Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Deepfake detection in onboarding flows: are your controls keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 10745
Topic starter  

TL;DR: Deepfake attacks now target onboarding as a primary fraud path, with multi-step attacks rising 180% to 28% of global fraud detected in 2025 and real-time verification increasingly measured in seconds, according to AU10TIX. Identity teams now need layered detection because liveness checks alone do not cover injected video, synthetic documents, or face swaps.

NHIMG editorial — based on content published by AU10TIX: Deepfake detection for digital identity verification

By the numbers:

  • In 2025, the share of multi-step attacks soared by 180%, reaching 28% of all fraud detected globally.
  • Results delivered in under 8 seconds, with a multi-layer approach that catches 70% more fraud attempts than conventional measures

Questions worth separating out

Q: How should security teams handle deepfake risk in digital onboarding?

A: Security teams should treat deepfake risk as a verification design problem, not only a fraud detection problem.

Q: Why do single-method biometric checks fail against synthetic identity fraud?

A: Single-method checks fail because attackers do not need to defeat every control, only the one you rely on most.

Q: What signals indicate that onboarding verification is being manipulated?

A: Look for mismatches between device metadata, camera behaviour, and session timing, especially where video appears to come from a virtual camera or repeated capture pattern.

Practitioner guidance

  • Separate liveness from authenticity requirements Write policy so that a passing liveness check does not automatically satisfy identity proofing.
  • Test for injection attack resistance in real workflows Validate how your onboarding stack behaves when the camera feed is replaced by a virtual camera or manipulated stream.
  • Require layered decisioning before approval Combine document forensics, liveness, and behavioural signals in the same decision path so that a single signal failure cannot be bypassed by a convincing synthetic identity.

What's in the full article

AU10TIX's full article covers the operational detail this post intentionally leaves for the source:

  • Product-specific comparison of liveness, document forensics, and behavioural analysis capabilities across the evaluated platforms
  • Per-platform deployment notes for mobile and web onboarding, including where injection attack detection is strongest
  • Implementation-oriented guidance on matching fraud controls to KYC, AML, and audit requirements
  • Practical performance and coverage figures for supported document types and geographies

👉 Read AU10TIX's deepfake detection analysis for digital identity verification →

Deepfake detection in onboarding flows: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 10300
 

Deepfake detection is now an identity governance control, not a niche fraud filter. Once AI-generated faces, documents, and injected video can all enter the onboarding path, the control boundary moves from document review to trust in the entire capture process. That changes how IAM, KYC, and fraud teams should think about verification evidence, because the decision is no longer only about who the applicant claims to be. It is about whether the identity proofing transaction itself can still be trusted.

A few things that frame the scale:

  • 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
  • Only 5.7% of organisations have full visibility into their service accounts, which is why identity proofing and verification controls need stronger operational oversight.

A question worth separating out:

Q: Who is accountable when deepfake-enabled fraud gets through KYC controls?

A: Accountability sits with the team that owns identity proofing governance, not just the fraud tool vendor. IAM, KYC, fraud operations, and compliance all share responsibility for defining acceptable evidence, escalation paths, and auditability. If the approval logic is unclear, the organisation cannot explain why a synthetic identity was accepted.

👉 Read our full editorial: Deepfake detection now belongs in digital identity verification



   
ReplyQuote
Share: