FB pixel

Au10tix researchers discover relaunched fake ID generation site OnlyFake

Au10tix researchers discover relaunched fake ID generation site OnlyFake
 

OnlyFake.org caused a stir among digital identity verification providers and businesses relying on biometrics to onboard customers when it was revealed as a tool for attempting fraud at scale.

The website vanished from the internet following the outcry; but not for good.

Fraud prevention researchers at Au10tix discovered the site, reborn with a new URL that can be found through the same contact channels, Au10tix Chief Business Development Officer Ofer Friedman tells Biometric Update in an email. The synthetic ID generator has added more disclaimers that demonstrate their awareness of how customers can commit fraud with the products they sell.

A warning on the new site tells customers; “Do not use the images illegally!” The website offers bulk purchases of a thousand fake identity documents for $1,500, and advertises fake U.S. driver’s licenses and passports.  The site also includes a “Denial of responsibility,” which is labeled “OnlyFake disclaimer.”

The disclaimer suggests that the fake ID templates “are only for use in movies, TV shows, web illustrations (online account verification).”

“Buying and owning a PSD template from this site is not illegal, but making a fake PVC license/card/ID for physical use is illegal and a serious crime,” the disclaimer says. “So the use for fraudulent purposes is strictly prohibited. We set up our template in such a way that people cannot physically use it (by making a fake license/card/ID out of PVC). If you are going to use our fake PVC license/card/ID card template, please exit our site immediately.”

“They are also announcing the addition of new ID document templates on a weekly basis, and have added supporting tools such as handwritten signature generation,” Friedman says. “In parallel, various channels offer ready-made bulk deepfaked IDs for sale to those who want the easy way.”

Biometric Update is not sharing the new URL, to avoid publicizing the fraud tool.

Even poor-quality fakes defeat weak defenses

Friedman says Au10tix’ researchers were surprised that the fakes sold by OnlyFake and its new incarnation were able to defeat various automated identity document verification platforms, and notes, “The hype is bigger than the quality of deliverables.”

“We ran a couple of their fakes on our double-layered defense system, and the first layer was enough to flag them on 4 different issues,” he explains. “We are aware that other ‘automated’ systems are actually human-supported. As you know, humans can detect only what humans can see, and deepfake technology is good enough to produce non-visible fakes that only proper automation can detect. So, at this point, no, it’s quite basic Gen-AI manipulation. We’ve seen much more professional AI-generated fraud, and fraudsters do get better fast.”

Businesses concerned about the threat of AI-generated spoofs should keep in mind that fraud protection systems vary significantly in quality, Friedman advises, and make sure they have a multi-layered defense. “Case-level and behavior-level, and make sure to count how many ‘check types’ are done,” he specifies. “Standard systems would be at 40-60 checks, and strong systems would be at 120-180 checks.”

Friedman notes that Au10tix’ biometrics and fraud protection technologies were developed for airport and border control applications where it must be assumed that fraud attempts may pass invisible to the naked eye.

Governments recognize the AI-generated fake ID threat’s magnitude, according to Friedman, but are somewhat hamstrung by the nature of regulation.

“The problem is that fraudsters, especially professional fraudsters, don’t really follow those rules,” he says. He does offer a suggestion for policy-makers, however: “What may be a good idea is for regulators to accredit solutions based on the level of defense they offer. They do that with hotels; why not with fraud-fighting?”

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Know your APAC digital ID regulations to take advantage of evolving market

One of the major trends in the digital identity landscape in 2024 has been the enactment of a series of…

 

Yoti facial age estimation helps Yubo build trust with users

Yubo, which bills itself as a “live social discovery platform,” has released a new case study showing how they have…

 

Ondato releases Age Verification Report as countries trend toward stricter regulations

Australia caused shockwaves when it approved a social media ban for under-16s a couple of weeks ago. The world-first law…

 

Denmark’s digital ID receives proximity check update

Denmark’s MitID digital identity system has received updates designed to boost the security of its app and prevent scammers from…

 

Nigeria tenders $83M digital identity system upgrade and MOSIP integration

Nigeria is planning to implement the MOSIP platform with its digital identity management system and upgrade its biometric capabilities with…

 

CyberArk IAM authentication FIDO2 certified

Identity cybersecurity company CyberArk has received FIDO2 certification for its access management product, confirming that it complies with the FIDO…

Comments

One Reply to “Au10tix researchers discover relaunched fake ID generation site OnlyFake”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events