Skip to content

Deepfake-Resistant Face Verification: A Board-Level Risk

Sotiris SpyrouUpdated on

Share this article

LinkedInXEmail
Deepfake-Resistant Face Verification: A Board-Level Risk

A face on a screen is no longer proof of a person. The same generative tools that flood dating apps with fake profiles now defeat the face checks that banks, insurers and fintechs use to onboard customers. For boards in regulated industries, biometric verification has become a governance question, not just a fraud-ops one: can you prove your identity controls still work, and can you prove they comply with the EU AI Act?

Start with the familiar version. Someone matches with a stranger online, the photos look real, the story holds, and months later the money is gone. Romance fraud runs on synthetic faces. The boardroom version is the same trick pointed at your onboarding flow: a fraudster sits in front of a webcam, a face-swap model paints a stolen or invented identity over their own in real time, and your "selfie plus document" check waves them through. The dating-app problem and the bank-onboarding problem are the same problem at different stakes.

This is a Responsible AI question because the fix involves deploying biometric AI on your own customers, and that carries its own rules. Get the controls wrong and you let fraud in. Get the governance wrong and you breach the law while doing it.

Why is face verification breaking down?

Two attack types matter, and they're often confused.

A presentation attack shows something fake to a real camera: a printed photo, a screen replay, a silicone mask. Liveness detection has handled these reasonably well for years.

An injection attack skips the camera entirely. The fraudster feeds manipulated video straight into the verification software through a virtual camera or a tampered app, so the system never sees a real lens at all. This is where deepfakes have changed the maths. iProov's 2026 Threat Intelligence Report recorded a 1,151% surge in iOS injection attacks in the second half of 2025, part of a 741% rise across the year, as tools that were once specialist became cheap and repeatable.

Consumer face-swap models now run frame by frame on a standard laptop, replicating blinks, head turns and lighting well enough to pass passive liveness. The document on screen is genuine (stolen or synthetic). The face is not. That's the bypass.

Attack type What the system sees What defeats it
Presentation attack A fake artefact held to a real camera Liveness detection (ISO/IEC 30107-3 PAD)
Injection attack Manipulated video fed past the camera Injection defence, device binding, challenge-response
Synthetic identity A document plus face that never belonged to one real person Cross-checks against authoritative data, not biometrics alone

The uncomfortable point for any business relying on a single selfie check: passing liveness is no longer the same as proving a live human is present.

What does this cost regulated businesses?

The dating-app framing undersells it. Deloitte's Center for Financial Services projects that generative AI could push US fraud losses to $40 billion by 2027, up from $12.3 billion in 2023, a compound growth rate around 32%. Identity onboarding sits at the centre of that curve, because a fake account opened today is the vehicle for laundering, scam payouts and synthetic-identity lending tomorrow.

Regulators noticed first. In November 2024 the US Financial Crimes Enforcement Network issued an alert on fraud schemes using deepfake media, warning that criminals use GenAI to circumvent customer identification, authentication and due-diligence controls. It told institutions to treat synthetic identity documents and AI-generated faces as a Bank Secrecy Act reporting matter, not a curiosity.

The exposure isn't only the fraud loss. It's the regulatory finding that your KYC controls were known to be defeatable and you carried on. For a board, that's the difference between a write-off and a liability.

How should boards govern biometric verification?

Here's the trap. The obvious response to deepfake onboarding fraud is "deploy stronger biometrics." But under the EU AI Act, biometric systems are themselves a regulated category. You can solve a fraud problem and create a compliance problem in the same procurement.

The Act treats different uses differently:

  • Prohibited. Biometric categorisation that infers race, political opinion, religion or sexual orientation, and emotion recognition in workplaces or schools, have been banned since February 2025 under Article 5.
  • High-risk. Remote biometric identification, biometric categorisation by sensitive attributes, and emotion recognition fall into the high-risk tier under Annex III, with obligations on risk management, data quality, logging, human oversight and accuracy.
  • Lower-obligation, with transparency duties. Verifying that a customer is who they claim, one-to-one, at their own request during onboarding, is generally lighter-touch than open-ended one-to-many identification. The classification turns on how the system is used, not what it's called.

That distinction is the governance work. A board can't sign off "we bought a liveness vendor" and consider the AI Act handled. The questions that matter: which Annex III category does this use fall into, is there a documented fundamental-rights and accuracy assessment, is bias across demographics measured, and is human oversight real rather than nominal? We cover the wider duties in our guide to the EU AI Act's compliance mandates.

This is the VerityAI position in one line: the right time to engineer your fraud defences and your AI compliance is the same time, by the same people, because the same system creates both risks.

What should a buyer ask a verification vendor?

Most procurement still checks for "liveness." That's the wrong bar now. Use independent evidence, not vendor claims.

  • Independent PAD testing. Ask for ISO/IEC 30107-3 presentation attack detection results from an accredited lab, with the level stated. This is the recognised standard for testing and reporting anti-spoofing performance.
  • Independent algorithm benchmarking. NIST runs the Face Analysis Technology Evaluation, which scores presentation attack detection and demographic performance for software-only systems. A named NIST result beats a marketing percentage.
  • Injection defence, separately. PAD testing covers presentation attacks. Ask specifically how the vendor stops injection: device binding, virtual-camera detection, cryptographic session integrity. A high liveness score says nothing about injection resistance.
  • Demographic bias data. Accuracy that varies by skin tone or age is both a fraud gap and, under the AI Act, a compliance exposure. Demand the breakdown.
  • Auditability. Logging, decision records and human-review pathways you can produce for a regulator.

A vendor that answers all five with documents is rare. A vendor that answers with adjectives should be off the list.

Frequently asked questions

Is deepfake onboarding fraud actually a board-level issue?

Yes, when the control that fails is the one regulators expect to hold. KYC and customer due diligence are legal obligations, not features. A FinCEN alert and a $40 billion loss projection put failure of identity controls into the territory of regulatory findings and reportable risk, which is squarely a board matter.

Does deploying liveness detection make us EU AI Act compliant?

No. Liveness reduces one fraud vector. AI Act compliance depends on how the biometric system is classified and governed, including risk assessment, bias testing, logging and human oversight. The two are separate workstreams that should be run together, because the system that fixes fraud is itself a regulated AI system.

What's the difference between a presentation attack and an injection attack?

A presentation attack shows a fake to a real camera, such as a photo or mask. An injection attack feeds manipulated video directly into the software, bypassing the camera. Liveness detection mostly handles the former. The deepfake surge is driven by the latter, which needs different defences.

Can we rely on a single selfie-plus-document check?

Not safely. Face-swap models now pass passive liveness, and stolen or synthetic documents pair with them. Layered controls (injection defence, device signals, authoritative data cross-checks) hold up where a single biometric check no longer does.

The bottom line

Treating face verification as a vendor checkbox is the mistake. The same generative AI that fills dating apps with invented people now industrialises attacks on the onboarding flows that regulated businesses are legally required to defend. The honest position is that a single selfie check is no longer evidence of a real person, and pretending otherwise is a governance failure waiting for a regulator to name it.

The board's job isn't to pick a liveness product. It's to ask whether the verification system is hard to fool and lawful to run, and to insist on independent proof of both. Those two questions belong to the same conversation, because the AI that defends you is the AI you now have to govern. That's the Responsible AI lens on identity, and it's why fraud defence and AI compliance shouldn't be bought from different rooms. See how the same logic applies to executive deepfake fraud and to detecting synthetic media before it reaches your users.

This is the kind of work our AI governance and compliance handles.

Share this article

LinkedInXEmail
Sotiris Spyrou - Author

Sotiris Spyrou

Sotiris Spyrou is the founder of VerityAI, a Responsible AI advisory for boards and AI-deploying businesses. With 27 years across agencies, global in-house roles, and the C-suite, he advises leaders on AI governance and risk, and on answer-engine visibility engineered without the dark patterns the rest of the industry is getting penalised for. He is the author of TRANSFORM, AI Moats, and Ethical AI.

Founder at VerityAI