Fraudsters are using AI to hack biometrics, can your face still keep your bank account safe?

Fraudsters are using AI-generated deepfakes to hack into the personal accounts of people. Picture:

Fraudsters are using AI-generated deepfakes to hack into the personal accounts of people. Picture:

Published May 10, 2024


A disturbing threat has emerged in Asia where actors with malicious motives are trying to get the facial data of victims to create convincing deepfake videos to gain access to their bank accounts.

This threat raises the question: How can you ensure the safety of your money in the face of this new threat?

“While biometrics have long been considered as a reliable authentication mechanism the increasing accessibility to deepfake technology has opened doors for cybercriminals to exploit it for their nefarious purposes,” warns Anna Collard, SVP Content Strategy and Evangelist at KnowBe4 AFRICA, specialists in IT security.

The hackers that steal the faces of people disguise themselves as bank call centre agents and trick victims into sharing their identity documents and phone numbers.

They will then request facial scans from their victims which will allow them to carry out their fraudulent activities.

According to Collard, the AI-generated deepfakes will then replace the images captured during the face scans.

“These deepfakes are extremely realistic and can bypass certain security checkpoints.”

Should we be worried?

Collard said that while this threat was discovered in Asia, South African consumers should also be concerned.

The use of AI-generated deepfakes to get pass the security checks shows these criminals have a level of sophistication and are embracing new and emerging technologies in their attacks.

“In South Africa, mobile banking and mobile adoption is quite big. This, coupled with a relatively low level of consumer awareness, makes our region an attractive target for these criminals,” Collard said.

Are biometrics still the safe option?

Many IT experts question whether biometric identification is still safe to use.

According to Collard, biometric identifiers like fingerprints and facial features are permanent and cannot be replaced.

Despite the cause for alarm, Collard does not believe it’s time for individuals or organisations to give up biometric authentication just yet.

Collard said: “Biometrics are usually more user-friendly than traditional passwords or patterns for locking phones and apps”.

“This means they are more secure, as users are less likely to use weak or reused passwords. Also, biometric traits are unique and more difficult to steal compared to a password that could be guessed, phished, or hacked.”

Need for caution

Collard calls for vigilance in the face of this growing cyber threat.

“Organisations should not abandon using biometrics authentication but they need to keep pace with deepfake technology by implementing advanced liveness detection,” Collard said.

Traditional liveness detection methods can be bypassed by advanced deepfake techniques that can inject fake imagery directly into the data stream.

This means that companies need to implement more sophisticated liveness detection like 3D-facial scanning and challenge-response tests.

Collard recommends the use of a multifaceted strategy because it provides more protection than relying on one factor only because there is no such thing as a silver bullet in security

“The best approach would be to use biometrics with other mechanisms, such as strong passwords or phishing-resistant, multi-factor authentication methods,” Collard said.

IOL Business