To prevent fraud, companies are looking at increasingly sophisticated methods to verify customers’ identities. “Liveness tests” are one way of doing this, but it seems that even these are vulnerable to attack.
What are “liveness tests”?
“Liveness tests” are used by many companies – including banks, online dating sites and cryptocurrency startups – to verify a person’s identity. User’s will be asked to look into their laptop or smartphone’s camera, and perform certain actions – like smiling. This will be compared to the image on the ID that’s provided, to ensure it’s the same person.
Whilst this is one of the most high-tech ways of verification, it’s not a flawless system. Security firm, Sensity, recently tested some “liveness test” providers using deepfakes and were able to fool 90% of them. In fact, APIs from many of the big tech companies, such as Microsoft and Amazon, can be fooled this way. A recent research study found that Microsoft’s Azure Cognitive Services was fooled by up to 78% of the deepfakes it was fed.
Only facial recognition systems that use depth sensors, like Apple’s Face ID, are safe, as they use both visual appearance and the physical shape of a person’s face for verification.
Why is this a problem?
Open source technology makes it easy for everyone to create deepfakes. The amount appearing on the internet increased 330% from October 2019 to June 2020, reaching over 50,000 at their peak.
Whilst using deepfakes can sometimes be fun, for example swapping yourself out for a celebrity when playing an online game, there are dangerous consequences. Particularly when it comes to financial fraud. If deepfakes are able to fool banks’ verification systems, criminals can easily set up accounts in someone else’s name. Or fool someone into transferring large amounts of cash to a scammer’s account.
There’s no doubt that deepfakes are on the rise, and will continue to be used for criminal activity. At the moment, there is no hard and fast way to identify them, so it’s important to be vigilant, and use multiple methods to verify someone’s identity before sharing money or personal information.