Financial institutions are facing a significant increase in deepfake fraud attempts, which have grown by 2137% in the last three years, according to data from Signicat's The Battle Against AI-Driven Identity Fraud report. As deepfakes become more advanced, businesses across all industries must reconsider their security strategies to address one of the most serious forms of identity fraud in today's landscape. 

Over 1200 respondents from the financial and payment sectors across seven European countries, including the UK, stated that account takeover is the leading type of fraud their customers are exposed to, followed by card payment fraud and phishing. 

The study, the first to focus on AI-driven identity fraud, highlights that deepfake technology has become one of the three most common types of identity fraud in the financial and payments sector across Europe. Deepfakes use artificial intelligence to create highly realistic digital forgeries. Their rapid growth is prompting urgent discussions about improving companies' fraud prevention capabilities. 

Deepfake Fraud: Presentation vs. Injection Attacks 

The evolving deepfake technology has enabled two main types of attacks: 

1. Presentation Attacks: include fraudsters wearing masks and makeup to spoof another person, but also where the camera films another screen showing a deepfake in real-time, targeting activities such as account takeovers or fraudulent loan applications. 
2. Injection attacks: In these cases, malware or untrusted input is deliberately inserted into a program, compromising its integrity or functionality for example as pre-recorded videos, often during onboarding or KYC processes that banks, fintech companies, or telecommunications companies are subjected to. 

As these techniques become more sophisticated, traditional fraud detection systems may struggle to handle this evolving threat. 

 Deepfakes: A Growing Concern in Financial Fraud 

According to Signicat's report, 42.5% of fraud attempts detected in the financial sector are now due to AI. Three years ago, deepfakes were not even in the top three most common types of digital identity fraud, and today it is the most common type of digital identity fraud faced by companies. These forgeries have become more widespread and harder to identify, which has contributed to their rise as one of the main methods of identity fraud. 

Delay in fraud detection tools as threats increase 

Despite the increase in AI-driven fraud attempts, including deepfakes, only 22% of financial institutions have implemented AI-based fraud prevention tools. This gap leaves many companies vulnerable to more sophisticated attacks. 

"Three years ago, deepfake attacks were only 0.1% of all fraud attempts we detected, but today, they represent around 6.5%, or 1 in 15 cases. This represents an increase of 2137% in the last three years, which is alarming. Fraudsters are using AI-based techniques that traditional systems can no longer fully detect. Organisations should consider advanced detection systems that combine AI, biometrics and identity verification to protect against these threats,’ says Pinar Alpay, Chief Product & Marketing Officer at Signicat. "A multiple detection setup is crucial. By combining early risk assessment, robust identity verification and authentication methods based on facial biometrics, and ongoing monitoring, companies can better protect both their operations and their customers,” she adds. “Orchestration of these tools in the optimal combination is the essence of a multi-layered protection”.  

The steep rise in deepfake fraud is part of a broader trend of AI-driven identity fraud, as cybercriminals increasingly leverage advanced technologies to exploit financial systems. Signicat's report makes an urgent call to action for financial institutions and businesses alike to proactively strengthen their cybersecurity measures.  

By updating fraud detection systems, improving employee and customer awareness, and investing in AI-based fraud prevention solutions, organisations can stay ahead of these rapidly evolving threats and protect both their operations and their customers.