Facial verification was introduced as a much-needed means to combat identity fraud, a type of fraud where people may pass passport images, government IDs, or passports and names as theirs for malicious or fraudulent purposes on digital platforms or during digital/virtual onboarding sessions. A ploy they often got away with before the emergence of facial verification. However, in typical human fashion, criminals also found a way to bypass facial verification and developed even more sophisticated or tricky ways.

As all typical security measures must adapt using facial recognition system, measures to detect the bypass of facial verification emerged to counteract these new ways of bypassing facial verification.  

Moreover, all businesses need to know how fraudsters bypass facial verification and ultimately the use of facial recognition systems and other advanced software such as liveness detection solutions to counter facial or identity fraud.

This article thus discusses everything you need to know about how fraudsters bypass facial verification. You would also know how to overcome the challenge of identity fraud during your customer onboarding session

What is Facial Verification?

Facial Verification is a biometric technology that uses facial recognition to confirm a person's identity. The process works by analyzing and comparing the unique features of an individual's face to a pre-recorded image or database. 

This process helps verify that the person attempting to access a system or service is who they claim to be., a process called identity verification.

How Do  Fraudsters Bypass Facial Verification?

There are several common tactics fraudsters use to bypass facial verification. They include;

1. Deep Fake Technology

Fraudsters or malicious individuals can use AI to create hyper-realistic videos or images of an individual's face, which can mimic expressions and movements in real-time. These fakes can easily fool some facial recognition systems if not properly equipped with sophisticated detection mechanisms.

Deep Fakes are more common than we think and notice.  On October 15, 2024, First Post, a leading news station that reports viral and breaking news, reported the arrest of  27 deepfake romance scammers in Hong Kong who stole $ 46 million from men in India, China, and Singapore. It was a ring that set up operations in a 4000-square-foot industrial unit in Hong Kong. 

Deep fakes are also an emerging threat to crypto exchanges, according to Coin Market. Criminals generate fake identity documents and images with AI and then create deep fake videos to pass face recognition systems. They then use the deep fake images and documents to create a verified account on the exchange.

There is an emerging tool called Pro KYC that enables them to do this,  an advanced AI tool specifically designed to target platforms that use government-issued ID verification and facial recognition security. This tool generates realistic deepfake videos and images, mimicking real people by manipulating faces, voices, and other visual elements.

In the past, criminals typically relied on the dark web to buy fake IDs, usually stolen or forged document scans. However, these outdated methods often fail when it comes to modern security checks, which now use high-quality facial matching and verification technology. 

For an annual subscription of $629, ProKYC offers powerful deep fake capabilities, which makes it a serious threat to existing security systems. The package includes a camera emulator, software that can animate facial expressions and tools for generating photo verification documents. This kit allows fraudsters to create convincing fake videos and verification documents to bypass security and set up new accounts easily.

According to reports, ProKYC can bypass KYC checks on cryptocurrency exchanges like Bybit and payment platforms such as Stripe and Revolut, posing a major challenge for those companies' security systems.

2. 3D Printed Masks and Prosthetics

Lifelike 3D masks that replicate the features of a target can bypass basic systems that rely solely on facial mapping without the use of additional layers of security like liveness detection. This can often be used for payment fraud. 

In the fall of 2014, Spanish and Bulgarian authorities successfully infiltrated an organized crime ring involved in credit card fraud. The group was producing equipment to create fake plastic card slot bezels, which they installed on ATMs and point-of-sale terminals as "ATM skimmers." The criminal network operated across Italy, France, Spain, and Germany. As a result of the operation, authorities arrested 31 individuals and seized over 1,000 skimming devices.

3. Image Spoofing

Fraudsters use static images or previously captured videos of a real individual to impersonate them, bypassing systems that don’t require dynamic checks like head movements or blinking. Our article here helps you to identify identity spoofing.

4. Replay Attacks

These attacks involve the use of a pre-recorded video or facial data during the verification process to convince the system that the person is present in real-time, to bypass liveness detection. 

How To Detect Deep Fakes And Other Fraud 

For most of the article, it has been established that malicious humans are constantly developing ways to bypass facial verification, in hordes as rings, using replay attacks, using sophisticated tools like ProKYC, and many other sophisticated ways. 

The most likely way forward is to develop or adopt even more advanced tools that are adapted to present threats. Some ways to combat deepfakes and other sophisticated means fraudsters use to bypass facial verification include. 

Get to know how fraudsters use deep fakes here.

1. Using Liveness Detection

Liveness detection technology makes sure that the user is physically present and not using an image or video. It detects even subtle signs of life, such as blinking, breathing, or changes in light reflection on the skin. This way, fraudsters cannot bypass the system using fake photos or videos, as the technology can differentiate between real human presence and artificial media.

2. Using AI-Based Deep Fake Detection

Advanced AI algorithms are able to analyze and detect the slightest inconsistencies in fake images or videos, such as unnatural facial movements or distorted features that may not even  be immediately visible to the human eye.

3. Implementing Multi-Factor Authentication (MFA)

Combining facial verification with other methods, such as password entry, fingerprint scanning, or one-time passwords (OTP), strengthens the customer identity verification process. Following this guide form Microsoft will help you in Implementing MFA 

4. Using ID Data Matching and ID Document Verification 

ID Data Matching and ID Document verification are useful tools to verify the identity of a customer in real-time. Yuverify’s ID Data matching collects government ID and verifies against its 300 million+ global government-backed database and document verification services.

Using Youverify To Detect Fraud  

Youverify offers a host of cutting-edge artificial intelligence-backed compliance technology that is powerful and sophisticated enough to detect and combat attempts to bypass facial verification from multi-factor authentication tools, including biometric verification, address verification, bank account verification, and liveness detection. 

Youverify is your go-to AML compliance and fraud detection software provider. Youverify’s products provide effective yet seamless AML compliance software for businesses of all sizes, including fintechs, brokerages, lenders, and crypto exchanges.

See how 1,000+ global companies use Youverify eIDV and liveness detection for KYC and AML screening of customers for compliance and real-time risk detection against deep fakes. Book a demo to get started with Youverify today, to combat fraudsters bypassing your basic facial verification software.