By NHI Mgmt Group Editorial TeamPublished 2025-12-23Domain: Governance & RiskSource: Oz Forensics

TL;DR: Mandatory reimbursement rules for authorised push payment fraud are shifting loss responsibility to banks, while AI-driven deepfakes and injection attacks are helping criminals bypass legacy onboarding checks, according to Oz Forensics. The control problem is no longer just verifying a face, but proving the signal is live and trustworthy under reimbursement pressure.


At a glance

What this is: This is an analysis of how mandatory reimbursement rules and AI-enabled fraud are changing digital banking onboarding, with biometric liveness presented as the key control against fake faces and injected signals.

Why it matters: It matters because banking teams now face fraud losses, liability exposure, and onboarding risk at the identity gateway, where customer verification, mule account creation, and payment authorisation intersect.

By the numbers:

👉 Read Oz Forensics' analysis of biometric controls and APP fraud liability


Context

APP fraud has moved from a customer-loss problem to an identity assurance problem for banks. Once reimbursement rules make financial institutions accountable for authorised but manipulated payments, the quality of onboarding identity checks and transaction-time verification becomes a direct control on balance-sheet risk.

The article argues that deepfakes, emulators, and virtual camera injection attacks let fraudsters present synthetic or stolen signals as if they were real users. For IAM teams in regulated banking environments, this puts biometric liveness, onboarding integrity, and payment-step verification into the same governance conversation.

This is a banking and fraud-control topic, but the underlying pattern is familiar to identity teams: if a system cannot distinguish a live subject from a replayed signal, the access decision is already compromised. That is typical of fast-growth digital onboarding environments, not an edge case.


Key questions

Q: How should banks stop biometric fraud when deepfakes and injection attacks are in play?

A: Banks should focus on capture integrity, not just face recognition accuracy. The control must verify that the image or video stream came from a live device and a real user session, then pair that with step-up checks for higher-risk onboarding and payment events.

Q: Why do APP fraud reimbursement rules change identity control priorities?

A: They convert identity failure into a direct financial liability. That means onboarding verification, liveness testing, and payment approval controls should be evaluated by how well they prevent reimbursable losses, not only by how many fraud cases they detect later.

Q: What breaks when biometric liveness is treated as a user-experience feature only?

A: Teams underinvest in assurance testing and overestimate face matching. If the control is not designed to reject injected, replayed, or synthetic signals, attackers can still create mule accounts or authorise payments while appearing legitimate.

Q: Who is accountable when synthetic identity fraud passes onboarding controls?

A: Accountability sits with the institution that accepted the trust decision, especially where reimbursement rules place losses back on the bank. IAM, fraud, and payments teams should share ownership of the capture-path control model before a loss occurs.


Technical breakdown

How injection attacks bypass biometric onboarding

An injection attack does not try to defeat face matching directly. Instead, the attacker inserts a pre-recorded video, stolen selfie stream, or synthetic feed into the app through emulators or virtual camera software. The biometric engine receives a plausible image stream, but the signal never came from a real person in the capture environment. That is why visual similarity alone is insufficient. The control gap is at the device and session layer, where the system must validate provenance, not just identity appearance.

Practical implication: banks need capture-path controls that can distinguish a live camera feed from a relayed or injected stream.

Why passive liveness changes the onboarding trust model

Passive liveness reduces user friction by checking subtle properties of a real capture, such as micro-reflections, depth cues, and sensor behaviour, without asking the user to blink or turn their head. That matters because the fraud fight happens at scale, and high-friction checks push legitimate users away. The technical value is not convenience alone. It is that the control can be inserted into the onboarding flow without making the attacker’s job easier through predictable challenge-response patterns.

Practical implication: teams should evaluate passive liveness as a control on capture integrity, not as a user-experience feature.

How certified biometric detection supports reimbursement risk control

Regulated fraud environments need evidence that a biometric control can reliably reject synthetic identity attempts before account creation or payment approval. Certification against named injection-detection criteria gives risk teams a testable assurance baseline, especially where liability rules make prevention financially material. The real architectural point is that the bank must stop fraudulent trust decisions at the point of signal acceptance. Once a mule account exists or a payment is authorised, downstream recovery becomes a separate and harder problem.

Practical implication: align biometric procurement and assurance testing to the specific fraud path you are trying to block, not just to authentication performance.


Threat narrative

Attacker objective: The attacker aims to create trustworthy-looking identity events that unlock mule account creation or fraudulent payment approval while preserving plausible legitimacy.

  1. Entry occurs when fraudsters use deepfakes, emulators, or virtual camera software to submit synthetic identity signals during digital onboarding or payment approval.
  2. Escalation happens when the fake signal passes legacy biometric checks and enables mule account creation or authorised push payment approval under a trusted identity record.
  3. Impact follows when banks face reimbursement liability, fraud losses, and weakened trust in the onboarding channel, even when the customer appeared to approve the transaction.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.


NHI Mgmt Group analysis

Fake-signal trust is the real governance gap: biometric programmes often assume the capture channel is trustworthy once a face match succeeds. That assumption fails when the actor can inject a synthetic or replayed signal, because identity proof becomes detached from physical presence. The implication is that banking identity assurance must treat capture integrity as a first-class control boundary.

APP reimbursement changes identity governance from fraud detection to loss containment: once banks absorb more of the financial liability, onboarding and transaction-time verification are no longer support functions. They become governance controls that determine whether the institution can safely extend trust to a new account or payment instruction. Practitioners should read this as a shift in control ownership, not just a fraud trend.

Capture integrity should be treated as part of IAM, not a separate fraud silo: account opening, step-up verification, and payment authorisation all depend on the same identity signal being real. When those controls are managed separately, the bank can pass one check and still lose to signal injection at another. The practical conclusion is that identity, fraud, and payments governance need a shared assurance model.

Named concept: signal provenance gap: this article illustrates the gap between recognising a user and proving the signal came from a live, uncompromised source. That gap widens in high-volume onboarding because attackers target the cheapest point of trust, not the strongest one. Practitioners should recognise that face match alone cannot close a provenance gap.

Liability is now a control design input, not a downstream outcome: the reimbursement regime forces institutions to price weak identity assurance as a direct operating cost. That changes how IAM and fraud teams should evaluate onboarding controls, because the relevant question is no longer whether a check passes, but whether it prevents a reimbursable loss path.

From our research:

  • 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to Ultimate Guide to NHIs.
  • Only 5.7% of organisations have full visibility into their service accounts, which means identity teams often cannot see the full population they are expected to govern.
  • For a broader lifecycle lens, see Ultimate Guide to NHIs , 2025 Outlook and Predictions for how identity risk is expanding as trust surfaces multiply.

What this signals

Signal provenance gap: banking teams should expect more overlap between fraud operations and identity governance. The practical question is no longer whether a biometric check works in isolation, but whether the institution can prove a live, uncompromised capture path before a reimbursable event occurs.

As reimbursement rules harden, onboarding controls become part of financial resilience planning. IAM and fraud teams should review where shared-liability exposure sits in the account-opening chain, then tie capture integrity to exception handling, escalation paths, and evidence retention.

If your programme already tracks service accounts, secrets, and workload identity, extend the same governance discipline to customer identity verification. The boundary between human identity assurance and automated fraud tooling is thinning, and the control failure often starts at signal trust rather than authentication policy.


For practitioners

  • Map every identity decision to a reimbursement risk path Trace where onboarding, liveness, step-up authentication, and payment approval can each trigger a reimbursable loss. Prioritise controls where a failed check creates direct liability rather than only fraud noise.
  • Test for injected and replayed capture streams Include emulator, virtual camera, replay, and synthetic video tests in biometric assurance. Validate that the system rejects the capture path, not just the face similarity result.
  • Separate real-user friction from attacker friction Use passive liveness and equivalent low-friction controls to keep conversion high while raising the attacker’s cost. Measure abandonment and fraud together so usability changes do not hide control failures.
  • Align onboarding controls with liability ownership Revisit which team owns verification, which team owns loss acceptance, and which team owns recovery escalation. In shared-liability environments, those responsibilities should be explicit before a mule account is opened.

Key takeaways

  • Mandatory reimbursement turns biometric verification into a financial control, not just an identity check.
  • Injection attacks exploit the gap between a live user and a believable signal, which legacy face matching alone cannot close.
  • Banks need shared governance across IAM, fraud, and payments if they want to reduce reimbursable losses at onboarding and authorisation.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

MITRE ATT&CK address the attack and risk surface, while NIST SP 800-53 Rev 5, NIST SP 800-63 and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
NIST SP 800-53 Rev 5IA-2Identity proofing and authentication are central to biometric onboarding risk.
NIST SP 800-63SP 800-63BThe article's liveness and authentication claims align with digital identity assurance.
NIST CSF 2.0PR.AA-01Identity assurance and access validation are core outcomes in the CSF.
MITRE ATT&CKTA0006 , Credential Access; TA0001 , Initial AccessSynthetic identity and injection attacks seek initial trust entry and credential-like advantage.

Map biometric assurance to SP 800-63B and verify the authentication process resists replay and spoofing.


Key terms

  • Injection Attack: An injection attack in biometric onboarding is when an attacker feeds a fake or replayed capture stream into the identity system instead of using a real live camera session. The goal is to make synthetic input look like authentic presence so the system accepts a false identity proof.
  • Passive Liveness: Passive liveness is a biometric check that tries to confirm a real human presence without asking the user to perform a visible action. It evaluates subtle capture signals such as depth, reflections, and sensor characteristics, which makes it less intrusive but still dependent on trustworthy input paths.
  • APP Fraud: Authorised push payment fraud happens when a victim is manipulated into approving a payment to a criminal account. Because the payment is user-authorised in form, reimbursement and accountability rules often shift the burden onto banks, making identity assurance at the point of approval financially critical.
  • Signal Provenance: Signal provenance is the ability to prove where an identity signal came from and whether it was generated live within the expected capture environment. In banking, it matters because a correct-looking face is not enough if the video stream, device, or session has been manipulated.

What's in the full article

Oz Forensics' full article covers the operational detail this post intentionally leaves for the source:

  • The full regulatory context behind mandatory reimbursement rules across the UK, EU, Singapore, Australia, and Brazil.
  • The specific biometric and liveness techniques the vendor describes for reducing false acceptance during onboarding.
  • The Injection Attack Detection criteria and lab-testing references used to support the product claims.
  • The article's discussion of conversion, friction, and deployment trade-offs for financial institutions.

👉 The full Oz Forensics post covers reimbursement rules, injection attack detection, and passive liveness detail.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an identity security programme, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2025-12-23.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org