A rise in fraud continues to plague the insurance, banking, retail, telco and gaming sectors, with so-called “shallowfakes” now being highlighted as a growing threat alongside more sophisticated “deepfakes”.
While deepfakes require AI to create realistic but synthetic still or video images or voice recordings, shallowfakes can be created easily and quickly using regular software, such as PhotoShop.
“The accessibility of tools to modify documents – from IDs, utility bills and bank statements through to photographs, contracts, invoices, purchase orders and salary slips – means that it is becoming easy for fraudsters to make changes to documents and images at speed and on scale,” says fraud and cybercrimes thought leader, Clive Gungudoo, MoData’s director of financial crimes and risk management.
Why the rise in shallowfakes?
Document fraud has always been around, but it is the scale of the problem that is unprecedented.
“Numerous factors have contributed to the rise in document fraud, particularly the increase in self-service automation,” says Gungudoo. “With the digitalisation of the insurance and banking industries, hard copies of documents are rarely required as organisations now rely on existing and new customers to either send digital documents and images via email, or to upload them themselves using the organisation’s online portals.
“The Covid-19 pandemic accelerated self-service across many industries through necessity, and customer on-boarding is now largely done online rather than in person.”
This significantly increases the opportunities for fraudsters to alter and manipulate documents digitally prior to upload. These fraudsters tend to use ‘synthetic identities’ – a mix of fake, stolen or data-breached personally identifiable information (PII) that check out with third party data sources.
“This modus operandi sees criminals using ‘mules’ – real people with real identities – to bypass secure biometric and identity verification during remote onboarding and account opening,” says Gungudoo. “The uploaded digital documents are generally not checked during the automated online processes, allowing fraudsters and money launderers to get through the compliance gates.”
He says the cost-of-living crisis also plays a big part in the rise of opportunistic fraud. “Simply put, when people are under financial pressure, they are more likely to tamper with invoices and supporting documents to, for example, inflate an insurance claim or to secure loans and financing. In personal or business circumstances, they might operate with complete fraudulent intent and falsify electronic bank proof of payment advices in exchange for goods and services, a tactic also used by large-scale fraudsters.
“Similarly, opportunistic occupational fraud is increasing. Often in these cases procurement invoices are forged, amounts are inflated, and payments are made to personal accounts of staff or family members.”
Gungudoo says that in large-scale fraud operations, document forgery is prolific, particularly in relation to invoice redirect scams and business email compromise (BEC) fraud. “In these cases, fraudsters intercept invoices and change the banking details before they are sent for payment processing. The electronic payment then ends up in mule accounts controlled by the fraudsters.”
Using AI to detect shallowfakes
Traditionally, document authenticity checks have been conducted manually, but the subtlety of shallowfake alterations is not easy to detect with the naked eye.
The solution? AI-powered detection.
As Gungudoo points out, while AI is not needed to create shallowfakes, it is extremely useful in detecting them – a service MoData offers to its customers to counter next-generation fraud and money laundering, where growing mule accounts are at the centre of facilitating financial crimes.
The cost of inaction in the fight against document fraud is high, with organisations facing huge financial losses, as well as reputational damage. As Gungudoo points out: “AI-powered document-fraud detection is both a necessary and cost-effective defence against fraudsters – it is essential to have it in place to future-proof your business.”