Proof

AI Impersonation Trends Call for Stronger Defense | Proof

The rapid rise of generative AI-powered impersonation is rendering traditional identity verification methods obsolete, necessitating institutions to adopt stronger, more comprehensive defenses against increasingly sophisticated AI-enabled fraud projected to cost $40 billion annually.

Fraud has always been a part of life, amplified when we established the post office, connected the first telephone lines, and, of course, brought commerce to the Internet. Today, we face a new threat: generative AI-powered impersonation. The rapid advancement of these tools has transformed the fight against fraud, making traditional identity verification obsolete. To respond, the institutions we rely on must adopt a defensive posture to protect what integrity remains.

As we go through life, we rely on various pieces of evidence to establish our identities. Bank statements, W-2 forms, utility bills, driver's licenses, and social security cards have been foundational in our ability to assert our identity.

For decades, our identities were verified in person. We would drive to the bank, and the teller would compare the information with the person in front of them. This worked for a time, but as society became more remote and mobile, we needed to adapt.

Digitizing customer identification unlocked digital commerce. Digital banking solutions began reaching the millions of unbanked, cars could be bought online and delivered on demand, and we could execute life’s most important documents without leaving home.

With generative AI now threatening what has traditionally underpinned identity, we need a new approach to balance the benefits of digitization with the risks of AI impersonation.

Deloitte predicts that gen AI-enabled fraud will be a $40 billion dollar annual problem in the near future. With relative ease, fraudsters have a near-limitless ability to impersonate individuals with deepfake videos, audio, forged documents, and more.

Until recently, companies often accepted identity evidence at face value, assuming most interactions were with legitimate customers. Fraud mitigation has primarily focused on identifying bad actors, with advanced identity-proofing tactics deployed sporadically or, worse, only when a new account was opened.

We need a more comprehensive approach in which fraud detection and identity verification tools work in concert and customers are vetted at every touch point.

Steps Toward Stronger Defense

  1. 1.Reduce reliance on traditional identity checks: Information needed to pass these checks is available online and frequently compromised in data breaches.
  2. 2.Conduct multiple, modern identity checks: Use sophisticated credential analysis, verify information against issuing sources, and conduct liveness checks to ensure interactions are with a real person.
  3. 3.Leverage technology for deeper insights: Determine device location or if a phone number was created just before an exchange.
  4. 4.Ensure document authenticity: Official documents should be issued, modified, and exchanged only by verified sources. Documents should be encrypted with metadata that proves their legitimacy and provides an auditable trail of who created and accessed them.
  5. 5.Human intervention when needed: When technology alone can’t verify someone’s identity, fraud is suspected, or the transaction carries greater risk, humans should step in to review transactions and verify identities in real-time.

The benefit of these technologies is that they can be performed in minutes, improving transaction times and the customer experience by giving institutions greater confidence when establishing accounts and approving transactions.

Heightened impersonation attacks require a multi-point solution that combines various defenses to address vulnerabilities across an ecosystem. No single solution can solve the problem; a layered and adaptable approach is necessary.

The customer relationship must also evolve. We can no longer rely on the identity profile created at onboarding to sustain an account throughout its lifecycle. A customer’s identity needs to be continuously verified whenever and wherever they engage.

We need a new approach to combat AI-powered impersonation, not only because it is the right thing to do but because we have no choice in a world where transactions are increasingly digitized. If in this world our systems of trust are destined to be challenged with ease, we need better defenses to respond.