Better Identity Coalition partners on gen-AI fraud threat mitigation guidance

Across banking, fintech and crypto, fraud is ramping up, costing financial institutions significant losses. A new public-private initiative co-chaired by the Better Identity Coalition and the American Bankers Association (ABA) aims to help tackle the problem.

The Financial Services Sector Coordinating Council (FSSCC) has published two new joint publications on how to tackle the problem of identity fraud tactics enabled by generative AI. The council convened senior executives from financial institutions, federal and state financial regulators, and security experts to collaborate on what they call “playbooks” for how to fight AI-enabled identity fraud.

In a post published on the blog of the Center for Cybersecurity Policy and Law, Better Identity Coalition Coordinator Jeremy Grant and Zack Martin of Venable LP outline the work, to which more than 130 experts contributed, and which is a deliverable under the FSSCC’s Artificial Intelligence and Identity and Authentication Workstream (AI-IA).

As AI threat evolves, so must mitigation

The first paper, “Mitigating AI-Powered Attacks Against Identity and Authentication,” focuses on the attacks generative AI has enabled on financial institutions, and “details specific tools those institutions can use to detect and stop those attacks,” including biometrics and liveness detection, with strategies for organizations at every level.

It identifies three current and emerging primary attack vectors: deepfake-driven social engineering and impersonation, synthetic identity creation, and AI agents as attack surrogates.

“This paper underscores the urgency for financial institutions to adopt advanced mitigation strategies to address these evolving threats,” it says. “As these AI threats evolve, mitigations must evolve as well. There is no single solution for attack mitigation; rather, FIs need to pull a series of levers to protect institutions and consumers from these attacks.”

Governments have a big role to play

The second paper is a companion piece aimed at governments, “Recommendations for Policymakers: Mitigating AI-Powered Attacks Against Identity and Authentication.” It makes two primary recommendations.

First, governments need to update rules governing how financial institutions verify the identity of new customers, and how they authenticate customers signing into their accounts online. This is necessary “for FIs to feel comfortable in embracing newer tools such as passkeys or mobile driver’s licenses (mDLs) that can thwart Gen AI-powered attacks.”

Second, governments need to work harder to help close the gap between physical and digital credentials.

The paper includes 20 distinct actions for policymakers and regulators, spread across four key initiatives, which advocate for the development and deployment of next-generation remote identity proofing and verification systems, strong authentication, coordination among countries to harmonize requirements, and better education about emerging threats and best practices.

GENIUS Act prompts moves on digital identity verification

Grant and Martin also point to a new report to Congress from the Treasury department on “Innovative Technologies to Counter Illicit Finance Involving Digital Assets.” The report responds to requests in the GENIUS Act, which tasks Treasury with crafting recommendations on new legislative and regulatory proposals, with a focus on digital identity verification.

In the report, Treasury pledges to issue guidance to FIs on how they can use verifiable digital credentials in existing customer identification programs. It will explore working with Congress on legislation to “incentivize the development and integration of digital identity tools aimed at countering illicit finance.”

Partnering with the National Institute of Standards and Technology (NIST) and international partners, it will work on promoting common guidelines for the use of digital identity tools across jurisdictions.

And it will “work with Congress on ways to better enable third-party service providers to conduct identity verifications and issue verifiable digital credentials that can be accepted by financial institutions to fulfill elements of customer identification and verification requirements.”

“At a time when criminals and hostile nation-states are leveraging AI-powered deepfakes to convincingly spoof photos, videos, and voices, companies need concrete, actionable recommendations on how to address these threats to best protect consumers from identity theft and fraud.”

Article Topics

Better Identity Coalition  |  fraud prevention  |  generative AI  |  identity verification  |  NIST  |  regulation  |  verifiable credentials