Unmasking Digital Deception: How AI is Fuelling the Rise of Identity Fraud

Unmasking Digital Deception: How AI is Fuelling the Rise of Identity Fraud

In today’s environment — where much of how we interact, work and conduct business is digital-first — everything from business security to data protection, to user privacy are increasingly under threat.

The battle against fraud and identity theft has taken on new dimensions and complexities in today’s increasingly digital world posing a significant threat to businesses and consumers alike.

AI-powered synthesised media attacks, commonly referred to as deepfakes, have turned the fraud landscape on its head, spiking 3000% in 12 months and dominating discussions around what may destabilise digital integrity and trust in the years to come.

The increased availability of generative AI and face-swap apps are enabling cybercriminals to significantly increase their deepfake fraud attempts by impersonation. It can enable fraudsters to manipulate someone’s facial expression, voice, body language, and even skin texture. As sophisticated as the technology has become, it will only continue to evolve and become more convincing. Online fraud tactics are akin to a virus, mutating to avoid cyber defenses to cause maximum damage.

Featuring key analysis from real-world datahe recently released "2024 Identity Fraud Report" by the Entrust Cybersecurity Institute offers critical insights into emerging fraud trends, techniques, and prevention strategies.

Fraud At A Glance

Average fraud rates point to the volume of fraudulent activity. In other words, where fraudsters are focusing their efforts. Comparing the data
 year-on-year points to wider trends across the identity fraud landscape.

This year’s data suggests fraudsters are starting to place more emphasis on biometric fraud. Document fraud rates continue to follow a consistent trend.
 After peaking in 2021, they have levelled out over the last few years, averaging 4.4% in 2023.

Comparatively, there’s been a slight uptick in biometric fraud in the last year. The 2023 average biometric rate (1.31%) is 2X what it was in 2022 (0.68%). Increasingly, fraudsters use a genuine document (obtained via a data leak) for the document verification check, and then change their face for the biometric check.

Surge in Digital Forgeries ✍️ 📄 🧑‍💻

Digital forgeries now account for 34.8% of all document fraud attempts, up from 16.7% last year. This sharp increase can be attributed to the proliferation of AI tools and websites like OnlyFakes, an online service that sells the ability to create images of identity documents it claims are generated using AI. 


At this time, the OnlyFake site has gone down, however, businesses should be aware of similar threats that fraudsters will try to capitalise on. The ease and affordability of these tools make it easier for fraudsters to create convincing forgeries with minimal effort. This trend is also observed in reports from the Asia Pacific region, where countries like Japan and Vietnam have seen significant increases in digital forgery incidents.

Decoding Document Fraud: Fraudsters use different combinations to try
 and bypass security. They might use
 a fake document combined with their own face, or vice versa. Or they might tamper with both the document and the biometric element.

Increased Sophistication in Fraud Attempts 🔐 🛠️

Examining fraud sophistication helps determine what types of attacks fraudsters favor. Are they creating
 a small number of high-quality fakes, or do they prefer to try and brute force a business’s defenses?

Most of the document fraud from 2023 (80.3%) is ‘easy’. This means that the errors on the document are visible to the trained eye. The past few years saw a trend toward less sophisticated, high-volume fraud attempts. However, there has been a recent rise in both medium and hard-to-detect fraud attempts.

Medium sophistication fraud has risen from 19.6% to 36.4%, and hard fraud has increased from 0.1% to 1.4%. This shift indicates that fraudsters are developing more advanced methods to bypass security measures. Recent surveys in APAC support this, showing that businesses are increasingly concerned about the rise of sophisticated AI-driven fraud【​ (India Today)​​ (Digital News Asia)​

Deepfakes and Cheapfakes: The New Frontier of Fraud 🤖

Deepfake attempts have surged by 3,000% from 2022 to 2023, and now account for 30-40% of all biometric fraud attempts. Deepfakes involve using AI to create realistic, but fake, digital images or videos that can impersonate real people.

The increasing accessibility of deepfake technology, including face-swapping apps and generative AI, has enabled fraudsters to create realistic digital imposters. Cheapfakes, on the other hand, involve less sophisticated manipulations such as slowing down or speeding up videos to distort the appearance of authenticity. These methods are becoming significant threats to biometric verification systems【​ (Fintech News Malaysia)​​ (Experian)​​ (Fintech Singapore)​

Protecting Digital Integrity in the Age of Deepfakes and Identity Fraud 🤝

Businesses must stay one step ahead with a robust prevention strategy that can identify and protect against emerging threats, and keep end-users and their business safe. This strategy must also be nuanced and recognise that it cannot cause unnecessary friction for legitimate end-users looking to register or access online services. It must be user-friendly and accessible. Achieving this will protect digital integrity amid surging identity theft, and crucially maintain inclusion and trust in online businesses

How the Automation Era Conceived Deepfake Fraud

The global fraud landscape has shifted substantially in recent years, in line with wider digital trends – notably mainstream accessibility to AI and automation tools. Pre-pandemic, a fraudster followed the typical working week pattern, a clock-in-clock-out, nine-to-five shift with weekends typically seeing a drop in activity. But these habits have changed as fraudsters have understood that AI and automation can mean they can scale their attacks, around the clock, to hit as many targets as possible.

Getting Granular: Deepfakes Versus Cheapfakes 👀

When we think about deepfakes, we often think about sophisticated videos depicting political or celebrity impersonations. But it’s important to clarify that not all deepfake approaches are the same, and fraudsters will look to deploy the technology on varying scales, based on resources, technical skillsets and desired outcomes.

The moniker ‘cheap fakes’ signals the best differentiator – these are significantly less sophisticated than what we’d consider as a typical deepfake. Think budget film versus blockbuster – same concept, very different execution. Also known as shallowfakes or low-tech fakes, cheap fakes use basic video editing software to manipulate imagery.

Common Fraud Techniques:

1. Document Fraud 📜

Fraudsters utilise various combinations to bypass security, including using fake documents with their own faces or tampering with both the document and biometric elements.

Types of Document Fraud:

  • Counterfeit: A complete reproduction of an original document.

  • Forgery: An altered version of an original document.

Methods Used:

  • Physical: Creating or editing a physical document and then submitting a photo of it.

  • Digital: Creating or altering a digital representation of a document using digital tools.

The data highlights that fraudsters prefer to start from scratch when creating fake physical documents. However, they are more inclined to use an existing template (e.g., an image found online) when digitally manipulating documents.

Physical counterfeits still account for the majority of document fraud (73.2%), partly because Onfido’s SDKs require users to capture a live image of their document, making it harder for fraudsters to submit digitally modified images. Despite this, there has been an 18% increase in digital forgeries over the last year, and this trend is likely to continue due to the availability of AI tooling, which makes digitally manipulated images quicker and cheaper to produce【​ (Biometric Update)​​ (Fintech Singapore)​

Fraudster Preferences: A Renewed Focus on National ID Cards

Examining the fraud rate across different document types reveals which documents fraudsters are more likely to target. In 2023, fraudsters targeted National ID cards more than any other document type, accounting for 46.8% of all document fraud. Unlike passports, not all National ID cards are designed for international travel. This means they don't have to adhere to International Civil Aviation Organization (ICAO) guidelines, and are often less robust in terms of protection, making them easier targets for fraudsters.

Several documents that feature in the top 10 most targeted documents list still have older versions in circulation, which generally have fewer security features and are less secure. Additionally, the most common forms of identification in a country are easier for fraudsters to obtain or replicate. National ID cards, due to their widespread use and less stringent security measures, feature heavily on this list.

2. Biometric Fraud 🕵️ 👁️

Fraudsters commonly target selfie biometric checks by using photos from social media or manipulating photos on documents. To counter these threats, biometric verification with liveness detection is essential.

As identity providers and businesses alike have put in place stronger defenses, fraudsters are trying to find new, innovative ways to bypass security. The influx of readily available online AI-assisted tools, such as face-swapping apps, has given fraudsters a new avenue into biometric fraud. Biometric fraud attempts are higher in 2023 than they’ve been in previous years, and the message is clear. Rising threats need stronger defenses - matching a facial biometric to a photo ID helps determine that:

1.     There is a real person attempting
 to sign up for a service, and

2.     That the identity document belongs
to the person presenting it.

3. Industry-Specific Insights:

Fraudsters hit the gambling industry hard in 2023. The online gambling space is particularly attractive
 to fraudsters for two reasons: it's very accessible
 and there are often cash rewards on the table. Professional and financial services also experienced fairly high levels of fraud in 2023. These industries
 are well aware of the risk fraud poses and often have stringent levels of security in place. They also have
 high growth targets, so secure customer conversion
 at onboarding is incredibly important. Given the
 reward on offer for fraudsters, they remain a target.

Financial Services 💼

The financial sector faces high levels of money laundering and loan theft. Fraudsters often use sleeper accounts that appear genuine initially but are later exploited for illicit activities. With an average fraud rate of 3.9%, financial services must prioritise secure customer onboarding and employ stringent verification methods

Gambling Industry 🎲

The online gambling space is particularly attractive to fraudsters due to its accessibility and cash rewards. Common fraud types include multiple account creation, bonus abuse, and money laundering. National ID cards and tax IDs are frequently targeted, highlighting the need for robust document verification processes【31†source】.

Travel Industry ✈️

The travel sector sees a higher proportion of physical counterfeits, particularly driving licenses, due to the need for physical documents at rental locations. With an average fraud rate of 3.0%, travel businesses must remain vigilant and implement strong physical and digital document verification measures.【35†source】【36†source】.

Fraud Timing and Global Footprint 🗺️ 📍🕔

Fraudsters are most active around 5 am UTC (thats 3pm Sydney time & 1pm in Singapore) regardless of their geographical location. This period, dubbed "the fraud hour," sees a spike in fraudulent activity. Additionally, fraud levels tend to rise during global events or periods of unrest, such as during the COVID-19 pandemic or geopolitical conflicts. Businesses should be particularly alert during these times to mitigate the risk of fraud.

Adopt a Layered Approach to Fraud Detection 🛡️

Implementing multiple verification methods, such as document, biometric, and data verification, can enhance security combining various verification techniques to build confidence in customers' identities. Active biometric solutions enhance this approach by leveraging AI to enhance liveness detection and protect against sophisticated fraud attempts. These solutions offer a seamless user experience while delivering high anti-spoofing performance.

Fight like with like: Leverage AI for Fraud Detection 🤖

Advanced AI models can detect specific fraud markers more accurately than generalised approaches. Entrust's Onfido's Atlas AI, for example, uses over 10,000 machine learning models trained to identify unique fraud patterns, improving detection rates by up to 50%.

Opt for SDKs Over APIs 📱

Using SDKs for document and face capture provides better image quality, accessibility, and fraud deterrence compared to APIs. Live capture through SDKs reduces the chance of digitally tampered image submissions and enhances overall security.

Easy Pickings: Why Fraudsters Opt for Scalable Attacks?

Examining fraud sophistication helps determine what types of attacks fraudsters favour. Are they creating a small number of high-quality fakes, or do they prefer to brute force a business’s defenses?

Most of the document fraud from 2023 (80.3%) is classified as ‘easy,’ meaning the errors on the document are visible to the trained eye. Fraudsters typically look for minimum effort, maximum reward results, attacking in volume using scalable models. Businesses should respond by having a scalable, automated fraud detection system in place to catch these large-scale attacks.

Final Thoughts on Combating Digital Deception

In an era where digital interactions dominate, the sophistication and frequency of identity fraud have reached unprecedented levels. Deepfakes, fuelled by advanced AI technologies, represent a significant and growing threat to businesses and consumers alike. As these fraudulent methods evolve, it is imperative for organisations to stay ahead with robust, adaptive security measures.

The findings from the "2024 Identity Fraud Report" by the Entrust Cybersecurity Institute highlights the urgent need for a multi-layered approach to combat these threats. From biometric verification with liveness detection to the integration of AI-driven fraud detection tools, businesses must leverage cutting-edge technology to protect their digital integrity.

Moreover, while it is crucial to implement stringent security protocols, these measures must also ensure a seamless and user-friendly experience for legitimate users. Balancing security and user accessibility will be key to maintaining trust and inclusion in the digital landscape.

As we look to the future, it is clear that the battle against digital fraud is ongoing. Continuous innovation in fraud detection and prevention, along with heightened awareness and proactive strategies, will be essential in safeguarding our digital interactions and preserving the integrity of our online identities.

Until next time stay curious, and vigilant!

Carrie

Shahroz Tariq, PhD

CSIRO's Data61 Research Scientist | Deepfake Detection Expert | Human-AI Teaming | Cybersecurity

5mo

Great insights! The surge in deepfake and biometric fraud is a stark reminder of the importance of robust security measures. A multi-layered defense strategy is significantly important. However, developing and managing it is equally challenging.

Criminals use deepfakes for more than just social media tricks. Ransomware and blackmail are also rising. Don't forget insider threats—employees can exploit this tech too. Great article!

Simone N.

Senior Leadership Go to Market

5mo

Endless and will only get worse.

It's a scary thought but one we should all be aware of!

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics