Growing Trends in AI Impersonation Calls for a More Defensive Posture

Fraud has always been a part of life, amplified when we established the post office, connected the first telephone lines, and, of course, brought commerce to the Internet. Today, we face a new threat: generative AI-powered impersonation. The rapid advancement of these tools has transformed the fight against fraud, making traditional identity verification obsolete. To respond, the institutions we rely on must adopt a defensive posture to protect what integrity remains.

As we go through life, we rely on various pieces of evidence to establish our identities. Bank statements, W-2 forms, utility bills, driver's licenses, and social security cards have been foundational in our ability to assert our identity. 

For decades, our identities were verified in person. We would drive to the bank, and the teller would compare the information with the person in front of them. This worked for a time, but as society became more remote and mobile, we needed to adapt.

Digitizing customer identification unlocked digital commerce. Digital banking solutions began reaching the millions of unbanked, cars could be bought online and delivered on demand, and we could execute life’s most important documents without leaving home. 

With gen AI now threatening what has traditionally underpinned identity, we need a new approach to balance the benefits of digitization with the risks of AI impersonation.

Deloitte predicts that gen AI-enabled fraud will be a $40 billion dollar annual problem in the near future. With relative ease, fraudsters have a near-limitless ability to impersonate individuals with deepfake videos, audio, forged documents, and more.

Until recently, companies often accepted identity evidence at face value, assuming most interactions were with legitimate customers. Fraud mitigation has primarily focused on identifying bad actors, with advanced identity-proofing tactics deployed sporadically or, worse, only when a new account was opened.

We need a more comprehensive approach in which fraud detection and identity verification tools work in concert and customers are vetted at every touch point.

First, we need to reduce our reliance on traditional identity checks, such as credit history or running social security numbers. The information needed to easily pass these checks is available online and frequently compromised in data breaches.

Next, institutions must conduct multiple identity checks grounded in methodologies designed for the modern age. They should perform sophisticated credential analysis, verify information against issuing sources, and conduct liveness checks to ensure interactions are with a real person.

Institutions need to leverage existing technologies that provide deeper insights into what’s going on behind a transaction. For example, determining the location of the devices or if a phone number was created just before an exchange.

Official documents should be issued, modified, and exchanged only by verified sources. When someone receives a credit card bill, they should be able to confirm it came from the issuer. Similarly, when a bank receives a withdrawal authorization, they should be able to verify it genuinely came from their customer. Documents should be encrypted with metadata that proves their legitimacy and provides an auditable trail of who created and accessed them.

When technology alone can’t verify someone’s identity, fraud is suspected, or the transaction carries greater risk, we need humans to step in. Humans can act as backups, available 24/7 to review transactions, meet customers in real-time, and verify whether the person on the other end is genuine.

The benefit of these technologies is that they can perform inbe performed in minutes, improving transaction times and the customer experience by giving institutions greater confidence when establishing accounts and approving transactions.

Heightened impersonation attacks require a multi-point solution that combines various defenses to address vulnerabilities across an ecosystem. No single solution can solve the problem; a layered and adaptable approach is necessary.

The customer relationship must also evolve. We can no longer rely on the identity profile created at onboarding to sustain an account throughout its lifecycle. A customer’s identity needs to be continuously verified whenever and wherever they engage.

We need a new approach to combat AI-powered impersonation, not only because it is the right thing to do but because we have no choice in a world where transactions are increasingly digitized. If in this world our systems of trust are destined to be challenged with ease, we need better defenses to respond.

‍