Cybercriminals don't hesitate to take advantage of AI technology, such as deepfakes, synthetic identities, and Fraud-as-a-Service (FaaS) platforms to carry out more sophisticated and harder-to-detect attacks.
Deepfake technology allows fraudsters to create highly realistic fake videos or audio to impersonate individuals and bypass conventional identity verification methods. This type of fraud isn't just theoretical. In 2021, a bank in Europe lost $35 million due to a deepfake attack. Meanwhile, account takeover fraud has surged 150% globally. This means AI-based fraud, especially deepfakes, is a serious threat, particularly for the financial industry.
The Rise of Social Engineering and Account Takeover
Social engineering remains one of the most dangerous attack vectors in the financial sector. Fraudsters manipulate individuals into revealing sensitive information, such as login credentials or personal identification numbers (PINs), which can then be used to carry out fraudulent transactions. Common techniques include phishing, vishing (voice phishing), and smishing (SMS phishing).
Social engineering attacks often serve as a precursor to account takeover (ATO), where fraudsters use stolen identities to gain unauthorized access to customer accounts. Once inside, they can conduct fraudulent transactions, withdraw funds, or even access sensitive financial data.
Data from VIDA shows that 97% of businesses reported account takeover attempts in the past year, while 84% of other businesses experienced identity fraud cases.
Why does this fraud happen, even though financial businesses have established strict KYC processes?
According to Gartner, simply conducting identity verification isn't enough to be considered KYC. The KYC process should be continuous, even until the user completes a transaction.
In other words, identity verification is just one stage of the KYC process. So how can financial businesses secure the entire user transaction process?
The answer lies in the two processes following identity verification: user authentication and fraud detection. Here's an explanation:
User Authentication
Authentication occurs when users initiate a transaction. Typically, authentication involves entering a password, PIN, or OTP. Unfortunately, these authentication methods are not fully secure. Data shows that weak passwords, PINs, and carelessness in handling OTP codes create vulnerabilities for phishing. In 2023, Indonesia recorded more than 97,000 phishing attempts, with most involving password theft.
The solution to this vulnerability is using MFA or Multi-Factor Authentication with device-based and biometric authentication. For users, authentication is as simple as taking a selfie. However, device authentication is also occurring behind the scenes. Here's how it works:
1. Device-Based Authentication
The device uses Public Key Infrastructure (PKI) to ensure that only the legitimate owner can access the account, replacing the need for passwords or OTPs. By linking the user's identity to their device, there’s no need for passwords and OTPs, making the system safer from phishing attacks.
2. Biometric Authentication
This system matches the user's face with the registered profile from a verified device, ensuring personal data security through facial recognition-based authentication.
VIDA's PhoneToken and FaceToken solutions integrate device and biometric authentication, eliminating the need for Passwords, PINs, or OTPs. This method not only enhances security but also reduces user friction.
Fraud Detection
As previously mentioned, KYC does not stop at identity verification during the onboarding process. KYC must continue while users are transacting. Hence, VIDA offers a series of deepfake detection tools:
1. Fraud Scanner
For industries that rely on the Know Your Customer (KYC) process, such as finance, fintech, and e-commerce, VIDA's Fraud Scanner can analyze KYC transactions in real-time, identifying manipulated images, deepfake patterns, and other signs that may indicate fraud.
2. Deepfake Detector
VIDA's Deepfake Detector continuously scans for fraudulent activity during the identity verification process, flagging suspicious images or videos before they can be used for fraud.
3. Deepfake Shield
Deepfake Shield is equipped with anti-injection attack technology to prevent deepfake attacks through injection attacks. Injection attacks involve hackers injecting manipulated code or commands into a system to deceive the identity verification process.
AI-generated fraud must be combated with AI solutions. With the ability to detect threats in real-time, block deepfake attacks, and prevent account takeovers, AI has become the main shield in keeping digital transactions secure.
VIDA has launched a whitepaper titled "Where's the Fraud? Protecting Indonesian Businesses from AI-Generated Digital Fraud." You can use this whitepaper to gain deeper insights into these threats and learn how VIDA’s solutions can help protect your business from sophisticated digital attacks.
Download it for free here.
.png)
