Identity verification industry mulls solutions to flood of synthetic IDs

The advent of AI-powered generators such as OnlyFake, which creates realistic-looking photos of fake IDs for only US$15, has stirred up the ID verification and authentication industry. The availability of cheap and convincing fake documents brings real dangers – not just of fraud but also to national borders – and is prompting experts working in the field to come up with solutions.

“Looking at documents to see if they are real in a remote setting, I would say that’s impossible and our tests show that as well,” says Wil Janssen, co-founder of Inverid, the company behind identity verification solution ReadID. “It’s very easy to get through many of the tools that say that they can detect a fake identity.”

Janssen talked about countering document spoofing and detecting synthetic IDs alongside Jens Mayer from the Centre for International Fraud Prevention in a webinar organized by trade publication KYC AML Guide.

In synthetic identity theft, the criminal combines stolen personal information with fabricated details to create a completely new identity. This fake identity can then be used to obtain loans open bank accounts and apply for credit cards. Digital injection attacks are used to serve fake data to identity verification platforms.

During the webinar, Janssen and Mayer discussed solutions such as training AI to detect abnormalities and introducing physical security measures such as NFC and chips which can be more difficult to replicate.

Is KYC in danger?

Other industry specialists point out that KYC providers may be more disadvantaged in their fight against AI-generated fake documents than official authorities such as the police.

“Police or other state entities can almost always directly access ID records, but those systems don’t give third parties easy access to their database—partly out of privacy concerns,” writes Wayne Chang, co-founder and CEO of SpruceID.

Verification systems, including KYC vendors, on the other hand, are likely to rely on third-party data brokers for valid matches or check whether ID numbers are valid based on patterns used by issuers.

“This would make such systems particularly vulnerable to AI fakes since detecting and reproducing patterns is where generative AI shines,” Wang writes for Forbes.

A solution could be a digital ID that can resist copying from generative AI programs, such as those with digital credentials that include cryptographic security schemes. The cryptographic attestations use unique codes as long as 10 to the 77th power which makes it impossible for AI to emulate.

Concerns around digital IDs still exist, including those over data collection and protection challenges, potential surveillance and the risk of increased fraud. But solutions exist, including binding digital IDs to physical devices using security chips known as secure elements.

“This makes digital IDs much harder to steal than just copying a file or leaking a digital key from your cloud storage,” Wang concludes.

Article Topics

biometrics  |  digital ID  |  document verification  |  identity document  |  identity verification  |  Inverid  |  KYC  |  SpruceID  |  synthetic identity fraud