AISecurius
Sign InSign Up Free
blog
Bank of Communications White Paper Reveals the Attack Process of “Face-Swapping and Voice Cloning” Fraud

At the recent "Digital Intelligence Driving, Open Win-Win: Financial Technology Empowering High-Quality Financial Development" forum hosted by the Bank of Communications, the "AIGC Audio-Video Anti-Fraud White Paper"(Click here to download) was released. Li Zhaoning, General Manager of the Bank of Communications' Network Finance Department and Director of the Financial Technology Innovation Research Institute, provided a detailed interpretation of the white paper.

2024121305.png

The white paper, co-authored by the Bank of Communications, Dingxiang Technology, and RuiLai Intelligence, aims to systematically explore the risk challenges posed by AIGC technology applications, focusing on the audio-video fraud challenges faced by the financial industry, and providing reference for financial institutions to enhance their ability to detect and prevent AIGC fraud. The white paper elaborates on the attack risks, details, and security defense solutions of AIGC "face-swapping" and "voice-cloning," as well as professional multimodal AIGC audio-video anti-fraud technology.

The Rise of Audio-Video Fraud with AIGC

The rapid development of AIGC technology has brought unprecedented security risks to identity verification systems in the financial industry. Especially in widely used remote facial recognition and voiceprint recognition systems, black and gray markets have leveraged AIGC tools to carry out "face-swapping" and "voice-cloning" attacks, which have become a serious threat.

2024121315.jpg

AIGC "Face-Swapping" Attack:
Remote facial recognition systems are widely used in various financial services, such as account opening, credit card applications, and claims processing, as an identity verification method to ensure user security. The system workflow includes multiple steps such as face data collection, liveness detection, quality testing, and face comparison. However, black and gray market actors can easily create fake videos using AIGC tools. By customizing client ROMs or hijacking cameras, they inject counterfeit victim videos into the client during the face collection process. Through forged actions such as "blinking" and "shaking head," they bypass liveness detection, thus overcoming identity verification measures and launching an attack.

AIGC "Voice-Cloning" Attack:
Voiceprint recognition systems, as another identity verification method, also face challenges from AIGC. Voiceprint recognition works by collecting users' voice information and analyzing their voiceprint features to verify identity, commonly used in telephone banking and mobile financial services. Black and gray market actors can acquire victim voice samples, such as recordings from phone scams, and use AIGC tools to generate counterfeit audio. During the voice collection process, attackers can play back the fake audio to bypass the voiceprint comparison system, successfully launching an identity verification attack.

Both of these AIGC attack methods share a common characteristic: attackers use AIGC technology to generate highly realistic fake audio-video content, enabling them to carry out fraud without traditional identity verification methods. As AIGC technology continues to evolve, financial institutions urgently need to strengthen anti-fraud technologies, enhance system security, and adopt more stringent detection and prevention measures to ensure accurate and secure customer identity verification, thus addressing increasingly complex cybersecurity challenges.

Financial Institutions Need to Establish a Comprehensive Defense System

The "AIGC Audio-Video Anti-Fraud White Paper"(Click here to download)calls on industry enterprises to establish a defense system covering the entire lifecycle, all scenarios, and the full chain to respond to the complex threats posed by AIGC and safeguard the security of financial services.

  1. Multimodal AIGC Audio-Video Anti-Fraud Technology
    The technical defense system is one of the core elements in preventing AIGC fraud. Financial institutions should promptly adopt advanced multimodal audio-video anti-fraud technologies, integrating techniques such as audio-video forgery detection, device correlation analysis, and user behavior recognition to improve the accuracy and timeliness of fraud detection.

2024121308.jpg The white paper provides a detailed introduction to AIGC audio-video anti-fraud technology:

  • AIGC Video Detection: This technology analyzes inconsistencies in image segmentation and motion between frames in a video to detect forged video content. It can identify subtle anomalies in the video, such as distorted facial expressions or disjointed body movements, helping financial institutions effectively recognize counterfeit videos.
  • AIGC Voice Detection: Voice forgery is a common method in AIGC fraud. Fraudsters use deep forgery technology to imitate others' voices. Voice detection technology can effectively distinguish real speech from generated speech by identifying abnormal audio spectra and complex noise interference, thus preventing identity impersonation and fraud during phone or video calls.
  • AIGC Feature Correlation Analysis Based on Knowledge Graphs: This technology identifies and tracks potential fraudulent groups in AIGC-generated content. By deeply analyzing the connections and coordinated behavior of multiple fraudsters, it reveals their modus operandi. Combining graph computing and knowledge graphs, it can provide financial institutions with more comprehensive anti-fraud strategies to identify and combat cross-platform, cross-scenario fraud activities in real time.

This multimodal anti-fraud technology demonstrates its powerful anti-fraud capabilities in multiple financial service scenarios. In credit business, the system analyzes customer identity verification data, credit history, and social behaviors to prevent the risks of false information and forged identities, improving loan approval efficiency and accuracy while reducing the occurrence of non-performing loans. For credit card services, combining user consumption habits, transaction history, device fingerprints, and location data helps effectively prevent credit card fraud and identity theft. In the payment settlement domain, by analyzing transaction behaviors, device characteristics, IP addresses, and payment frequencies in real time, it can quickly identify and prevent fraudulent activities, reducing financial losses.

2. Strengthening Training for Financial Practitioners

Strengthening training for financial practitioners is crucial in addressing AIGC deep forgery fraud. It not only improves employees' ability to detect fraud but also helps financial institutions improve their risk management systems, reducing potential losses.

Firstly, training can significantly enhance practitioners' risk response capabilities. By systematically learning, employees can identify forged audio-video content, understand the basic principles of deep forgery technology, and recognize subtle signs of forgery in facial recognition and voice patterns, thus effectively preventing identity theft and financial losses. Additionally, training helps employees become proficient in using anti-forgery technologies, such as face-swap detection tools and audio detection tools, to promptly flag suspicious activities.

Secondly, training strengthens risk and decision management. Through regular training, practitioners better understand the risks of AIGC fraud and can implement strict verification measures in customer identity checks and transaction monitoring. Trained employees can identify potential risk signals and take timely actions, such as freezing accounts or conducting secondary verification, effectively reducing fraud losses.

Finally, training also enhances customer trust and institutional reputation. Trained employees can provide professional anti-fraud advice, address customer concerns, and improve customer satisfaction. Furthermore, training ensures employees comply with laws and regulations, guaranteeing that anti-fraud measures are compliant, thereby reducing regulatory risks and maintaining the financial institution’s public image.

3. Optimizing Legal and Compliance Management

Establishing a scientific management system is key for financial institutions to address AIGC audio-video fraud.

Firstly, financial institutions need to build a unified risk management framework, comprehensively assessing AIGC risks from prevention, monitoring, to emergency response, ensuring that all departments and personnel can efficiently address fraud threats. By integrating technology, process controls, and personnel management, financial institutions can cover the full lifecycle of risk management, enhancing overall anti-fraud capabilities.

Secondly, compliance is a critical component of responding to AIGC fraud. Financial institutions must ensure that their anti-fraud measures comply with data protection and privacy laws, taking legal action to hold perpetrators accountable and protect legal rights. As AIGC technology develops, financial institutions need to continuously update compliance management to ensure the effectiveness of anti-fraud measures.

Additionally, by integrating data across departments and systems, financial institutions can monitor customer transaction behavior in real-time and quickly detect potential fraud. The system can identify unusual activities, such as atypical login locations or large transactions, and trigger corresponding anti-fraud measures, improving detection and response capabilities. Real-time monitoring technology and intelligent decision engines can help institutions dynamically assess the authenticity of audio-video content and quickly identify forged content.

Finally, regular anti-fraud drills and simulation tests can improve emergency response capabilities, helping financial institutions identify vulnerabilities in their defense systems, optimize technologies and processes, and ensure efficient handling of actual fraud cases to reduce risks.

4. Improving the Legal System and Regulatory Mechanism

At the legal and regulatory level, it is necessary to improve relevant laws and regulations and strengthen enforcement against AIGC fraud to ensure that emerging risks from AIGC can be effectively addressed amidst technological innovation and development. Strengthening regulatory oversight is critical. Government regulatory bodies should establish stronger oversight mechanisms, tracking and reviewing the technological deployments of financial institutions to ensure the safety of financial services and prevent the misuse of AIGC technology.

Establishing inter-departmental collaboration mechanisms is also essential. A cross-departmental collaboration mechanism should be set up to strengthen rapid response and joint efforts in combating AIGC fraud cases in the financial industry.

The "AIGC Audio-Video Anti-Fraud White Paper"(Click here to download)is divided into seven chapters, covering the risks of audio-video fraud brought by AIGC, typical AIGC audio-video fraud attack methods, the impact of AIGC audio-video fraud on financial services, AIGC audio-video anti-fraud solutions, the implementation of AIGC audio-video anti-fraud technology, typical business scenarios, and outlook and recommendations.

2024-12-16
Go back to blog
blog
Detailed explanation of core algorithm of device fingerprinting
how do you make sure your identity is established and that you can't be easily stolen or copied?
2023-03-02
blog
AISecurius device fingerprinting: Provide support for risk control decision-making and model construction
Device fingerprinting collects information of the device, and then gives the device a unique identification, and uses association and similarity search algorithms to ensure the stability of the identification.
2023-03-02
blog
Roll with the punch, check out the application of dynamic material in the challenge-response of CAPTCHA
Intelligent non-cognitive verification, as the name suggests, is to allow trusted users to pass without verification.
2023-03-03
Products
Developers
Company
Legal
    facebookgithubreddit
Copyright © 2024 AISECURIUS, Inc. All rights reserved
Hi! We are glad to have you here! Before you start visiting our Site, please note that for the best user experience, we use Cookies. By continuing to browse our Site, you consent to the collection, use, and storage of cookies on your device for us and our partners. You can revoke your consent any time in your device browsing settings. Click “Cookies Policy” to check how you can control them through your device.