The advancement of technologydeepfakehas been posing serious challenges to digital security. In Brazil, this type of fraud has been spreading rapidly: in October 2024, the Civil Police of the Federal District launched Operation "DeGenerative AI" to dismantle a gang specialized in hacking into bank accounts using artificial intelligence applications.
The investigated group carried out over 550 attempts to hack into the bank accounts of digital bank account holders through coordinated attacks, use of third-party data, and deepfake, in which they managed to reproduce the account holders' images to validate account opening procedures and enable new devices. The gang managed to move around R$110,000,000 through individual and corporate accounts in activities that suggest Money Laundering — the damage was not worse thanks to the banks' fraud prevention audit, which was able to block most of the frauds.
The deepfake technique is constantly evolving—and is likely to grow even more: according to Deloitte's research, it is possible to find fraud software on the deep web ranging from US$20 to thousands of dollars, which demonstrates the power of the global fraud economy, a term used by Javelin Strategy & Research to describe the rise of criminal activities conducted on a global scale, including various types of fraud.
According to the Financial Fraud Report, conducted by idwall, high-complexity frauds increased by 16% when comparing the first quarter of 2023 with that of 2024. But when we talk about high complexity, what frauds should companies be on the lookout for?
There are two most common types: the creation of users and documents with synthetic data, where fraudsters generate forged documents and faces from real data, making the fraud more convincing and difficult to detect; and the manipulation of selfies, where a genuine document is combined with a generated photodeepfaketo bypass facial recognition systems. These frauds can occur at various points in the digital journey, such as during new customer registration, device or password changes, and requests for new products and credit, for example.
Creating effective digital security solutions is as complex as preventing fraud — especially when considering that the Brazilian market has particularities, such as diverse cell phone models and operating systems, older mobile devices in use, and a portion of the population with limited internet access, which makes implementing advanced security technologies more difficult.
However, even amidst adversity, it is essential to ensure a high level of protection against fraudsters who constantly improve their techniques; therefore, many companies have started testing their tools using some methods that fraudsters already use, such as 2D and 3D masks, with the aim of simulating faces and trying to bypass authentication systems. Furthermore, requiring certifications that ensure the biometric validation used is effective in detecting deepfakes — such as the iBeta 2 seal — is essential for companies to adopt a reliable and secure technology.
However, biometric verification alone is not sufficient to detect deepfakes: a multi-layered approach is necessary. To confirm the accuracy of the user's data more precisely, it is necessary to combine this technology with other resources, such as document analysis, OCR (optical character recognition), and bbackgroundcheckThe integration of these validation features can prevent a user from being accepted into the process.onboardingthe company using false data or someone else's documents, for example.
With the advancement of generative AI tools and sophisticated techniques that make frauds easier and cheaper to carry out, deepfake-related frauds are likely to escalate further, moving from illegality to retail. In this scenario, companies need to invest as soon as possible in solutions that connect technology, automation, and intelligence, opting for centralized solutions that integrate all the user's registration, documentary, and biometric data in a single environment.
