You are currently viewing AI Deepfakes Bypass Security, Risking $138.5M in Bank Fraud

AI Deepfakes Bypass Security, Risking $138.5M in Bank Fraud

Rate this post

An Indonesian financial institution faced a serious security breach when cybercriminals used AI-generated deepfake images to bypass biometric verification in their mobile app. Despite having advanced security measures like anti-emulation and anti-hooking systems, the attackers managed to fool facial recognition and liveness detection.

Over 1,100 Deepfake Fraud Attempts

Group-IB, a global cybersecurity firm, investigated the incident after the bank detected over 1,100 fraudulent loan applications. Attackers used fake IDs with altered facial features, such as hairstyles and clothing, to trick the system. The fraudsters also exploited virtual camera software and pre-recorded videos to mimic real-time facial recognition, making it difficult for the app to detect the fraud.

Estimated Losses Reach $138.5 Million

Group-IB estimated that if similar fraud continued across Indonesia, the potential financial losses could reach $138.5 million in just three months. With an estimated fraud rate of 0.05%, approximately 83,100 fake loan applications were identified, each averaging $5,000 in losses.

How AI Deepfakes Work

The attackers used AI face-swapping technology to replace one person’s face with another in real time, making the fake identity appear authentic. This sophisticated method can fool even advanced facial recognition systems by mimicking natural expressions and movements.

App Cloning Adds to the Problem

The criminals also used app cloning to simulate multiple devices, allowing them to bypass traditional fraud detection systems. This made it harder for the bank to identify and block suspicious activity.

New Security Challenges for Banks

Group-IB warned that deepfake technology poses a growing threat to financial institutions, exposing gaps in traditional security systems. Cybersecurity expert Yuan Huang emphasized the need for banks to adopt multi-layered security solutions. “Relying on one method is no longer enough. Banks must use advanced anti-fraud technologies to protect customer data and financial assets,” Huang said.

Source: forbes