Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Deepfake onboarding fraud: are your verification controls keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11936
Topic starter  

TL;DR: Deepfakes have become easier to create and harder to distinguish from real users, with one 2023 study cited by Prove reporting that 66% of cybersecurity professionals encountered deepfake attacks and finance security leaders showing 92% concern. The core problem is that selfie-based onboarding assumes visual identity signals remain trustworthy, and that assumption is breaking.

NHIMG editorial — based on content published by Prove Identity: Creating Deepfakes is Easy - And That’s a Huge Onboarding Problem

By the numbers:

Questions worth separating out

Q: How should security teams handle deepfake risk in identity workflows?

A: Security teams should treat deepfakes as a trust and verification problem inside identity workflows.

Q: Why do deepfakes create more risk than ordinary identity fraud?

A: Deepfakes compress the time needed to impersonate a real person and make the attack look legitimate at the exact moment trust is granted.

Q: What do organisations get wrong about liveness detection?

A: Organisations often treat liveness detection as proof of identity when it only addresses one part of the problem.

Practitioner guidance

  • Replace visual-only proofing for high-risk flows Move onboarding decisions for higher-risk users or transactions away from selfie or video dependence and toward device ownership, network signals, and behavioural context.
  • Tier verification by transaction risk Use stronger identity proofing only where the account opening, payment, or approval consequence justifies it, and keep lower-friction checks for lower-risk journeys.
  • Cross-check identity evidence across channels Require consistency between device, network, and user behaviour before accepting identity claims in onboarding or account recovery.

What's in the full article

Prove Identity's full blog covers the operational detail this post intentionally leaves for the source:

  • A practical explanation of why phone-centric verification changes onboarding assurance compared with selfie-based checks
  • Examples of how device ownership and network data support identity verification in real workflows
  • The fraud scenarios where synthetic media most often defeats traditional visual proofing
  • The source article's own framing of customer experience trade-offs when moving away from face-based onboarding

👉 Read Prove Identity's analysis of deepfake fraud and onboarding risk →

Deepfake onboarding fraud: are your verification controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11491
 

Visual identity proofing is now an exposed assumption, not a sufficient control. Deepfakes do not merely make onboarding harder to operate, they break the premise that a face, voice, or short video can reliably represent a legitimate user. That premise was already weak for high-risk workflows, and synthetic media makes it structurally unreliable. Practitioners should treat this as a proofing architecture problem, not a usability trade-off.

A few things that frame the scale:

  • 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to the Ultimate Guide to NHIs.
  • Only 5.7% of organisations have full visibility into their service accounts, according to our Ultimate Guide to NHIs.

A question worth separating out:

Q: Who should own fraud controls when IAM and fraud teams overlap?

A: Ownership should sit with the team accountable for the decision point, while IAM, fraud, and compliance all contribute the signals and policy. If one group owns alerts and another owns action, attackers exploit the gap. Shared governance matters more than shared tooling.

👉 Read our full editorial: Deepfakes are turning frictionless onboarding into an identity risk



   
ReplyQuote
Share: