Deepfakes have moved beyond doctored videos into a more insidious threat: automated camera injection attacks that overwhelm facial recognition at scale. Jumio warns that this shift, powered by AI, enables fraudsters to generate unlimited synthetic identities, pushing traditional verification systems to breaking point.
Speaking to Frontier Enterprise, Chief Product and Technology Officer Bala Kumar argues that enterprises, especially financial institutions, must overhaul how they approach identity verification if they are to withstand the next wave of attacks.
Assume the worst
“We must assume that cybercriminals will always use the best technology available,” Kumar warned, noting AI’s double-sided role as both ally and adversary.
He explained that threat actors continually evolve to bypass defences, whether through fake accounts, payment fraud, account takeovers, multi-accounting, or money laundering.
“The danger of cybercriminals using generative AI more effectively than defenders lies in the exponential rise of scams and the subsequent increase in financial losses. We’re already seeing signs of this regionally, with high-profile scams involving AI-generated voices, synthetic IDs, and deepfake videos targeting banks and government agencies. For example, in 2024 a deepfake-enabled cryptocurrency romance scam defrauded victims across Asia of more than US$46 million,” he said.
With deepfakes in particular, enterprises are beginning to understand their power.
“Attackers combine fabricated credentials with valid government-issued identity numbers and embed their photo on the ID to bypass selfie checks. Meanwhile, AI is also being used to mimic video and voice patterns with disturbing accuracy, right down to natural-looking mouth movements, making these attacks harder to detect,” Kumar remarked.
The 2025 Jumio Online Identity Study found that 43% of global consumers believe big tech firms should be responsible for stopping AI-powered fraud. By contrast, in 2024, 67% of consumers globally and 78% in Singapore doubted their bank’s ability to combat deepfake-based fraud.
“In this high-stakes environment, firms must fight AI with AI. This works in two ways: liveness detection, which checks for deepfakes as they are being used, and predictive analytics, which leverages AI’s analytical ability to detect fraud proactively,” Kumar explained.
Strategic defence
Staying ahead of cybercriminals requires more than adopting the latest tools. According to Kumar, enterprises need to apply these tools where they are most effective, which means continuously training AI models on real-world fraud signals across transactions, devices, locations, and behaviours. This helps detect subtle patterns that traditional rules or human analysts might miss.
“For instance, Jumio’s analysis found that 25% of fraud is interconnected, either perpetrated by fraud rings or by individuals using the same information or credentials. Organisations should pay more attention to how fraud rings might be targeting them, and find ways to minimise damage,” he said.
AI, however, should not be the only line of defence. Kumar stressed that cybercriminals are opportunistic, often seeking out the path of least resistance.
“We’ve seen many cases where they abandon an attack after encountering layered verification systems, only to resume their search for organisations with weaker safeguards. Using multiple verification methods significantly increases your chances of stopping them,” he said.
Fragmented view
Kumar observed that many enterprises operate with siloed identity and access management and compliance systems. This results in duplicated processes, inconsistent controls, and high costs, while also concealing risks due to the absence of unified identity insights.
“The biggest failure we see is fragmentation, without a unified view of identity signals, organisations fail to spot fraud patterns, allowing bad actors to exploit gaps between disparate systems. As a result, companies often react to problems after they occur instead of preventing them,” he said.
He explained that identity verification works best when information is consolidated into a central framework with real-time insights. This allows organisations to assess user risk more effectively and manage access consistently, while also supporting compliance requirements across different regions.
Kumar added that one of the biggest misconceptions about automation in compliance is that it is a “set it and forget it” solution, or that it’s a “silver bullet.”
“Many assume that once a process is automated, it will seamlessly adapt to new regulations or expand effortlessly into new markets. In reality, different countries have different rules and requirements, so compliance tools need to be flexible and adaptable. Automation helps speed things up, but companies still must continuously monitor local regulations and update their systems regularly to stay compliant as they expand into different regions,” he pointed out.
Another overlooked challenge is data management. Automating compliance tasks without linking them to legacy systems and disparate data sources creates silos, making it harder to detect and manage risks.
“Without strong data connections, compliance becomes complicated. Companies end up with disjointed compliance processes instead of a streamlined and efficient system,” he said.
Necessary friction
To counter threats such as deepfakes, biometric and behavioural data are increasingly important. They provide stronger protection against fraud while delivering a more intuitive user experience. Yet the balance lies in ensuring robust fraud controls without burdening legitimate users with unnecessary friction.
According to Kumar, some friction is necessary for security. For example, asking users to verify identity with a selfie or government-issued ID. However, these processes must remain as seamless as possible.
“The old methods of verification, such as asking for a name, address, and email ID, are no longer effective since these data sources are often compromised online. Risk signals consist of checks that confirm a person’s identity and assess whether they are suitable to do business with, and these signals help determine the right amount of authentication or friction at the right time,” he said.
Kumar added that in today’s rapidly evolving fraud landscape, consumers are increasingly open to spending more time on identity verification, especially in high-stakes sectors.
“These are sectors like banking and financial services, government services, and healthcare,” he noted.
