top of page
  • Writer's pictureRoy Urrico

Deepfakes, Generative AI Add to FIs ID Theft Concerns

Updated: Oct 30, 2023

By Roy Urrico

The arrival of deepfakes and other generative artificial intelligence (AI)-based capabilities available to cybercriminals has worsened the ever-increasing threat of fraud – especially stemming from identity theft – to financial institutions. Chicago-based OneSpan, which specializes in digital identity and anti-fraud solutions, suggests credit unions and banks must adopt more robust identity verification techniques to combat these new techniques.

Financial identity theft entails stealing a person’s fiscal information, such as credit card or bank account details, then exploiting that data to make unauthorized purchases or access their funds. The bandit may also use the stolen data to open new accounts or lines of credit and obtain loans in the victim’s name or even withdraw funds from the quarry’s bank accounts.

With the recent explosion of generative AI models, which are capable of creating text, images, or other media, deepfake technology has become more convincing and readily available (if you know where to look). Hackers not only know where to look, they no longer need advanced technical capabilities to plunder financial accounts.

Sameer Hajarnis, senior vice president and general manager of digital agreements at OneSpan.

Sameer Hajarnis, senior vice president and general manager of digital agreements at OneSpan, joined Finopotamus for a discussion of financial identity theft and ways to combat threats.

OneSpan provides identity verification, transaction signing, authentication, mobile security, simplified e-signature workflows, and secure video collaboration for virtual transactions. Its solutions enable trust that ensures the integrity of the people and artifacts associated with digital agreements and transactions across banking, financial services, healthcare, and professional services. “We have been in business for almost 30 years, publicly traded on the Nasdaq,” said Hajarnis. He added

OneSpan solves two different types of problems:

1. The authentication issues. How organizations authenticate and verify people's identities as they access digital properties. “We help secure digital properties, like their retail banking websites, mobile banks, corporate banking applications, things of that nature,” said Hajarnis.

2. The digital agreements business. “That is where we help people digitize their workflows and help them drive both, top line revenue as well as operating efficiencies,” explained Hajarnis. That includes doing things like e-signatures, digital identity verification, and remote online notarization.

Pandemic Opened Door to Remote Usage and Fraud

Hajarnis asserted the remote digital world changed during and after COVID-19. “It just basically multiplied and expanded the attack surface that fraudsters, and people with malicious intent, had in terms of how they could go after weak links in these digital e-commerce processes and exploit vulnerabilities.” He also explained many people new to the digital interface found it difficult to establish their identity because they were not familiar with using technology.

In 2022, the Federal Trade Commission (FTC) received more than 5.1 million fraud reports with over 1.1 million involving identity theft. “Identity fraud is a huge issue in the industry,” said Hajarnis. “People stealing social security numbers, driver's licenses, IDs and impersonating people. That has been happening for a while now with generative AI and other technologies coming in, they are getting more and more sophisticated.”

Hajarnis noted tools sold on the dark web, such as FraudGPT and WormGPT, help cybercriminals beat the financial services systems. “All of these tools, they're getting more and more sophisticated for people using deep fakes to write very well-crafted spear phishing emails to get through those processes.”

Creating a Safe Banking Environment

Digitizing processes is essential today, but credit unions and banks face the challenge of creating digital business processes that time and money, but increase the need for better security, financial or regulatory risk protection. What OneSpan sees, pointed out Hajarnis, is the financial services industry frantically trying to catch up and put in technologies in place, for verifying identities and solving this problem.

Hijarnis pointed out OneSpan’s deep roots in customer identity verification and authentication has fuse with its expertise in e-signatures and customer-facing cloud workflow. It hopes to re-energize trust and integrity to the fragmented, risky cloud business processes.

“We want to see a world where digital interactions and transactions are trusted between two parties,” said Hajarnis. He added, OneSpan and the solutions it brings to market are intended to provide “secure signature workflows, digital transaction workflows that (financial institutions) can use in a way they can build on their client trust. And that is what all businesses want.”

When it comes to securing digital agreements, it is about having assurance throughout the entire transaction lifecycle, explained Hajarnis. In addition, security must be woven throughout the transaction process given the patch-quilt nature of today’s cloud. “We are helping our customers by continuously verifying the identity of a user who is coming in. And then embedding biometrics with that to make sure that you are the person on the other end engaging in this transaction. And, and that is based on a set of metrics, a set of parameters, which we then collate around different data points that we capture.”

Hajarnis explained that behind the scenes, OneSpan will actually verify whether a document is authentic. “We put that through algorithms and machine learning, which provides the intelligence of detecting a fake on multiple points. OneSpan also employs facial biometrics. “It's not just a picture of yourself but it's also with liveness detection to make sure it's a real person who's doing that transaction,” said Hajarnis.

Hajarnis said, “We have weaved the identity verification of the user upfront in our process. And based on this continuous authentication, we challenge as soon as we see there is any risk in this process.” The process could be part of the onboarding process, during the loan origination process or any other process requiring authentication.

A Credit Union Need

Hajarnis suggested the credit union space is primed for a technology makeover. “A lot of the credit unions are looking at ways they can reach their members through more channels.” He noted, while most credit unions began with a localized branch footprint, over the years, people have spread all over the United States as people retire, move, and take new jobs. Now many members reach their credit unions through mobile channels.

With that comes the same need for identity verification. “We could help capture the consent, collect data from people in terms of a form, if they were applying for a loan, we could collect the information they are generating, document it, capture their biometrics, their government issued ID, a copy of their driver's license, and verify it, in a very secure way and while providing that end-to-end service, which allows credit unions to be very successful.

Hajarnis suggested When someone in a credit union is looking for a solution, what OneSpan is telling them and advising them is when you are looking to digitize these workflows, you want a partner that can support you for a host of different application types or use cases” Plus, because banks or credit unions are regulated financial institutions, these entities need to provide the evidence and carry the burden of proof for a much longer period.

“Not many customers today are focusing on the system of record. But in a digital world, being able to secure your doc and prove provenance that you have for the document and the transaction that happened digitally and prove it, if ever required, is very important,” said Hajarnis. “To make sure that when it is stored, it is tamper proof and no one can hack into it. That is another area which we provide and ask people to focus on.”


bottom of page