According to some reports, in Q1 2025, deepfake-related fraud resulted in ~US$200 million in economic losses. The first known incident, garnering global attention, occurred in 2017, when the CEO of a European company was impersonated.
The financial ecosystem fundamentally relies on trust – the confidence that every individual or entity engaging with a financial institution is properly verified. Central to this framework is the Know Your Customer (KYC) process, which is used to authenticate identities, mitigate fraud, and uphold rigorous anti-money laundering (AML) standards. The rapid evolution of deepfake technology is now, therefore, presenting unprecedented challenges to these critical processes.
What are Deepfakes?
With the evolution of technology, deepfakes have emerged as a sophisticated way to defraud the system by producing pseudo-realistic images, videos, documents, and audio. This has led the fraudsters to exploit these tools for illicit purposes bypassing KYC processes.
As the dark web evolves, the rise of “deepfake-as-a-service” has made this technology accessible to people without specialized AI or machine learning skills. Like other “as a service” models, it offers a platform where services are provided on a subscription or pay-per-use basis. This increases the risk of misinformation, manipulation of opinions, cybersecurity threats, and the erosion of trust in media and institutions.
Types of Deepfakes
- Synthetic Identities: Fictitious identities are created using AI-generated photos and videos to bypass automated onboarding checks.
- Document Manipulation: Documents are forged using AI to alter existing ones or create an entirely new document by changing photographs, IDs, etc., on passports, licences, which makes manual detection challenging.
- Audio Deepfakes: Synthetic voice technology is used to imitate the speech patterns and tones to undermine the audio-based verifications and confirmations.
- Video Deepfakes: Deepfake videos are used to replicate natural human movements such as eye blinks, head turns, and other facial movements to deceive the system into confirming that a live person matches submitted documents.
Impact of Synthetic Identity Fraud on KYC Processes
These sophisticated frauds pose a serious threat to the integrity of identity verification systems that underpin anti-money laundering (AML) and countering financing of terrorism (CFT) frameworks. During authentication processes such as Aadhaar-based KYC, fraudsters resort to such impersonation tactics.
Initiatives by the Government to Tackle the Risk of Deepfakes
The rise of deepfakes has made it difficult to authenticate real and fake videos and audio that fuel cybercrimes and threaten the economy. In response to this threat, the financial sector is moving ahead to have a well-structured system in place, like secure digital identity wallets, blockchain-backed credentials, and the implementation of stricter biometrics systems such as iris scans. On the policy front, India’s Digital Personal Data Protection (DPDP) Act, 2023, pushes to adopt strict safeguards that reduce the misuse of personal data for creating deepfakes.
In a recent example, Google’s new Safety Charter for India focuses on tackling online fraud to promote secure and responsible usage of AI. These steps will mark a critical move towards protecting against the risks posed by deepfake technology.
The Way Forward
Looking ahead, the fight to mitigate the risk of deepfakes and synthetic identity fraud demands a mix of technology, regulations, and awareness among customers. There is a need for financial institutions to perform a more diversified and multi-layered verification that combines the use of AI-driven anomaly detection with robust biometric checks. Crucially, involving specialized solution providers can help mitigate the risks of spotting hidden risks, analyzing patterns, and flagging suspicious activity, adding an extra layer of protection.
Defending against deepfake risks will depend on a shared commitment by banks, technology partners, compliance experts, and individuals to uphold a secure and trustworthy digital ecosystem.