720-891-1663

Generative AI Could Make Banks’ ‘Know Your Customer’ Effectively Useless

Know Your Customer or KYC is a mandate of federal law for the financial services community such a banks, brokers and fintech.

Often companies use “ID images” to confirm a person is who they say they are.

Even some cryptocurrency platforms rely on this.

Viral posts on Reddit and other social media show how, using open source and off the shelf software, an attacker could use a manipulated image to pass the KYC test.

This process usually works like this. A customer uploads a picture of themselves holding an ID document that, in theory, only they have. Then a person or a computer compares the image with documents and selfies on file.

Online tutorials show how, for example, Stable Diffusion, a free image generator can be used to create images of a person against any background and with a little work, that image could appear to be holding an ID document. Basically, this is just a specific use of deep fake technology.

Feeding deep faked KYC images to an app is even easier than creating them. For example, Android apps running on a desktop emulator can be tricked into accepting deep faked images instead of a live camera feed, while apps on the web can be foiled by software that turns any image into a virtual webcam.

Even those tests which check for “liveness” can be foiled by this technology.

While historically KYC methods that have been used in the past and which even in the past were not great, will soon be completely useless. Credit: Tech Crunch

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *