The advancement of technologydeepfakehas generated serious challenges for digital security. In Brazil, this type of fraud has spread rapidly: in October 2024, the Civil Police of the Federal District launched the operation "DeGenerative AI", with the aim of dismantling a gang specialized in bank account invasions using artificial intelligence applications.
The investigated group made more than 550 attempts to invade the bank accounts of customers of digital banks, through coordinated attacks, use of third-party data and deepfake, in which, from the method they were able to reproduce the image of the account holders to validate account opening procedures and enable new devices. The gang managed to move around R$ 110.000.000 through individual and corporate accounts, in activities that suggest Money Laundering — the damage was only not worse due to the banks' fraud prevention audit, that managed to block a large part of the frauds.
The deepfake technique is constantly evolving — and is expected to grow even more: according to research by Deloitte, it is possible to find fraud software on the deep web with prices ranging from $20 to thousands of dollars, what shows the power of the global fraud economy, term used by Javelin Strategy & Research to refer to this rise in criminal activities that are conducted on a global scale, including various types of frauds.
According to the Financial Fraud Report, made by idwall, high-complexity frauds increased by 16% when we compare the first quarter of 2023 with that of 2024. But when we talk about high complexity, what frauds should companies be aware of?
There are two more common types: the creation of users and documents with synthetic data, in which fraudsters generate documents and fake faces from real data, making the fraud more convincing and difficult to detect; and the manipulation of selfies, in which a genuine document is combined with a generated photo bydeepfaketo bypass facial recognition systems. These frauds can occur at various moments in the digital journey, like in the registration of new clients, in the exchange of devices or passwords, and in requests for new products and credit, for example.
Creating effective digital security solutions is as complex as preventing fraud — especially when we consider that the Brazilian market has its own particularities, such as cell phone models and various operating systems, older mobile devices in use and a portion of the population with limited internet access, what hinders the implementation of advanced security technologies.
However, even in the midst of adversities, it is essential to ensure a high level of protection against fraudsters who constantly improve their techniques; therefore, many companies started testing their tools using some methods that fraudsters already use, like 2D and 3D masks, with the aim of simulating faces and trying to bypass authentication systems. Furthermore, require certifications that ensure the biometric validation used is effective in detecting deepfakes — as is the case with the iBeta 2 seal, it is essential for companies to adopt reliable and secure technology.
However, just biometric verification is not enough to detect deepfakes: a multi-layered approach is needed. To confirm the accuracy of the user's data with greater precision, it is necessary to combine this technology with other resources, as document examination, OCR (optical character recognition) and bbackgroundcheck. The integration of these validation resources can prevent a user from being accepted in the process ofonboardingfrom the company using false data or someone else's documents, for example.
With the advancement of generative AI tools and sophisticated techniques that make fraud easier and cheaper to carry out, frauds originating from deepfakes tend to escalate even more, leaving illegality and going to "retail". In this scenario, companies need to invest as soon as possible in solutions that connect technology, automation and intelligence, opting for centralized solutions that integrate all registration data, user's documentary and biometric data in the same environment.
