Banking Execs Must ‘Wake Up’ as Security Measures Fail to Keep Up With Biometric Fraud

Biometric-based fraud is the largest threat currently facing financial service providers, Michael Marcotte, co-founder of the National Cybersecurity Center (NCC), explained in a warning to banking executives.

Banks are coming under an increasingly intense barrage of cybersecurity attacks, and many of these now use deepfakes and generative AI to make the initial breach. Presentation or liveness attacks have surged 40 per cent this year, as malicious actors attempt to undermine video-based KYC procedures.

This means that synthetic identity fraud is now the fastest-growing category of financial crime in the US – and costing banks as much as $6billion.

Marcotte’s warning comes following the RSA cybersecurity conference, where leading academics, entrepreneurs and corporations discussed pressing security issues.

Michael Marcotte, CEO of artius.iD

Now, Michael Marcotte, CEO of artius.iD, a digital ID and authentication firm, is calling on the cybersecurity industry to put banking at the top of the agenda.

“The emergence of generative AI tools like Midjourney which anyone can use, and the rapid proliferation of deepfakes online, means that banks are at the wrong end of an acute digital identification and security crisis – and their current practices, protections, and technologies are miles behind the curve,” he explained.

Marcotte continued: “Banking KYC processes are still relying on ID card, face, and address verification – these procedures look neolithic against deepfakes and AI-powered identification fraud. These supposed guardrails, which in many banks still rely on software from an era when the only AI was Skynet, are rendered completely obsolete in the face of hackers who can generate documents and deepfakes to leapfrog facial and ID verification.”

“A 10-year-old in their bedroom can now produce convincing deepfakes or use AI to generate a fake license in a matter of minutes – in the hands of crooks and thugs, this is a deeply worrying prospect.

Battling biometric fraud

Identity verification platform Sumsub revealed it saw the number of deepfakes detected worldwide increase by 10 times from 2022 to 2023, in the latest edition of its Identity Fraud Report. Firms continuing to use dated means of verification and user authentication could pay if they do not make changes.

Marcotte explained: “There needs to be a radical shift – one option available for banks is to relinquish control of KYC data and use decentralised storage providers. If custody of the data remains in the hands of the individual, then banks won’t open themselves up to litigation or expose their customers to fraud. As deepfakes proliferate, a trickle of lawsuits has the potential to become a flood – and one which absolutely could sink the banks.

“Biometric-based fraud is now the greatest threat to the international banking system – and executives are asleep at the wheel. Criminals circumventing KYC checks expose banks to a range of liabilities: identification theft, fraud, and money laundering are just some that could be on the cards. This doesn’t even begin to factor in the harm to their customers, future litigation, or the incurred catastrophic reputational damages.

“Banks not only have a fiduciary duty to their shareholders, who will see reduced returns as they haemorrhage revenue in these scams, but also a responsibility to stakeholders in wider society as well. If consumers and corporations lose trust in these institutions, then entire economies are put at risk.

“Banking execs need to wake up and realise just how much the ground has shifted beneath their feet – KYC procedures are already looking like relics, and if banks continue on this path, they themselves will become fossils as newer fintech startups step into the security vacuum they’ve left.”

The post Banking Execs Must ‘Wake Up’ as Security Measures Fail to Keep Up With Biometric Fraud appeared first on The Fintech Times.

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *