Skip to main content
Cybersecurity

GenAI Stunning Surge Sparks Alarming Biometric Fraud

GenAI Stunning Surge Sparks Alarming Biometric Fraud

“When a picture of yourself can open a bank account you never knew existed, whom do you call?”

That question — half rhetorical, half urgent — hangs over a growing landscape of digital deception. Entrust, a major identity and credentialing company, warns that generative AI is enabling fraudsters to create convincing deepfakes and synthetic identities that open new accounts and bypass biometric checks. The result is a collision between remarkably powerful creative tools and legacy trust systems that were never designed for mass-produced fakery.

Background: biometric authentication and the rise of generative models

Biometric authentication — fingerprints, facial scans, voiceprints — became mainstream in the last decade because it promised something stronger than passwords: “who you are” rather than “what you know.” Financial services, telecommunications, and device makers adopted biometric checks to reduce account takeover and identity fraud.

At the same time, generative artificial intelligence (GenAI) models — including large image and audio generators — have matured rapidly. Where early deepfakes required specialist skills and hours of editing, today’s tools can synthesize photorealistic faces and recreate voices with only a few seconds of source material. These models lower the bar for producing forgeries and let bad actors scale attacks that were once artisanal.

The current situation: new accounts, bypassed checks

Entrust reports that fraudsters are increasingly using GenAI to craft synthetic identities and to defeat biometric liveness checks used in online onboarding. Attackers can generate multi-angle images, produce realistic head turns, or synthesize short speech samples that mimic a target’s voice — all sufficient to fool automated systems optimized on conventional threat models. As a result, institutions are seeing a rise in account-opening fraud and fraudulent credential issuance that leverages AI-generated media.

Why this matters

  • Scale: GenAI lets malicious operators create large numbers of distinct synthetic identities quickly and cheaply, amplifying fraud campaigns that previously relied on recycled or stolen data.
  • Trust erosion: When biometric signals become forgeable at scale, the foundational assumption behind many authentication decisions — that biometrics uniquely tie a real person to an account — weakens.
  • Economic impact: Successful synthetic identity schemes can lead to direct financial losses for banks and insurers, indirect costs from increased compliance and remediation, and reputational damage that undermines customer trust.
  • Legal and regulatory pressure: Regulators expect firms to manage fraud risk; widespread bypasses of authentication could trigger audits, fines, or new compliance mandates focused on AI-related risk mitigation.

Different perspectives

Technologists: Security researchers and identity engineers are racing to redevelop liveness detection and multimodal verification methods that are robust to generative attacks. Proposals include challenge-response protocols that require unpredictable user actions, cross-device attestations, hardware-backed keys, and using a blend of behavioral signals that are harder to synthesize en masse. However, many of these defenses add friction or require device capabilities not universally available.

Policymakers: Regulators face a dual challenge — to deter misuse while not stifling innovation. Policy responses under consideration range from requiring stronger provenance and watermarking of AI-generated media to mandating minimum standards for identity verification in high-risk industries. Balancing privacy, civil liberties, and security remains politically and technically fraught.

Users: Everyday people bear the immediate consequences. A synthetic identity tied to a real person’s name can lead to wrongful blacklisting, loan denials, or investigations. Many consumers will struggle to detect when their likeness or voice has been weaponized, and remediation can be lengthy and costly.

Adversaries: Criminals seek low-cost, scalable exploits. For them, GenAI provides a toolkit that reduces the need for traditional theft (hacking into databases) in favor of fabrication. Sophisticated groups may combine social engineering, data aggregation from public sources, and AI synthesis to construct believable personas that pass automated checks.

Analysis: why existing defenses lag

Most biometric systems were built assuming that spoofs would be noisy, imperfect, or rare. Machine-learning models used in liveness detection were trained on datasets that did not include high-fidelity synthetic media now produced by state-of-the-art generators. As a result, attackers exploiting the gap can often slip past static detectors. Additionally, widespread adoption of remote onboarding increased reliance on automated checks — the very channel most susceptible to digitally generated forgeries.

There are no silver bullets. Watermarking AI outputs can help provenance, but it doesn’t prevent a determined adversary from re-rendering or postprocessing media. Similarly, legal prohibitions against misuse are essential but reactive. The most promising defensive posture is layered: combine stronger device-based attestations, behavioral analytics, human review for high-risk cases, and improved incident response and remediation procedures.

What organizations can do now

  • Assume compromise: design systems that limit the impact of a single successful synthetic identity (e.g., step-up authentication, transaction limits, staged trust-building).
  • Adopt multi-factor, multi-modal verification that looks for consistency across channels and devices.
  • Increase monitoring for patterns typical of synthetic campaigns (burst account creation, similar biometric features across ostensibly different users).
  • Engage in cross-industry information sharing so defenders can recognize emerging attack signatures quickly.

The human element remains central. Training fraud-detection teams to recognize subtle red flags and making remediation accessible to victims reduces harm even when automated defenses fail.

Conclusion

GenAI has unleashed extraordinary creative power — and with it, a new class of threats that exploit the same signals we built to tell “real” from “fake.” The challenge is not merely technical; it is institutional and social. Firms must redesign trust for an era in which images and voices can be manufactured on demand, regulators must craft rules that protect the public without vaporizing legitimate innovation, and citizens must understand the limits of the claims that biometrics can make.

If our systems are to remain worthy of public trust, we must ask: can we build verification that accepts the reality of generative forgeries, or will convenience and complacency hand fraudsters the keys to identities that are no longer uniquely human?

Source: https://www.infosecurity-magazine.com/news/genai-deepfakes-digital-forgeries/