Artificial Intelligence (AI) and other next-generation technologies hold immense potential to protect against fraud and enhance security. At the same time, criminals are utilizing the same technology for illegal, unethical activities like creating fake identities to launder money and commit fraud.
For example, the Identification and Verification (ID&V) part of a bank’s Anti-Money Laundering (AML) process might contain vulnerabilities that criminals can potentially exploit —using the very technologies the bank uses —to overcome barriers to entry and gain unauthorized systems access.
Below are examples of these potential risks, as well as the mitigating steps banks can take to remain secure. Bear in mind that neither the list of risks nor the mitigating steps are exhaustive.
- Synthetic identity creation:
AI can generate ultra-realistic fake identities (name, date of birth, etc.) and forge documents.
- AI/ML models that can generate realistic but synthetic personal information
- Generative adversarial networks (GANs) for creating synthetic facial images and documents
- Deploy AI-driven document verification services to detect anomalies in ID documents
- Deploy advanced document, identity and access management services that can distinguish between synthetic and real identities
- Utilize biometric verification and liveness detection technologies to ensure the identity being claimed is real and present
- Deepfakes and voice synthesis
Deepfake technology can create highly realistic, synthesized images and videos, and voice synthesis can duplicate voices.
- Deepfakes and voice synthesis for replicating facial and voice characteristics of a real individual
- Use voice biometrics coupled with anti-spoofing measures
- Implementing multi-factor authentication processes, combining something the user knows (password), something the user has (token or phone) and something the user is (biometrics)
- Liveness detection ensures that a real, live person is providing the biometric traits
- Manipulating behavioral biometrics
AI models can analyze and mimic user behavior, allowing unauthorized access by pretending to have legitimate user patterns.
- AI models that can mimic user behavior, mouse movements and typing patterns to pass behavioral biometrics verification
- Continuously monitor user behavior throughout the session and employ anomaly detection models to identify deviations from established patterns
- Combine behavioral biometrics with other forms of verification to build a more robust identity verification system
- Enforce step-up authentication when anomalies are detected
- Automation in account creation
Criminals can use bots to automate the account creation process with fake or stolen identities.
- Automation bots and scripts can create multiple accounts quickly, using stolen or synthesized identities
- Implement CAPTCHAs and other bot-detection mechanisms
- Deploy AML risk assessments that authenticate and introduce additional verification steps for suspicious sign-up patterns
- Implement rate limiting on account creation from the same IP
- Social engineering attacks
Advanced AI models can craft persuasive phishing messages and impersonate bank officials in communications.
- AI tools for natural language processing and generation can be used for crafting convincing phishing emails and messages
- Implement advanced email filtering and secure communication channels between banks and customers
- Facilitate employee training and awareness programs to recognize and report suspicious activities
- Develop ongoing customer education programs on security best practices
For every technological advancement, there is an equal push to secure systems against malicious uses of such technologies. Banks must stay vigilant, keep abreast of the latest advancements in security and collaborate with cybersecurity experts, other financial institutions, partners and regulatory bodies to ensure the integrity and security of their systems. Regular security audits, employee training and customer awareness programs are crucial to maintaining a secure and trustworthy financial environment.