The advancement of deepfake technology has posed serious challenges to digital security. In Brazil, this type of fraud has spread rapidly: in October 2024, the Civil Police of the Federal District launched the operation “DeGenerative AI” with the aim of dismantling a gang specialized in bank account invasion using artificial intelligence applications.
The investigated group made more than 550 attempts to invade bank accounts of digital bank customers through coordinated attacks, use of third-party data, and deepfake technology, in which, using the method, they managed to replicate the image of the account holders to validate account opening procedures and enable new devices. The gang managed to move around R$ 110,000,000 through personal and corporate accounts, engaging in activities suggestive of money laundering – the damage was only mitigated due to the banks’ fraud prevention audits, which managed to block a significant portion of the frauds.
The deepfake technique is constantly evolving – and is expected to grow even further: according to Deloitte’s research, it is possible to find fraud software in the deep web with prices ranging from $20 to thousands of dollars, illustrating the power of the global fraud economy, a term used by Javelin Strategy & Research to describe the increasing criminal activities conducted on a global scale, including various types of frauds.
According to the Financial Fraud Report by idwall, highly complex frauds increased by 16% when comparing the first quarter of 2023 with that of 2024. But when discussing high complexity, what types of fraud should companies be vigilant about?
There are two most common types: creating users and documents with synthetic data, where fraudsters generate counterfeit documents and faces from real data, making fraud more convincing and hard to detect; and selfie manipulation, where a genuine document is combined with a photo generated by deepfake to deceive facial recognition systems. These frauds can occur at various points in the digital journey, such as when registering new customers, changing devices or passwords, and requesting new products and credit, for example.
Creating effective digital security solutions is as complex as preventing fraud — especially when considering that the Brazilian market has particularities, such as various mobile phone models and operating systems, older mobile devices in use, and a portion of the population with limited internet access, which makes implementing advanced security technologies challenging.
However, even amidst adversity, it is essential to ensure a high level of protection against fraudsters who constantly refine their techniques; therefore, many companies have started testing their tools using some methods that fraudsters already use, such as 2D and 3D masks, with the goal of simulating faces and attempting to bypass authentication systems. Additionally, requiring certifications that ensure the biometric validation used is efficient in detecting deepfakes — such as the iBeta 2 seal — is crucial for companies to adopt reliable and secure technology.
However, just biometric verification is not sufficient to detect deepfakes: a multilayered approach is necessary. To confirm the user’s data accuracy more effectively, it is necessary to combine this technology with other resources such as document verification, OCR (Optical Character Recognition), and background check. The integration of these validation resources can prevent a user from being accepted in the company’s onboarding process using false data or someone else’s documents, for example.
With the advancement of generative AI tools and sophisticated techniques that make frauds easier and cheaper to execute, deepfake-related frauds are likely to escalate further, moving from illegality to the “retail” market. In this scenario, companies need to invest as soon as possible in solutions that connect technology, automation, and intelligence, opting for centralized solutions that integrate all the user’s registration, documentary, and biometric data in the same environment.
