Liveness tests used by banks to verify ID are ‘extremely vulnerable’ to deepfake attacks

A new report shows that identity can be easily fooled by deepfakes.

The vulnerability of identity tests provided by 10 top vendors was probed by the security firm Sensity. In order to pass liveness tests, Sensity used deepfakes to copy a target face onto an ID card, and then copied that face onto a video stream of a would-be attacker.

Liveness tests usually ask someone to look into a camera on their phone or laptop, sometimes smiling, in order to prove that they are a real person and to compare their appearance to their ID using facial recognition. KYC, or know your customer, is a check that can be used in the financial world to verify other checks.

Nine of the 10 solutions tested were extremely vulnerable to deepfake attacks, according to the chief operating officer of Sensity.

There is a new generation of artificial intelligence that can pose serious threats to companies. No one can detect them.

The names of the enterprise vendors it tested with were shared by Sensity, but it requested that they not be published for legal reasons. In some cases, Sensity signed non-disclosure agreements with some of the vendors, and in other cases, it may have violated companies terms of service by testing their software in this way.

The vendors did not seem to consider the attacks significant.

The liveness checks were sold to a range of clients, including banks and dating apps. A vendor was used to verify the identity of voters in a recent election. There is no suggestion from Sensity that this process was compromised by deepfakes.

The banking system is at risk of being used to facilitate fraud due to deepfake identity spoofs.

This isn't the first time that deepfakes have been identified as a danger to facial recognition systems. They are mostly a threat when the attacker can take over the video feed from a phone or camera. Face recognition systems that use depth sensors like Apple's Face ID cannot be fooled by these types of attacks, as they verify identity not only based on visual appearance but also the physical shape of a person.