Biometric-based fraud is the number one threat financial services providers face today, warns Michael Marcotte, CEO at artius.ID, a digital ID and authentication firm. This intervention comes off the heels of the RSA cybersecurity conference, where academics, entrepreneurs and corporations discussed pressing security issues. Marcotte, also a co-founder of the National Cybersecurity Center (NCC), is calling on the cybersecurity industry to put banking at the top of the agenda.
“The emergence of generative AI tools like Midjourney, which anyone can use, and the rapid proliferation of deepfakes online, means that banks are at the wrong end of an acute digital identification and security crisis – and their current practices, protections, and technologies are miles behind the curve,” Marcotte said. “Banking KYC processes are still relying on ID card, face, and address verification. These procedures look neolithic against deepfakes and AI-powered identification fraud. These supposed guardrails, which in many banks still rely on software from an era when the only AI was Skynet, are rendered completely obsolete in the face of hackers who can generate documents and deepfakes to leapfrog facial and ID verification.”
Banks are coming under an increasingly intense barrage of cybersecurity attacks, and many of these now use deepfakes and generative AI to make the initial breach. Presentation or liveness attacks have surged 40% in 2024, as malicious actors attempt to undermine video-based KYC procedures. This means that synthetic identity fraud is now the fastest-growing category of financial crime in the United States, costing banks $6 billion.
“There needs to be a radical shift,” Marcotte said. “One option available for banks is to relinquish control of KYC data and use decentralized storage providers. If custody of the data remains in the hands of the individual, then banks won’t open themselves up to litigation or expose their customers to fraud. As deepfakes proliferate, a trickle of lawsuits has the potential to become a flood – and one which absolutely could sink the banks.”
Marcotte said biometric-based fraud is the greatest threat to the international banking system – and executives are asleep at the wheel. Criminals circumventing KYC checks expose banks to a range of liabilities such as identification theft, fraud, money laundering, harm to their customers, future litigation, or the incurred catastrophic reputational damages.
“Banks not only have a fiduciary duty to their shareholders, who will see reduced returns as they hemorrhage revenue in these scams, but also a responsibility to stakeholders in wider society as well,” Marcotte said. “If consumers and corporations lose trust in these institutions, then entire economies are put at risk. Banking execs need to wake up and realize just how much the ground has shifted beneath their feet – KYC procedures are already looking like relics, and if banks continue on this path, they themselves will become fossils as newer fintech startups step into the security vacuum they’ve left.”