Credit By: Fintech Futures
The use of generative AI (GenAI) is posing a potential threat to the effectiveness of KYC (know your customer) processes, a crucial element in the verification of customer identities for financial institutions, fintech startups, and banks.
ID Images in KYC Authentication
KYC authentication often involves the submission of ID images, where customers upload a picture of themselves holding an ID document. The goal is to verify the authenticity of the person by cross-referencing the submitted image with existing records. Platforms such as Wise, Revolut, and cryptocurrency services like Gemini and LiteBit rely on ID images to enhance onboarding security.
Challenges in ID Image Authentication
While ID image authentication has historically faced challenges, with fraudsters selling forged IDs and selfies, the introduction of GenAI raises new concerns. Recent viral posts on social media platforms demonstrate how attackers could potentially manipulate ID images using readily available generative AI tools, raising doubts about the reliability of current KYC checks.
Generative AI Tools and Deepfaked ID Images
Open source and off-the-shelf software, such as Stable Diffusion, enable attackers to create synthetic renderings of individuals against various backdrops. Tutorials online demonstrate how these tools can be utilized to produce convincing deepfaked ID selfies. By manipulating these images, attackers could pass KYC tests, posing a significant threat to the security measures in place.
Lower Barriers to Entry
The barriers to entry for creating deepfaked ID images have significantly lowered. Previously, realistic renderings required advanced knowledge of photo editing software. However, current tools make the process more accessible, allowing attackers to produce convincing images with relatively less effort and expertise.
Challenges for Liveness Checks
Some platforms implement “liveness” checks, requiring users to perform actions like head turns or blinking to prove they are real individuals. However, even these checks can be bypassed using GenAI. Cryptocurrency exchanges have reported that deepfake tools can successfully pass liveness checks, raising concerns about the overall efficacy of KYC as a security measure.
The Growing Threat to KYC
While human reviewers may still discern deepfaked images, the continuous advancement of AI technologies suggests that the threat to KYC security is evolving. The current ease with which attackers can manipulate ID images emphasizes the need for enhanced security measures in KYC processes to stay ahead of potential threats.
Follow ARP Media for more informative blogs.