The financial impact of this incident was significant, with Group-IB reporting losses exceeding USD 135 million
Biometric security, once considered a reliable solution for safeguarding businesses, is now under siege as bad actors harness deepfake technology to bypass these measures. In August 2024, a major financial institution in Indonesia sought the assistance of cybersecurity experts after falling victim to an elaborate fraud scheme exploiting biometric systems.
Despite implementing “robust, multi-layered security measures,” including facial recognition and liveness detection as part of their Know Your Customer (KYC) process, the attackers managed to circumvent these protections. By acquiring stolen identification documents through illegal channels and manipulating images using deepfake techniques, they successfully bypassed biometric verifications. The attackers used this method to fraudulently apply for loans under the names of unsuspecting victims, leaving the institution vulnerable to financial losses.
Cybersecurity firm Group-IB, tasked with investigating the breach, uncovered over 1,100 deepfake fraud attempts targeting the bank’s digital KYC process. These attacks highlight the escalating threat posed by artificial intelligence-driven fraud, not only in Indonesia but globally.
“Fraudsters are increasingly leveraging AI to generate text, images, audio, and video to enhance their scams,” the FBI warned in a recent statement.
The financial impact of this incident was significant, with Group-IB reporting losses exceeding USD 135 million. Moreover, the issue is far from isolated. Francesco Cavalli, co-founder of Sensity.AI, revealed that banks and fintech companies detect approximately 1,500 deepfake spoofing attempts monthly. These figures underscore the growing use of AI to exploit vulnerabilities in financial systems.
Cybersecurity experts emphasise that while AI has immense potential for innovation, it also amplifies risks when misused. Group-IB’s findings serve as a cautionary tale for industries relying on biometric security, urging them to adapt and strengthen defences against the evolving landscape of cyber threats.
The incident underscores the urgent need for organisations to revisit and bolster their cybersecurity frameworks to mitigate risks posed by emerging technologies like deepfakes.