TL;DR: Deepfake incidents in Asia-Pacific increased by over 1,500% in a single year, while Vietnam recorded a 25.3% jump in deepfake-related fraud incidents, according to Oz Forensics, as fraudsters used cloned faces, voices, and synthetic identities to bypass eKYC and biometric checks. Legacy onboarding controls are now being tested against industrialised impersonation, not just document fraud.
NHIMG editorial — based on content published by Oz Forensics: Deep fake-Driven Identity Fraud in Southeast Asia
By the numbers:
- The Asia-Pacific saw a 1,530% increase in deepfake cases between 2022 and 2023.
Questions worth separating out
Q: How should organisations defend biometric onboarding against deepfake fraud?
A: Use layered verification that separates document checks, liveness detection, injection resistance, and behavioural signals.
Q: Why do deepfakes weaken eKYC and remote identity proofing?
A: Deepfakes weaken eKYC because many onboarding flows assume a camera image or voice sample represents a live person.
Q: What do security teams get wrong about voice and video verification?
A: Teams often treat voice and video as inherently trustworthy because they feel familiar to users and operators.
Practitioner guidance
- Separate liveness from matching in onboarding flows Require independent liveness and injection checks before biometric matching is accepted as evidence of presence, especially for remote onboarding and high-value account recovery.
- Correlate identity signals across channels Compare onboarding, SIM registration, payment, and recovery events for the same identity attributes so synthetic identities cannot pass one channel and persist elsewhere.
- Harden escalation paths for high-risk requests Use out-of-band confirmation, step-up verification, and dual approval for transfers, credential resets, and executive impersonation scenarios.
What's in the full article
Oz Forensics' full article covers the incident detail and regional regulatory context this post intentionally leaves at a higher level:
- Country-by-country examples of deepfake fraud in Southeast Asia and the tactics used in each case.
- Discussion of biometric eKYC and SIM registration policy responses across Indonesia, Vietnam, Thailand, and Malaysia.
- Operational notes on liveness, behavioural analytics, and injection detection as anti-fraud controls.
- Source references and case citations for the incidents described in the article.
👉 Read Oz Forensics’ analysis of deepfake identity fraud in Southeast Asia →
Deepfake identity fraud in Southeast Asia: are your controls keeping up?
Explore further
Deepfake identity fraud is now an assurance failure, not a fraud edge case. The article shows that attackers are no longer limited to stolen credentials or forged documents. They can manufacture the identity signal itself, which means the real control question is whether onboarding can still distinguish a live subject from a synthetic presentation. Practitioners should treat this as a core identity governance issue, not a niche fraud anomaly.
A few things that frame the scale:
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which is why identity blind spots persist even when governance appears mature.
A question worth separating out:
Q: Who should be accountable when deepfake fraud bypasses onboarding controls?
A: Accountability should sit with the identity, fraud, and governance owners together, because the failure spans proofing, detection, policy, and exception handling. If a programme allows synthetic identities to survive onboarding, the issue is not just a bad transaction. It is a control design gap that should be traced to ownership and oversight.
👉 Read our full editorial: Deepfake identity fraud in Southeast Asia is reshaping digital trust