Industry Intel - Conference Recaps and Thought Leadership Article

Understanding Deepfake Risks in Financial Systems: Insights from FinCEN’s Alert

The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has issued a critical alert addressing the growing use of deepfake media in fraud schemes targeting financial institutions.

This guide explores the implications, detection methods, and best practices for mitigating risks associated with deepfake technologies. 

What Are Deepfakes? 

Deepfakes are synthetic media created using Generative AI (GenAI), which manipulates or fabricates audio, video, images, or text to appear authentic. While often sophisticated, deepfakes do not need to be flawless to be effective in misleading individuals or systems. 

How Criminals Exploit Deepfakes in Financial Fraud 

1. Identity Fraud 

Criminals use GenAI to: 

  • Create counterfeit identification documents like passports or driver’s licenses. 
  • Fabricate synthetic identities combining real and fake personally identifiable information (PII). 

These falsified identities have been linked to opening fraudulent accounts, facilitating money laundering, and executing scams such as credit card fraud and unemployment fraud. 

2. Social Engineering Attacks 

Sophisticated social engineering scams leverage deepfake-generated audio and video to impersonate trusted individuals. Examples include: 

  • Business Email Compromise (BEC): Scammers impersonate executives to authorize fraudulent transactions. 
  • Family Emergency Scams: Impersonators mimic voices of family members to solicit emergency funds. 

 

Detecting Deepfake Fraud 

Red Flag Indicators 

Financial institutions should look for: 

  • Inconsistencies: Discrepancies between a customer’s identity documents and profile details. 
  • Unusual Verification Behavior: Refusal to complete live verification processes or use multifactor authentication. 
  • Technological Tells: Suspicious glitches during live video verifications or the use of third-party webcam plugins. 
  • Pattern Analysis: Rapid transactions, high volumes of chargebacks, or activity linked to risky payees like gambling websites or offshore exchanges. 

Advanced Detection Techniques 

  • Reverse image searches and open-source research. 
  • Use of deepfake detection software analyzing image metadata or identifying AI-generated text. 

 

Proactive Measures for Financial Institutions 

  1. Enhance Verification Processes: 
  1. Employ multifactor authentication (MFA), including phishing-resistant MFA. 
  1. Use live audio or video verifications to confirm customer identities. 
  1. Invest in Detection Technology: 
  1. Leverage AI tools and third-party services to detect GenAI manipulations. 
  1. Monitor Suspicious Activity: 
  1. Conduct thorough due diligence on accounts with unusual patterns. 
  1. Stay Updated on Fraud Typologies: 
  1. Familiarize teams with emerging threats and adapt security protocols accordingly. 

 

Reporting and Compliance 

Financial institutions must comply with the Bank Secrecy Act (BSA) and report suspected activity linked to deepfake fraud under the term “FIN-2024-DEEPFAKEFRAUD” in their Suspicious Activity Reports (SARs). 

 

Conclusion 

The rapid advancement of Generative AI underscores the urgency for financial institutions to fortify their defenses against deepfake-enabled fraud. By recognizing red flags, adopting robust verification processes, and leveraging advanced detection tools, the financial sector can mitigate risks and safeguard both institutions and their customers from this growing threat. 

For more detailed guidance, refer to FinCEN’s alert and the broader resources on managing AI-specific risks in financial services.