Deepfakes have been hitting the headlines in recent weeks, and none of them are positive. Celebrities have been victims of malicious impersonations, crypto exchanges have had their identity verification processes bypassed by cheaply available deepfaked identity documents, and companies were tricked into huge bank transfers by deepfaked impersonations. Aside from altering the landscape of pop culture, generative AI and deepfake technologies pose a very real threat to businesses of all kinds. Anywhere customers are interacting with services digitally is at risk of accepting a faked identity, highlighting that it’s more important than ever for companies to implement robust identity verification processes.
Understanding the Deepfake Challenge
What exactly is a deepfake? A deepfake is a video or image of a person digitally generated to look like someone else. At first, deepfakes were perhaps perceived as nothing more than a prank- a fun way of making friends and family or celebrities do and say amusing things. Nowadays however, the rapid advancement of generative AI’s capabilities makes them frighteningly believable, they can be generated real-time, and with disastrous consequences.
Not only do deepfakes allow bad actors to spread misinformation via impersonation of officials, but also the impersonation of existing ordinary individuals or creation of fictious new identities. These deepfake creations are convincing enough to access real people’s assets, or open accounts using fictitious identities. Alarmingly, this technology isn’t only in the hands of high skilled hackers and digital criminals anymore, but also low-skilled everyday scammers.
For just $15, anyone can purchase a realistic looking AI generated image of a fake ID and have it ready to use in minutes. By using these “OnlyFake” IDs, fraudsters have been able to successfully fool optical identity verification solutions and open accounts for cryptocurrency exchange OKX with identity documents of non-existent individuals. This is an alarming trend that will only grow as AI tools become more advanced and more accessible.
Current State of Identity Verification
Many existing methods of identity verification have already proved vulnerable to deepfakes. Optical identity verification relies on taking a picture of an identity document to scan the Visual Inspection Zone (VIZ) and photo page of a document to extract data and check physical security features, such as holograms. Many optical providers state that they use AI to authenticate identity documents - but how effective is combating fire with fire? The AI arms race faced by optical providers in its current state cannot provide 100% assurance that an identity document is genuine. Even worse, experiments have shown that simple manipulations with photo editing software are hard to catch for many optical verification services. Who needs AI?
Video verification, in which a person is in front of a webcam and presents their identity document to a human officer is perhaps the most intricate form of identity verification under threat. Not only can the identity document be deepfaked in real time, but the face of the individual can also be manipulated to match, as was already proven by the Chaos Computer Club in 2022.
NFC identity verification on the other hand is not only deepfake-proof but makes deepfakes irrelevant. Rather than relying on a picture of a picture, NFC relies on cryptographically signed document chips. These chips cannot be duplicated or replicated with AI technology. Deepfakes don’t have chips in their fake IDs. With an NFC reading, the face image in the chip is available in high-resolution, and a replacement of any kind, AI generated or not, will be detected by the security mechanisms inherent in these chips. In short, when it comes to remote identity verification, you cannot trust what you see of an identity document - only what you read and verify with NFC from the chip inside it.
NFC, the Ultimate Defence against Deepfakes
The cryptography in identity document chips makes them the ideal defence against deepfakes. The standards of the security measures in identity document chips are outlined in the International Civil Aviation Organisation’s (ICAO) Doc 9303. Even physical fake identity documents cannot replicate the signatures placed in chips by issuing states, so no matter how convincing a fake might be it remains just that- a fake. In a matter of seconds, an NFC verification would highlight that a chip has been manipulated or duplicated- Inverid’s ReadID solution has 0 known false accepts.
You cannot trust what you see of an identity document - only what you read and verify with NFC from the chip inside it.
Inverid’s solution ReadID is used by customers in a wide variety of sectors to create a secure customer journey. End users can authenticate their identity documents from anywhere in the world at any time with their smartphone, providing instant results and enabling automated customer flows. Whether onboarding, authorising, or remediating, NFC-based identity verification is the most secure solution. Crypto exchange BCM utilises ReadID in their customer onboarding to great effect, streamlining their process and creating strong compliance with fast-changing regulatory requirements.
Sectors are facing never before seen security threats in the form of deepfakes. Protect your customers and create compliance with NFC-based identity verification.
You can try the speed and security of NFC identity verification for yourself with the ReadID Me app, available on Android and iOS. Authenticate your own identity documents safely and securely and see just how easy secure remote identity verification can be.