Using Synchronous Multi-Modal Biometrics to Combat Deepfakes
What are Deepfakes
Deepfake is a broad term referring to an image or video that has replaced one person with another, usually through the use of AI and machine learning. Deepfakes have become more popular in recent years and have been used in deceptive marketing, politics, acting, and fraud. They are especially concerning in the security world as they can allow a fraudster to trick some voice or facial biometrics, giving them fraudulent access to secure information.
In a press release from Microsoft September of 2020, they stated that current systems only recognize deepfakes 65% of the time. They have also been utilized to copy the biometrics of high-ranking employees (such as the CEO or CFO) in an attempt to authorize fraudulent payments. A famous example of this happened last year when Nikkei lost approximately $29m after an employee received fraudulent instructions by a deepfake of a management executive.
Currently, biometric authentication and deepfakes are waging an AI arms race to see whose algorithms can thwart the other’s. As deepfakes get more sophisticated, authentication mechanisms must become more sophisticated in the hopes of catching fraudulent attempts. In combatting these new algorithms, biometric providers also run the risk of tightening security parameters to the point that users are unable to access accounts and are falsely rejected.
Asignio Synchronous Multi-Mode (SMM) Biometrics
In response to the arms race, Asignio designed a MFA solution utilizing two biometrics, measured simultaneously to detect liveness. Liveness detection in a biometric system determines if an authentication attempt is made from a legitimate human or an imposter.
Asignio’s unique SMM biometrics, utilizing both facial verification and a handwritten biometric signature, would require the attacker to fake the user’s face, react to the drawing they are doing on the screen, and simultaneously be able to reproduce the user’s unique biometric handwriting (not to mention additional risk parameters including trusted device requirements and geo-location tracking).
In addition to the facial verification and handwriting, Asignio has developed a second modality which pairs voice recognition with facial recognition. Utilizing the latest in voice authentication capabilities, including random word selection and ordering, the attacker must be able to dynamically match this random series of words and somehow insert the data onto the phone.
Asignio’s multi-mode biometric platform is best-in-class for combatting deepfakes. By combining synchronous biometrics, an attacker not only needs to match each of the individual biometrics, but also must successfully combine those metrics together. Attacking this combination of security mechanisms, even with sophisticated fraud attack vectors such as deepfakes, is extremely challenging and complex.
Yet to the customer, the combination of drawing their Asignio signature on the screen while looking at the phone for facial verification is incredibly natural. Asignio’s unique approach to security gives your customers a great user experience while keeping you safe from the most sophisticated fraud existing today.