A disturbing threat has emerged where malicious actors get victims’ facial data and create convincing deepfake videos to gain access to their bank accounts. This raises the question: How can you ensure the safety of your money in the face of this new threat?

While biometrics have long been considered as a reliable authentication mechanism the increasing accessibility to deepfake technology has opened doors for cybercriminals to exploit it for their nefarious purposes.

In a shocking case of a banking trojan that steals people’s faces, fraudsters based in China have targeted older adults in to drain their bank accounts. These hackers disguise themselves as bank call centre agents and trick victims into sharing their identity documents and phone numbers. They then request facial scans from their victims, enabling them to carry out their fraudulent activities.

AI-generated deepfakes replace the images captured during the face scans. These deepfakes are extremely realistic and can bypass certain security checkpoints. One unfortunate victim, who downloaded a malicious app and was convinced to perform a face scan, lost more than R7.6-million ($40,000).

Are biometrics still safe?

The latest tactic has many IT experts questioning whether biometric identification is still safe to use. 

Unlike passwords or other credentials that can be changed, biometric identifiers like fingerprints and facial features are permanent and cannot be replaced. Also, criminals can use them repeatedly to impersonate victims and gain unauthorised access to their accounts, leading to banking fraud or a loss of their identity.