The following is the definition of synthetic fraud and deepfakes according to a report by SmileIdentity.com alias State of KYC in Africa 2022.
Synthetic identity fraud combines legitimate and fake information to create a new fake persona.
Some of the information is legitimate, hence it can be more difficult to catch.
When a fraudster uses this method, they can remain undetected for an extended period if subsequent checks using additional information are not done.
Random face generators are an emerging type of synthetic fraud whereby fraudsters use widely available computer vision algorithms to create faces that look like real people but are entirely fictitious.
According to the report, deepfakes are not a major threat, yet.
Deepfakes are a highly sophisticated form of synthetic computer vision fraud where an existing image or video is replaced with someone else’s likeness. These images are used to make it seem like the target did or said something that they did not.
This is typically done by superimposing face images of actual people onto videos or three-dimensional computer vision models.
The techniques required to produce high-quality deepfakes at scale are still beyond the reach of most fraudsters and they tend to look for easier ways in.
Ways to prevent fraud: Biometric KYC
Biometric solutions are the way forward not only for security but also for user convenience.
Verifying ID numbers alone is insufficient to catch most fraud. Criminals have discovered ways of creating or accessing legitimate ID numbers that will easily pass a textual-only ID verification.
Many digital services are turning to biometric face checks to power safe remote onboarding.
These checks match consumers’ selfies against IDs or previously enrolled photos to ensure that only legitimate users are signing up for accounts or accessing services online.
The rise of selfies in the mid-2010s and the subsequent use of facial biometrics for device access have made consumers more familiar with facial recognition as a medium.
Face verification is more secure and less error-prone than manually entering passwords or text.
Liveness checks are a crucial verification step
Matching faces is not enough. Biometric checks should be backed up by a strong anti-spoof system to ensure customer safety. While sophisticated attacks like “deepfakes” are still relatively uncommon, so-called “cheapfakes” are prevalent. These include taking photos of screens, uploading static photos, or wearing masks.
These types of fakes can easily be prevented with a liveness check. Liveness algorithms complement and augment face recognition, resulting in robust KYC that users and app developers can trust.
Many apps that leverage liveness detection capture a short video of the user during registration.
Alternatively, some apps grab a quick succession of shots while the user performs a specific motion or gesture in front of the camera. The liveness detection algorithm processes the image or video with specialized computer vision algorithms, acquiring mathematical confidence that the intended real human was present during image capture.
Deduplication prevents users from creating multiple accounts
When fraudsters create multiple accounts to collect promotional payouts or loans, this is known as a duplicate attack.
These efforts are only fruitful for fraudsters if they can successfully sign up for many accounts.
While fraudsters have found ways to infiltrate ID systems and have multiple ID numbers, a more difficult thing to alter is their face.
Deduplication is an extremely powerful tool to prevent duplicate account fraud.
In practice, deduplication searches a history of faces that have been previously verified and alerts you if the same person is attempting to sign up again.
This will flag a duplicate sign-up regardless of country, ID type, ID number, name, or date of birth.
Deduplication is the most effective deterrent for organized attacks on promotional signup codes.