevent it

What is synthetic identity fraud? Synthetic identities are fake identities, built by combining real and made-up information, earning them the nickname “Frankenstein IDs” due to their pieced-together nature. Synthetic identity fraud is different to traditional identity fraud as it doesn’t involve an obvious, immediate consumer victim. These fake profiles are designed to mimic real customers, often slipping past traditional fraud detection systems because they don’t raise typical red flags. As a result, the primary victims of synthetic identity fraud are businesses and lenders, who bear the financial losses.   How synthetic identities are created and used Fraudsters combine

8 min read
An image of a woman trying to buy a bottle of alcohol at a supermarket self-checkout terminal.

"We need an army of Elliots" - why it’s bonkers we’re not using facial age estimation to sell alcohol

Let’s just get this out there: humans are not great at guessing ages. Don’t just take our word for it. Studies have proven this to be the case. Most of us reckon we can largely say if someone is under 25 using the Challenge 25 technique but when put to the test, the truth comes out: retailers do let some under 18s buy alcohol. Not always and not everyone, but some people are incorrectly estimated to be older than they really are. Let’s be honest, this is not ideal. Now, to be fair, not all humans are created equal.

3 min read