Though the term deepfake came about in 2017, the ability to modify and manipulate videos dates back to the 1997 Video Rewrite program. It allowed modifying video footage of a person speaking to depict that person mouthing the words from a completely different audio track. The technique of blending images, videos and altering voice has been used in cinema for even longer, but it was expensive and time-consuming.

A deepfake algorithm can convincingly impersonate a real person’s appearance, actions and voice. With the growth of social media and digital technologies, the technique has now become something of an art form with usage growing rapidly.

The volume of deepfakes is growing at an exponential rate – the number of deepfake videos online in late 2019 was over 14,000 – almost double of what it was in the previous year (Tech Times).

Scams using deepfake technology and AI pose a new challenge for businesses, as conventional security tools designed to keep impostors out of corporate systems are not designed to spot fake voices or manipulated videos. Analysts say costs associated with deepfake scams are expected to cross $250 million in 2020 (Forrester).


Source

Cybersecurity companies are in the process of developing products to detect deepfake recordings, while big organizations have begun to take deepfakes very seriously. Google has built a database of 3,000 deepfakes to help researchers and cybersecurity professionals develop tools to combat the fake videos. Facebook and Microsoft are working with leading US universities to build a database of fake videos for research.

The risk has become so real that the US House Intelligence Committee in June 2019 heard expert testimony on the growing threat posed by deepfakes and other AI-generated false information and what it could mean for the 2020 general elections, as well as the country’s overall national security.

The Dangerous New Kid on the Block

Deepfake is being used today to create astonishingly convincing digitally manipulated voices, photos and videos, even fake identities.

Audio deepfakes have already been used in social engineering scams, tricking people into believing they are speaking with a trusted person. In 2019, an energy firm’s CEO was scammed over the phone when he was instructed to transfer €220,000 into a Hungarian bank account by an individual who used audio deepfake technology to mimic the voice of the firm’s parent company’s chief executive.

Deepfake photos are used to create non-existent persons aka sock puppets, who are active online and in traditional media. A deepfake photo appears to have been generated, along with manipulated but genuine looking metadata, for a non-existent person.

Deepfake apps that enable users to substitute their faces onto those of characters in films and TV shows are popular on social media platforms. In January 2020, Facebook said that it was introducing new measures to counter the problem on its platform.

New deepfake software allows adding, editing or deleting words from the transcript of a video, and the changes are reflected seamlessly in the video.

A Tempting Target for a Deepfake Heist

Where there’s money, there’s crime. Trust fraudsters to leverage new technology in their commitment to gain access to accounts, or to set up accounts or steal money. It is just a matter of time before deepfake becomes another method for digital rogues to defraud banks.

Most banks demand a government-issued ID and selfie to determine a person’s digital identity when creating a new account online. An impostor can use deepfake technology to easily create a photo to meet the requirement.

Deepfake technology that mimics human voice is already being used to target call centers. We will soon start seeing signs of deepfake technology being used to bypass face recognition controls, including those using state-of-the-art liveliness tests. Banks will have to develop invisible behind-the-scenes controls that can compensate for the vulnerabilities in current authentication processes and protocols.

Even as banks widen the scope of their digitisation to cater to increasing online action, it is vital to put equal (if not more) emphasis on stronger measures to protect assets and reputation from newer, emerging threats.

Critical therefore to recognize this emerging threat and proactively implement smarter and enterprise-wide defense mechanisms.

How Can Banks Combat Deepfake Fraud?

Certain banks are already using automated deepfake detection software. While these auto-detection technologies work well today to detect amateur deepfakes, it will not suffice in the future. Soon, deepfakes will have ultra-realism, and existing technologies will not be able to detect them.

As with any security measure, employee training and vigilance is paramount. Make staff aware of deepfakes with examples (getting an unexpected call from a senior bank executive asking them to perform an urgent, unexpected, non-standard task. Banks can have internal security questions to help employees confirm a caller’s identity if required.

There are also advanced identity verification solutions with embedded ‘liveness’ detection to detect advanced spoofing attacks, including deepfakes, and check if a remote user is physically present. But deepfakes can bypass these methods and imposters can still game the system unless the ID verification technology has certified liveness detection validated by a competent authority.

As of now, in most cases the attempts have had flaws with enough tell-tale signs about manipulations. There are also tools that help tell fact from fiction. Social and traditional media can use these tools to identify deepfakes, delete or label them, so that users from other industry sectors who rely on the information do not end up becoming unsuspecting victims. Another solution is for imaging technologies is to add ‘digital noise’ to image, voice and video files, making it harder for a fraudster to use them to produce deepfakes.

Financial institutions must also:

  • Invest in newer technology – Reverse image search technologies have enabled tracing original versions of images. However, research is scarce about reverse video searches, and it does not exist in a way that is freely available to all. Banks must collaborate with niche fintech solution vendors to make it possible to develop this technology and publicly release it.
  • Enrol social media firms – The massive volume of information that social media companies have, could potentially provide solutions. Regulators, banking industry leaders and policymakers can encourage social media companies to disseminate their data to social scientists (while preserving social media user privacy), to enable discovering new solutions to fight deepfakes.
  • Push for legal reforms – Banks and fintechs can spearhead the need for a stronger framework that makes deepfake technology application vendors accountable for enabling deepfake crime.

Altering voices, videos and photos have become an effortless affair and it has already become a challenge to determine a person’s identity with 100% accuracy. The latest addition to the list of appearance modifying technologies – deepfake – is also the most formidable one because of its capabilities.

From having to replace customer funds to incurring penalties to losing trust, a deepfake-led data breaches or account takeover, can have a devastating impact for a bank.

As is expected of crime (including fraud and financial crime), it usually stays a step ahead, so yesterday’s solutions will not be enough to solve today’s challenges.

References

CNBC : : Why is deepfake dangerous
Fintech Futures : Taking a deeper look at deepfake technology
Carnegie Endowment for International Peace : Deepfakes and synthetic media in the financial system: Assessing threat scenarios
Forbes : How deepfakes could become a threat to your identity
Forrester : Predictions 2020: This time, cyberattacks get personal

About the Author:

Naresh Kurup

Director – Marketing

Naresh drives marketing and brand communication for the category-leading banking fraud management product company Clari5.

Naresh on Linkedinnaresh.kurup@clari5.com

© 2020 Clari5TM |  Privacy Policy