Sophisticated deepfakes, screenshots, and face manipulation are the most common tactics cybercriminals use to trick facial authentication software.

Identification verification (IDV) services are becoming ever more popular, with forecasts putting IDV market growth at over 13% for the next five years.

Even though remote verification allows easier access to services requiring users’ ID confirmed, threat actors seek ways to abuse the system.

According to data analyzed by researchers at Sumsub, an automated IDV and anti-fraud company, 6% of all errors occurring during facial biometric checks are likely related to digital manipulation attempts.

In 70% of the cases, people tried using screenshots, manipulated pictures, physical and digital masks, as well as sophisticated deepfakes and 3D models.

Man in costume and its deepfake
An example of a deepfake.

“Deepfakes are used by scammers and cybercriminals. They pose a great threat, that’s why it is important to combine different verification methods,” Sumsub’s representatives told Cybernews.

One way to prevent threat actors from stealing somebody’s identity with an AI-generated face is to apply multi-factor authentication (MFA) logic to identity verification.

That can include adding extra steps like email and phone verification, a couple with ID checks, and other measures.

“But we should keep in mind that fraudsters enhance their techniques day by day, so the stakes are high, and verification solutions absolutely need to be updated regularly,” the company explained.

Cross-country differences

Researchers have also found that the IDV process takes a different amount of time worldwide. While liveness checks in the UK, EU, Canada, and Japan take less than 35 seconds, in the US, the same process takes 45 seconds.

Meanwhile, residents of Israel, Nigeria, and Angola, on average, take 90 seconds to complete the process. Researchers think that one reason for the disparity could be different broadband speeds around the globe.

Interestingly, researchers also associate the difference to the distribution of devices that support facial recognition functionality.

“These disparities could be due to the fact that, for some countries’ citizens, the facial movements required to complete the check are not as habitual as for residents from the UK, EU, or the US,” Sumsub explained to Cybernews.

Researchers have also found out that while, on average, Linux, Windows, and Android users take 50 seconds to complete the application, macOS and iOS carry out the same task in less than 39 seconds.

More from Cybernews:

Scammers lure Signal users into a trap with fake cash prizes

US District Attorney sends a message to cybercriminals – we will come for you

Cyber crooks lament own tragedy as Russia gets tough on card fraudsters

CISA publishes a list of free cybersecurity tools and services

More NFT pain as cyber crooks steal $1.7m in tokens from OpenSea

Subscribe to our newsletter