Opening a bank account today can take only a few minutes. Customers upload an identity document, record a selfie or short video, and complete a digital Know Your Customer (KYC) check without visiting a branch. The process has made banking more convenient, but it also depends on one key assumption: that a face, a voice or an official identity document is enough to prove someone is who they claim to be.

 


According to Check Point Research’s AI Security Report 2026, that assumption is beginning to weaken.

 


Advances in generative artificial intelligence (AI) now make it possible to create convincing fake faces, voices, identity documents and even live interactions, making it increasingly difficult for digital identity verification systems to distinguish genuine users from fabricated ones.

 
 


The report warns that AI is no longer just helping cybercriminals automate attacks. It is also challenging the mechanisms organisations use to establish trust online.

 


“Identity has become a broken trust anchor,” said Jayant Dave, Asia-Pacific chief information security officer (CISO) at Check Point Software Technologies.

 


He said even trained experts correctly identified AI-generated faces only 41 per cent of the time, while the success rate for the general public was about 30 per cent. The findings illustrate how difficult it has become to distinguish real identities from AI-generated ones.

 


AI is reshaping identity fraud

 


Over the past year, Check Point researchers observed AI evolving from a tool that merely assisted attackers into an active participant in cyber operations.

 


From helping develop malware and supporting live intrusions to accelerating identity fraud, AI is now integrated across multiple stages of the attack chain.

 

The report also highlights that cybercriminals are increasingly abusing mainstream AI models such as ChatGPT, Google’s Gemini and Anthropic’s Claude by working around their safety guardrails.

 


Instead of relying on specialised criminal AI tools, attackers break malicious requests into smaller, seemingly harmless prompts to generate code, conduct reconnaissance or create phishing lures.

 


According to Check Point, despite the availability of self-hosted and underground AI models, most attackers continue to prefer commercial AI platforms because they are more capable and easier to use.

 

For the banking, financial services and insurance (BFSI) sector, this creates a unique challenge because digital identity underpins almost every customer interaction.

 


Whether opening a savings account, applying for a loan or registering for a digital wallet, financial institutions rely on remote verification to establish trust.

 


If attackers can convincingly imitate legitimate users using AI, the effectiveness of these safeguards begins to erode.

 


Unlike traditional identity fraud, which largely relied on stolen credentials, forged documents or phishing attacks, AI enables criminals to generate realistic identities from scratch.

 


This shifts the challenge from stealing existing identities to creating synthetic ones that appear genuine enough to fool automated verification systems.

 


Why digital identity verification is becoming less reliable

 


Banks and fintech firms have spent years investing in facial recognition, document authentication and liveness detection to reduce fraud while making customer onboarding faster.

 


These systems were designed to confirm that the person submitting an application is physically present and matches the identity documents provided.

 


According to the report, advances in generative AI are making that task increasingly difficult.

 


AI models can now generate realistic faces, clone voices and manipulate images and videos with a level of sophistication that challenges conventional verification methods.

 


Rather than attacking banking systems directly, cybercriminals are increasingly targeting identity checks, which form the first line of defence.

 


Check Point argues that this marks a fundamental shift in how organisations should think about digital trust.

 


The report says identity itself is becoming an attack surface, requiring businesses to reassess how they verify customers in an era where AI can convincingly imitate human characteristics.

 


As digital onboarding expands across the BFSI sector, ensuring that an online customer is genuinely who they claim to be is becoming one of the industry’s biggest cybersecurity challenges.

 


AI-generated identities are becoming easier to create

 


Unlike traditional identity fraud, which depended on stolen credentials or forged documents, AI now allows attackers to create convincing fake identities using synthetic faces, cloned voices and fabricated identity documents.

 


The report says this is turning digital identity into a new attack surface.

 


Citing the OnlyFake case, Dave said the operator admitted selling more than 10,000 AI-generated fake identity documents across the US and about 56 other countries, enabling users to pass KYC verification at banks and cryptocurrency exchanges.

 


He said the case illustrates how generative AI is making identity fraud easier to scale.

 


Dave also pointed to tools catalogued by the World Economic Forum’s Cybercrime Atlas that are specifically designed to defeat remote identity verification.

 


These tools can swap fake faces into verification sessions, inject fabricated video feeds into cameras or exploit stolen facial biometrics to bypass facial recognition systems.

 

“These examples illustrate that when identity verification depends primarily on photos, scanned documents, or selfie videos, AI-generated content can significantly undermine the reliability of those checks,” he said. 

 


The threat goes beyond fake identities

 


The report also raises concerns about the growing misuse of biometric information.

 


Researchers noted that malware campaigns are increasingly harvesting facial biometrics, creating the possibility that attackers could combine stolen biometric information with AI-generated content to defeat identity verification systems.

 


Unlike passwords, biometric traits cannot simply be changed once compromised, making such attacks potentially more difficult to recover from.

 


The report also points to underground marketplaces where AI-generated or fraudulently verified accounts are advertised for sale.

 


Instead of creating fake identities from scratch, cybercriminals can purchase accounts that have already cleared KYC checks, allowing them to bypass one of the biggest barriers to financial fraud.

 


According to Check Point, verified bank, fintech and cryptocurrency accounts are being traded on platforms such as Telegram.

 


Why the BFSI sector faces growing risks

 


For banks and financial institutions, these developments raise difficult questions about the future of digital onboarding.

 


Remote KYC has become central to expanding financial inclusion and improving customer convenience, but the report suggests AI is steadily eroding the reliability of the signals these systems rely on.

 


The challenge extends beyond preventing fraudulent account creation.

 


Financial institutions must also consider how AI-generated identities could be used for money laundering, mule accounts, account abuse and other financial crimes that depend on successfully passing identity verification during onboarding.

 

As AI tools become cheaper and more widely available, the report warns such attacks are likely to become more scalable and harder to detect. 

 


Why digital trust needs to evolve

 


For years, digital identity verification has relied on a straightforward assumption: if a person’s face matches their identity document and they complete a liveness check, they are who they claim to be.

 


According to Check Point Research, that assumption is becoming increasingly fragile as generative AI can now produce convincing faces, voices and identity documents.

 


“The broader takeaway is that identity can no longer rely on a single trust signal,” Dave said.

 


“As the report notes, a voice, face, document, or even a live interaction can now be convincingly faked. This is why identity verification increasingly needs multiple layers of validation, including trusted secondary channels, secure digital credentials, and stronger live verification mechanisms that are harder to spoof.”

 


The report also urges chief information security officers (CISOs) to treat AI-enabled identity fraud as an ongoing business risk rather than a one-time security issue.

 


It recommends continuously assessing whether existing security controls can withstand AI-powered attacks, strengthening governance through clear policies and real-time monitoring, and evolving cybersecurity strategies alongside AI adoption.



Source link

YouTube
Instagram
WhatsApp