FB pixel

Identity’s role in the deepfake dilemma

Adopting a multifaceted approach to identity authentication in a ‘trust nothing’ era
Identity’s role in the deepfake dilemma
 

By Patrick Harding, Chief Architect, Ping Identity

Our identity is under attack now more than ever, due in large part to the rapid adoption of artificial intelligence (AI). One form of identity fraud that has skyrocketed over the past year is deepfakes, or synthetic media that has been digitally manipulated to impersonate a person. These fraudulent impersonations can take many forms, including text, video, audio, and social media-based deepfakes, and as they continue to be successful, we can expect additional channels to be added to the alarming mix.

Deepfakes are not necessarily new, having been floating around the internet since 2017, but lately, they have gone beyond impersonating celebrities and public figures to now getting more personal, targeting the C-suite across nearly every industry – from retail to healthcare and beyond. For example, recently, a finance employee was tricked into paying a whopping $25 million to fraudsters who used video deepfakes impersonating his chief financial officer.

Making matters worse, Pew Research recently found that less than half of Americans know what a deepfake is, creating even higher success rates for cybercriminals looking to nab their next victim. Perhaps equally concerning is that according to KPMG, 80 percent of leaders believe deepfakes pose a risk to their business, yet only 29 percent say they have taken steps to combat them.

The first step to addressing the deepfake dilemma is by raising awareness and staying proactive against the threat. But just how (and where) should organizations start? Let’s explore.

A winning pair: The role of passive and active identity authentication

In order to properly combat deepfakes, organizations must take a multifaceted approach to identity authentication. For example, despite biometrics being a strong login option, one sole mode of authentication – like a fingerprint or facial recognition – is simply not enough to protect against today’s motivated, sophisticated fraudsters. You need multiple factors of authentication to win the fight, without interrupting the user experience.

This is where passive authentication, specifically passive identity threat detection, methods play a major role. Working in tandem with active authentication which is more forward-facing to an end user, passive identity threat detection is a critical layer working in the background, with its main focus being to identify potential risk. The technology is able to shift into alternative verification options – like a push notification confirming location or device usage – when a suspicious login or behavior is detected. Instead of layering on more authentication, passive identity threat detection alerts the end user (and the organization, if applicable) of what’s going on, stopping any potentially fraudulent activity from occurring from the onset.

A ‘trust nothing’ era: The role of explicit and implicit trust in identity

Implicit trust, or trust as we once knew it, is fading away as deepfakes compromise the identity authentication process. We can no longer trust anything we hear or see, even if it seems extremely realistic and accurate.

As deepfakes are being used to socially engineer victims, channels like voice, images, and video are being used over unauthenticated channels. For example, an employee may get a Zoom call from their organization’s CEO, asking to reset a password or send them money for an urgent payment. Typically, this employee would implicitly trust their boss, but because of deepfakes, we now need a secondary method of authentication to validate that what you’re seeing and hearing is real and trustworthy.

Explicit trust is the act of sending a text message, push notification, or other credential check out of the network band to verify the recipient of the message. Of course, this doesn’t have to be done all the time, but when a request is being made – like sending money or clicking on a fraudulent link – then explicit trust must rise to the forefront for adequate deepfake protection. We like to call this the “trust nothing, verify everything” era, where nothing can be perceived as real until it’s authenticated.

AI for good: Fighting deepfakes with emerging technologies

Of course, the emergence of AI also has its benefits, and can be used to help combat deepfakes – fighting bad AI with good AI, so to speak. In order for deepfakes to decrease, we need to better hardness the additional, emerging technologies that are helping to detect deepfakes. These include technologies like image insertion detection, where you can see if an image was manually or falsely added to the mode of communication, or audio detection, granting users the ability to see if an audio file was not created synthetically. In time, we’ll see additional generative AI-based deepfake prevention methods arise, but for now, organizations are urged to use emerging technology capabilities to their advantage – much like the cybercriminals are doing on the opponent’s side of the AI battle.

We are at a critical societal crossroads of AI being used for both good and bad – and human identity is right in the center of this technology tug-of-war. It is being instilled with distrust and put at major risk.

As with any cybersecurity threat, leaders need to try to stay one step ahead of attackers. To cite the common saying, the best offense is a good defense. This also applies to deepfakes — the more organizations can prepare for the worst, the better they will be positioned to protect against the emerging attacks of tomorrow. We must remain vigilant and aware of the tactics that are being used, and combat them with a multifaceted approach to identity verification.

About the author

Patrick Harding is Ping Identity’s Chief Product Architect.

Related Posts

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Biometric authentication invaluable, set to further enhance security in Africa

A webinar held during the Digital ID Hackathon for Africa organized by Upanzi Network and Microsave Consulting in partnership with…

 

Low birth registration, high cost hinder access to legal ID in Sub Saharan Africa

While the need for legal and digital ID remains ever pressing as a result of the digital transformation wind blowing…

 

Saudi Arabia’s Absher digital identity for financial inclusion and transactions

The Absher platform in the Kingdom of Saudi Arabia has emerged as the core pillar of the country’s efforts towards…

 

Malawi begins biometric voter registration pilot to test new system

A trial voter registration process will begin in Malawi tomorrow September 13 to put the country’s new Electoral Management Device…

 

Biometrics pilots, launches and investments foreshadow next areas for growth

Biometrics pilots, a patent, predictions and acquisitions paint a picture in the most popular news items of the week on…

 

Biometrics firms pitch privacy in age assurance ahead of US court battle

The U.S. is facing its first constitutional debate connected with age verification in 20 years: The Supreme Court will have…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events