The Clash of Video KYC and Deepfakes

Video KYC (Know Your Customer) is poised to revolutionize identity verification in the financial services sector. Yet at the same time, deepfakes are on the rise. There was a 10x jump globally in detected deepfakes in 2023—with the financial services industry being the second most targeted sector.

The shadow of KYC deep fakes looms large over video KYC. Deepfakes undermine the integrity of video KYC processes by creating realistic-looking videos that can deceive financial institutions into believing they are interacting with legitimate customers. This opens the door to fraudulent activities, identity theft, and other financial crimes.

This is why it’s critical to understand KYC deep fakes and develop comprehensive countermeasures against them so that the financial services industry can make the most of video KYC—confident that it is a secure means of identity verification.

What is Video KYC?

An alternative to traditional in-person KYC, video KYC is a remote, digital process of verifying a customer’s identity through a live video interaction. With video KYC, banks, financial institutions, and other regulated entities can onboard new customers and complete KYC requirements without physical contact.

Understanding Deepfakes That Threaten Video KYC 

Deepfakes are sophisticated digital forgeries created using artificial intelligence (AI). They pose significant challenges across sectors. Critical KYC processes are not immune.

Deepfakes manipulate audio, video, and text to create convincing impersonations of real individuals for fraud and identity theft. All deepfakes are not the same. Not only are there different modalities of KYC deepfakes, but each type also has different implications for video KYC. Common types of deepfakes include:

  • Face-Swapping Deepfakes: One person’s face is superimposed onto another’s body in a video, so it appears like the person said or did things he/she did not do. 
  • Voice Synthesis: Synthetic voice recordings mimic how a person talks to create fake audio messages or impersonate the person’s voice.
  • Gesture and Body Movement Manipulation: Alterations to body movements in video make it appear as if a person said or did something he/she did not do.
  • Text-Based Deepfakes: AI-generated text imitates a person’s unique writing style.
  • Hybrid Deepfakes: The combination of multiple techniques creates greater impact.

The Potential Impact of Deepfakes in Video KYC

Various types of deepfakes like these are a formidable challenge in video KYC, mainly because of their potential for identity fraud. There is a high risk that KYC deepfakes could be used in two attack types: presentation attacks and injection attacks.

Source: Shutterstock,  thispersondoesnotexist.com

Presentation attacks, also known as spoofing attacks, attempt to deceive a biometric system by presenting a fake biometric trait. These video KYC attacks are categorized as Level 1 or Level 2 attacks based on their complexity and the methods used to create them. 

Level 1 Presentation Attacks in Video KYC Systems

Level 2 Presentation Attacks in Video KYC Systems

Photo replay attacks show a photo of a face to the camera. 2D-to-3D avatar attacks automatically generate a 3D avatar from a 2D photo of the target’s face.
Video replay attacks use a video to reproduce a face on a screen. Photo replay 3D render attacks render a static image from a handcrafted 3D face model and present it on a screen.
Print attacks record a printed sheet of paper with the target face. Video replay 3D render attacks build a 3D model of a face and render a video in real-time.
Print 3D layered masks print a photograph multiple times, cutting out features, and layering them to create a 3D effect. Deepfake attacks generate an image or video using a generative AI engine and present it from the screen.
Print mask attacks construct a paper mask by cutting out facial features from a printed photo. Face swap attacks render the face of a person onto an existing image or video and present it from the screen.

 

Injection attacks are a sophisticated form of fraud where fraudsters manipulate digital verification systems by injecting pre-created or altered video content. This method bypasses traditional presentation methods, such as showing a photo or video directly to a camera, by directly inserting the fake content into the data stream sent to the verification system. 

There are several types of injection attacks that threaten video KYC systems. In a virtual camera injection attack, fraudsters use software to create a virtual camera on a device. This virtual camera streams pre-recorded or digitally manipulated videos as if they were coming from a real webcam. Attackers can also use a physical device, such as a USB stick or capturer, to feed a video into a system. The device mimics legitimate camera input but streams a pre-selected video. In a JavaScript code injection, fraudsters inject malicious code into a webpage or application to hijack the video stream from the camera, replacing it with a fraudulent video.

In all of these video injection attack scenarios, deepfake technology could potentially be used to generate the fake  injected video content. Highly realistic deepfake videos of a person’s face could make these attacks even more convincing and difficult to detect in video KYC systems.

Detecting KYC Deepfakes: Video KYC Systems Need Holistic Protection

To combat the growing threat of deepfakes in video KYC systems, ID R&D solutions provide a comprehensive detection process based in both video and audio analysis. By examining multiple modalities, we can improve the accuracy and robustness of KYC deepfake detection, so it is harder for fraudsters to bypass the video KYC system. Our comprehensive, research-based approach includes video deepfake analysis, voice clone protection, and injection detection.

Video deepfake analysis detects visual artifacts and inconsistencies that are common in deepfake videos. 

  • Face detection and landmark analysis includes advanced face detection algorithms that locate and track facial landmarks in the video. Inconsistencies like unnatural movements or distortions can indicate the presence of a deepfake.
  • Texture and artifact analysis relies on deep learning models trained on a large dataset of real and deepfake videos to detect subtle visual artifacts that deepfakes commonly introduce, such as unnatural textures, flickering, or blurring. 

Voice clone protection identifies inconsistencies and anomalies in accompanying audio recordings.

  • Machine learning models are trained to detect and flag audio manipulations that introduce artifacts such as unnatural frequencies, distortions, or abrupt changes in tone or pitch. 

Injection detection is an additional layer of security to identify manipulation of video streams before they reach the KYC system.

  • Video source authentication verifies the authenticity of the video source by checking the device identity and ensuring it matches the expected input. This prevents attackers from using virtual cameras or hardware devices to inject pre-recorded or manipulated videos.
  • Secure video transmission uses end-to-end encryption and secure communication protocols to protect the video stream during transmission. This prevents attackers from intercepting and modifying the video data in transit.
  • Code integrity checks are performed to detect any unauthorized modifications or injected code to help prevent JavaScript-based injection attacks that attempt to hijack the video stream.
  • Metadata analysis of the video stream can ensure that it aligns with the expected live capture. Any discrepancies or inconsistencies could indicate the use of pre-recorded or manipulated videos.

This holistic approach, combining content analysis and injection detection, ensures the highest level of protection against sophisticated deepfake-based attacks in video KYC systems.

Learn More About Protecting Video KYC Systems Against KYC Deepfakes

With generative AI advancing rapidly, deepfakes are only going to become more sophisticated and insidious. We develop our solutions to stay steps ahead of fraudsters while eliminating friction in the user experience. Learn more about the latest in securing video KYC.