Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Deepfake fraud at onboarding: are liveness controls keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11631
Topic starter  

TL;DR: Deepfake fraud attempts rose more than 1,300% in 2024, while the Wall Street Journal reported over $200 million in deepfake scam losses in the first quarter of 2025, according to Oz Forensics and cited sources in its analysis. The identity lesson is that onboarding controls must prove presence, not just likeness, because fraud has industrialised.

NHIMG editorial — based on content published by Oz Forensics: The Deepfake Surge: Why Liveness Detection is the Answer

By the numbers:

Questions worth separating out

Q: How should security teams handle deepfake risk in digital onboarding?

A: Start by treating liveness as a mandatory trust step, not an optional enhancement.

Q: Why do deepfakes create such a large fraud problem for IAM teams?

A: Deepfakes undermine the assumption that a captured face, voice, or video is evidence of a live person.

Q: What breaks when liveness detection is missing from onboarding flows?

A: Without liveness detection, replay attacks and synthetic media can pass as legitimate identity evidence.

Practitioner guidance

  • Place liveness before account creation Require a real-time liveness step before issuing a new identity record, recovery path, or high-risk enrollment approval.
  • Separate proofing from issuance Design onboarding so that a successful biometric match does not automatically create access.
  • Test against replay and synthetic media Run controlled red-team exercises using replayed video, manipulated images, and voice cloning to measure where your current capture flow fails.

What's in the full article

Oz Forensics' full article covers the operational detail this post intentionally leaves for the source:

  • How its liveness detection flow validates real-time capture instead of pre-recorded or manipulated media
  • The specific biometric and machine-learning signals used to distinguish spoofing attempts from live users
  • The product positioning for onboarding and transaction checks across digital identity journeys
  • Examples of how the liveness check fits alongside facial comparison and ID verification

👉 Read Oz Forensics' analysis of deepfake fraud and liveness detection →

Deepfake fraud at onboarding: are liveness controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11186
 

Proof of presence is now a core identity control: Digital identity programmes cannot treat face matching or voice matching as sufficient evidence of a real person. Deepfakes break the assumption that appearance implies presence, which means onboarding controls now have to verify liveliness as well as likeness. For practitioners, this shifts biometric assurance from a convenience feature to a governance boundary.

A few things that frame the scale:

  • Organisations maintain an average of 6 distinct secrets manager instances, according to The State of Secrets in AppSec.
  • Only 44% of developers are reported to follow security best practices for secrets management, which helps explain why trust boundaries often erode faster than teams expect.

A question worth separating out:

Q: Who is accountable when deepfake-enabled onboarding fraud succeeds?

A: Accountability sits with the team that owns identity proofing, fraud controls, and downstream access decisions. If a system accepts spoofed media and then issues trusted access, that is a governance failure, not just a user deception event. Clear ownership is needed across IAM, fraud operations, and risk management.

👉 Read our full editorial: Deepfake fraud is forcing stronger liveness checks at onboarding



   
ReplyQuote
Share: