The following is the definition of synthetic fraud and deepfakes according to a report by SmileIdentity.com alias State of KYC in Africa 2022.
Synthetic identity fraud combines legitimate and fake information to create a new fake persona.
Some of the information is legitimate, hence it can be more difﬁcult to catch.
When a fraudster uses this method, they can remain undetected for an extended period if subsequent checks using additional information are not done.
Random face generators are an emerging type of synthetic fraud whereby fraudsters use widely available computer vision algorithms to create faces that look like real people but are entirely ﬁctitious.
According to the report, deepfakes are not a major threat, yet.
Deepfakes are a highly sophisticated form of synthetic computer vision fraud where an existing image or video is replaced with someone else’s likeness. These images are used to make it seem like the target did or said something that they did not.
This is typically done by superimposing face images of actual people onto videos or three-dimensional computer vision models.
The techniques required to produce high-quality deepfakes at scale are still beyond the reach of most fraudsters and they tend to look for easier ways in.
Ways to prevent fraud: Biometric KYC
Biometric solutions are the way forward not only for security but also for user convenience.
Verifying ID numbers alone is insufﬁcient to catch most fraud. Criminals have discovered ways of creating or accessing legitimate ID numbers that will easily pass a textual-only ID veriﬁcation.
Many digital services are turning to biometric face checks to power safe remote onboarding.
These checks match consumers’ selﬁes against IDs or previously enrolled photos to ensure that only legitimate users are signing up for accounts or accessing services online.
The rise of selﬁes in the mid-2010s and the subsequent use of facial biometrics for device access have made consumers more familiar with facial recognition as a medium.
Face veriﬁcation is more secure and less error-prone than manually entering passwords or text.
Liveness checks are a crucial veriﬁcation step
Matching faces is not enough. Biometric checks should be backed up by a strong anti-spoof system to ensure customer safety. While sophisticated attacks like “deepfakes” are still relatively uncommon, so-called “cheapfakes” are prevalent. These include taking photos of screens, uploading static photos, or wearing masks.
These types of fakes can easily be prevented with a liveness check. Liveness algorithms complement and augment face recognition, resulting in robust KYC that users and app developers can trust.
Many apps that leverage liveness detection capture a short video of the user during registration.
Alternatively, some apps grab a quick succession of shots while the user performs a speciﬁc motion or gesture in front of the camera. The liveness detection algorithm processes the image or video with specialized computer vision algorithms, acquiring mathematical conﬁdence that the intended real human was present during image capture.
Deduplication prevents users from creating multiple accounts
When fraudsters create multiple accounts to collect promotional payouts or loans, this is known as a duplicate attack.
These efforts are only fruitful for fraudsters if they can successfully sign up for many accounts.
While fraudsters have found ways to inﬁltrate ID systems and have multiple ID numbers, a more difﬁcult thing to alter is their face.
Deduplication is an extremely powerful tool to prevent duplicate account fraud.
In practice, deduplication searches a history of faces that have been previously veriﬁed and alerts you if the same person is attempting to sign up again.
This will ﬂag a duplicate sign-up regardless of country, ID type, ID number, name, or date of birth.
Deduplication is the most effective deterrent for organized attacks on promotional signup codes.