Synthetic media technologies, including deepfakes, are challenging the reliability of digital identity verification processes, particularly in financial services where remote KYC relies on biometric signals. Enterprises must now address vulnerabilities across both human and non-human identities. In many large enterprises, machine identities now outnumber human users.
The Escalation of Deepfake Threats
Adversaries leverage accessible generative AI tools to produce convincing synthetic faces, voices, and documents, using identity deception as a primary attack vector. Contributing factors include proliferation of low-cost deepfake services, automation of high-volume synthetic submissions, and regulatory frameworks lagging AI capabilities.
iProov’s 2025 Threat Intelligence Report documents one financial institution facing over 8,000 biometric injection attacks in eight months, alongside sharp rises in face manipulation.
Mechanisms of KYC Evasion
Remote KYC depends on liveness detection to separate real biometrics from spoofs. NIST’s ISO/IEC 30107 standard categorizes deepfake tactics as:
- Presentation attack instruments (PAIs): Replay or live-altered media shown to the capture device.
- Injection attacks: Synthetic media fed directly into the processing pipeline.
Industry fraud reporting from Entrust and Onfido indicates deepfakes were responsible for roughly 40% of observed biometric attack attempts in 2024, at rates nearing one every five minutes.
Non-Human Identities as an Amplifying Risk
Non-human identities such as service principals, API credentials, and automated workloads dominate enterprise environments. They often carry excessive privileges with inadequate governance, enabling post-breach persistence. Deepfake-enabled initial access frequently transitions to machine identity abuse.
Evolution in Privileged Access Management
Legacy PAM focused on credential vaulting. Current needs call for dynamic, cloud-native authorization. Delinea’s proposed StrongDM acquisition illustrates this shift, combining secure storage with policy-based, short-lived access for all principals.
Comparative Risk Profile
| Category | Human Identities | Non-Human Identities |
|---|---|---|
| Principal Threats | Phishing, biometric spoofing | Credential compromise, privilege escalation |
| Credential Types | Multi-factor authenticators | Long-lived tokens and certificates |
| Governance Challenges | Centralized policy enforcement | Distributed ownership across teams |
| Deepfake Exposure | Remote verification bypass | Automated process hijacking |
Recommended Mitigation Strategies
Key practices from NIST, iProov, Gartner, and vendor research:
- Multi-signal verification: Layer biometrics with device and behavioral signals.
- Certified liveness: Use ISO 30107 Level 2 validated detection for injection resistance.
- Identity inventory: Catalog non-humans, enforce least privilege, automate credential rotation.
- Just-in-time elevation: Policy-gated, time-bound access grants.
- Regulatory vigilance: Track emerging deepfake guidance from standards bodies and financial regulators.
Security teams report higher resistance to these attacks when behavioral biometrics are combined with real-time monitoring of machine identities.
As deepfake capabilities advance and machine identities proliferate, identity security must move from one-time verification to continuous assurance.
Sources
- iProov 2025 Threat Intelligence Report
- Entrust and Onfido Identity Fraud Reporting
- NIST ISO/IEC 30107 Biometric Presentation Attack Detection Standard
- Delinea and StrongDM Identity Security Statements
- Gartner Identity and Access Management Research
