FinCEN Alert: Protecting Financial Services From Deepfakes

The US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued an alert to financial institutions about the risks of deepfake-based fraud schemes as well as recommendations for mitigating the risks.

Deepfakes: A Growing Concern for Financial Institutions

Not surprisingly, part of the focus was on deepfakes breaching identity verification processes around remote onboarding as well as authentication. Whilst none of this is new, it is further proof that AI-generated deepfakes continue to gain traction as a major threat to financial institutions within their identity and authentication processes.

Identity-Related Breaches

A recent report from RSA reinforces this growing concern, highlighting how identity-related breaches are not only increasingly frequent but also more damaging. According to the report, 42% of respondents had experienced an identity-related data breach within the past three years, with 66% rating these breaches as severe. Such breaches often result in significant financial loss and reputational damage. Furthermore, respondents noted that authentication is the primary area where AI could offer transformative benefits, underscoring the importance of adopting advanced tools to combat threats like deepfakes.

Traditional Defenses Are No Longer Sufficient

Any organization that continues to rely on the same processes and defenses now that it did preceding the advent of nefarious deepfake attacks is at risk. The ‘duck test’ as it relates to looking-like-and-quacking-like, is no longer sufficient in identifying the duck.

Biometric matching and liveness detection must be augmented by deepfake detection, but not just on the remote customer onboarding process. Deepfake detection on all channels, not just within authentication processes, can help determine if a potential attack is being perpetrated or likely to be. The dangers of deepfakes on phone calls or video conferencing are well publicized and understood.

FinCEN’s Focus on Generative AI Risks

The FinCEN alert also emphasizes the misuse of generative AI tools to create fraudulent identity documents or manipulate audio and video for illicit purposes. This highlights a critical gap in traditional identity verification processes. Institutions must not only detect deepfakes during onboarding but also monitor ongoing transactions and communications. The ability to identify and thwart deepfake attempts in real-time is essential to prevent unauthorized access and financial fraud.

A Standalone Deepfake Detection Solution

ValidSoft’s Voice Verity®, a standalone, non-biometric audio deepfake detection solution, is the augmentation required for authentication processes and audio/video communications alike. Being non-biometric, it requires no consent or user enrolments, does not use or store personally identifiable information, and can operate totally independently of other processes and solutions.

The RSA report further underscores the urgency of adopting AI-powered solutions, with 80% of respondents optimistic about AI’s role in enhancing cybersecurity. Notably, 78% indicated plans to implement AI within their cybersecurity stacks in the next year. This trend aligns with the growing recognition that deepfake detection and advanced authentication measures are indispensable in today’s threat landscape.

Fraudulent deepfake attacks are growing, and their manifestation, like all forms of fraud, will only become more innovative. Voice Verity® provides the certainty that a lack of deepfake detection can’t.

As FinCEN’s alert and the RSA report reveal, the stakes are higher than ever for financial institutions. Embracing tools like Voice Verity® ensures that organizations remain one step ahead of fraudsters, safeguarding their operations, customers, and reputations in an increasingly complex digital ecosystem.