From finding creative recipes or drafting business emails to creating images for a small business’s social media posts, generative artificial intelligence (GenAI) tools like ChatGPT and Midjourney are rapidly becoming a part of our daily lives. But along with its many legitimate uses, we’re seeing financial criminals putting GenAI to work for nefarious purposes such as identity theft or impersonation of legitimate users.
The wide availability of data such as email addresses, phone numbers, and passport photos on the dark web, paired with GenAI, is taking ‘deepfakes’ to new levels of sophistication. Bad actors such as money launderers, fraudsters, and financers of terrorism and organised crime are ready to exploit the technology to bypass anti-money laundering (AML) and know your customer (KYC) processes.
Criminals could use GenAI to generate synthetic identities with photos, videos, and documents that appear authentic. They could use deepfake videos or voice clips to trick biometric verification systems during onboarding or two-factor authentication. AI-generated ID documents (e.g., passports or driver’s licenses) could even bypass basic visual checks if an institution lacks robust document fraud detection.
GenAI is testing the very foundations of how we prove who we are, but tackling identity verification and safety on a global scale is complex. Closer collaboration between banks, regulators, agencies and governments is vital to combat AI-driven identity fraud and enforce AML/KYC regulations. Effective investigation and prosecution start with shared intelligence and modernised ID systems.
This is why regional practices for customer and national identity verification and data privacy are so essential. In South Africa, the Department of Home Affairs (DHA) has reformed ID practices since 2000 in line with the World Bank’s Identification for Development (ID4D) initiative. ID4D shares expertise around digital identification systems for safety, inclusion, and responsible governance between businesses and governments.
Initiatives such as ID4D have laid the groundwork for secure holdings of birth, death, and other civil documentation and the implementation of biometrics (using the Automated Fingerprint Identification System or AFIS). Robust identification, in turn, underpins a trusted environment for provision of financial services as well as access to social programmes such as healthcare and social grants.
Digital identity under threat
With the world rapidly moving online, ID verification has followed. GenAI has added new layers of complexity to ID governance in a digital world. As we have recently seen in South Africa’, the DHA’s proposed price hike for live ID verification enquiries has faced opposition from critics who believe it could hold back choice, competition and inclusion in the financial services sector.
If implementing AML compliance for customer onboarding and transaction monitoring becomes an expensive and exclusive privilege, this impedes the financial inclusion vision towards which South Africa is working. There is a fine balance we need to strike between strict AML/KYC regulation and the costs of compliance if we are to create conditions for innovation and affordable, inclusive financial services products.
This only reinforces the need for an ecosystem of close cooperation and product development between regulators, technologists, government bodies and financial services. Striving to protect consumers and maintain accountability is paramount. Modern RegTech tools can help the sector to keeping customer registration, money transfers, and basic banking necessities affordable to all.
Indeed, it is clear that traditional rules-based systems and manual KYC checks are no longer sufficient. Financial institutions must adopt AI to fight AI, using deepfake detection, anomaly detection, and adversarial testing. They should also strengthen biometric checks with liveness detection and implement continuous KYC to flag changes in behaviour or identity over time.
It is not simple to find a middle ground in GenAI debate: on one hand, heavy surveillance, on the other, the delegation of the responsibility of solving identity verification challenges to other players. Concrete, proactive measures on the regional and global levels from all parties is the key to finding workable IDs that address the threats GenAI poses to the very idea of personal identity.
