Biometric authentication in the current age mostly relies on fingerprint authentication, facial authentication, voice & video recognition, and behavioral contexts. The attack ecosystem has evolved to adopt capabilities to circumvent the authentication system using fake video, audio, and even by playing with behavioral attributes. The attack vectors exploit deep learning capabilities to plan and launch the attack in novel and automated ways. As digitization heavily relies on biometrics authentication, such compromises would lead to identity theft, the integrity of transactions, and lead to financial loss. They would also lead to low confidence of end-users and would affect the realization of digitization goals. Criminals are exploiting the biometric authentication for various malicious and unlawful purposes using artificial intelligence and machine learning, especially deep learning and generative adversarial network. Morphed or doctored image/ video/ audio are used to develop fake videos to carry out financial frauds. Biometrics authentication unleashes many digitization possibilities. Securing digitization demands a sound defense against such advanced attacks.
Background/ Context: Financial sector regulations allowed video KYC for opening accounts or onboarding customers. It is a great step towards digitization by allowing video KYC through regulated entities such as banks, non-banking financial companies, wallet service providers, and other financial entities. Adversarial network using deep fake technologies can use morphing or doctoring image/ video/ audio to compromise the system. Even advanced behavioral biometric like GAIT can be compromised. Information can be leaked via profiling of sensors and using side-channel attacks. For securing digitization, protection against such attacks needs to be built, which should have the capability of detection of doctoring the attributes used for malicious use. Real-time identification of the events compromising security through video analytics would help to make identification and authentication robust. The solution should also be able to browse through multiple vectors, contexts, and stages of the attacks to provide real-time contexts for taking authentication decisions.
Industry Use Cases: