top of page

Deepfake eKYC May Pass Verification. Fraud Can Still Happen.

  • 8 Mei
  • 5 menit membaca

Diperbarui: 3 Jun

Deepfake Can Bypass eKYC: Why Observability Becomes a Critical Layer in Modern Fraud Detection

How Deepfake in eKYC Alter Identification Verification Process

Imagine a new bank account being successfully opened through a standard eKYC process.


The face is verified.

The identification document is valid.

The system considers the user legitimate.


A few weeks later, however, the security team discovers that the identity that passed verification was generated using a sophisticated AI-powered deepfake capable of bypassing the initial verification process.


This is no longer a hypothetical scenario.


According to a report from Signicat, a company focused on digital identity and electronic verification in Europe, deepfake-related fraud attempts increased by 2,137% over the last three years and now account for one in every fifteen fraud cases detected in the financial sector.


In many situations, fraud is only discovered after losses have already occurred.

And that is where the real problem begins.

The question is no longer:

Can the system verify an identity?

The more important question is:

Can the organization understand account behavior after verification has been completed successfully?


The Biggest Deepfake eKYC Blind Spot Appears After Onboarding

Most modern eKYC systems are designed to answer a single question:

Is this identity valid at the moment of verification?

However, modern fraud rarely ends at verification.

In many cases, suspicious activity begins after the system has already accepted the account as legitimate.


Common patterns include:

  • Logins from inconsistent devices

  • Transaction behavior that deviates from established baselines

  • Unusual API request spikes outside business hours

  • Abnormal access behavior

  • Sudden latency spikes on specific endpoints


Individually, each signal may appear insignificant.


When correlated together in real time, however, a much larger pattern begins to emerge.

This is where observability becomes relevant.



Modern Deepfakes Are No Longer Just Fake Photos

Today's deepfake threats extend far beyond manipulated images or simple videos.


Two of the most common approaches used in modern fraud include:

  • Deepfake eKYC Presentation Attacks

    Fraudsters use screens or external devices to display deepfake content in real time during identity verification sessions. This approach exploits weaknesses in passive liveness detection systems still used by some eKYC platforms.

  • Deepfake eKYC Injection Attacks

    Deepfake videos are injected directly into the verification workflow using virtual cameras or software manipulation.


In these scenarios, the video never passes through a physical camera sensor.

It is important to note that modern liveness detection technologies utilizing active challenge-response methods or 3D depth sensing are significantly more resistant to these techniques.


However, not all financial institutions have fully adopted these approaches.

According to Signicat, only 22% of financial institutions have implemented mature AI-driven fraud prevention capabilities.


The gap between evolving threats and organizational readiness remains substantial.



The Problem Is Not Just Fake Accounts

The biggest challenge is not simply when a fraudulent account is created.

The real issue begins when the system fails to recognize suspicious activity until the impact starts to spread.


In many cases:

  • Fraud is detected only after suspicious transactions increase

  • Account takeover has already occurred

  • Money laundering patterns have begun to emerge


At the same time, different teams often see only a fraction of the overall situation.

Infrastructure teams see latency spikes.

Application teams see increased error rates.

Security teams see unusual traffic.

Customers see failed transactions or unexpected account activity.

No single team sees the complete picture.



Observability Connects Disconnected Signals

Observability is more than another monitoring layer. In distributed environments, observability helps organizations understand relationships across telemetry data, including:

  • Logs

  • Metrics

  • Traces

  • Network activity

  • Application behavior


This approach provides teams with broader operational context regarding what is actually happening within their systems.


In post-onboarding fraud scenarios, observability helps organizations:

  • Understand relationships between anomalies

  • Analyze end-to-end system behavior

  • Accelerate investigations

  • Reduce blind spots across services


Observability does not replace eKYC.


Instead, it helps organizations understand operational consequences after onboarding has been completed successfully.



Why APM Is an Important Part of Observability

Application Performance Monitoring (APM) is often viewed primarily as a performance monitoring tool.


In modern observability practices, however, APM also helps teams understand:

  • How requests move across services

  • Which dependencies are creating bottlenecks

  • How latency propagates through the system

  • What behavioral changes emerge before incidents occur


In many fraud-related situations, performance anomalies may appear before explicit security indicators become visible.


Examples include:

  • Abnormal latency spikes

  • Changes in dependency patterns

  • Unusual request flows


Each of these signals can provide additional context that supports further investigation.



A Realistic Scenario Becoming Increasingly Common

Imagine a financial institution onboarding a new customer at 11:00 PM.

The identity passes verification.

The account is considered valid.


A few minutes later:

  • API requests begin to spike

  • Access patterns emerge from identical IP subnet ranges

  • Small transactions start occurring repeatedly within short intervals

  • Latency on payment services rises significantly above baseline levels


Viewed separately, none of these signals may appear critical.

When telemetry is correlated in real time, however, relationships between unusual activities become easier to understand.


This is not about detecting deepfakes directly.


It is about understanding the operational consequences of fraud before the impact expands.



Layered Security Is Becoming More Important

No single system can stop every modern threat on its own. That is why a layered security approach remains essential.


Layer 1 — Prevention

eKYC and liveness detection help verify identity during onboarding.


Layer 2 — Detection

Observability helps organizations understand anomalies, system behavior, and unusual activity patterns that emerge after onboarding.

Many organizations are complementing identity verification with broader monitoring and observability approaches to gain additional context about how accounts behave once they become active.


Layer 3 — Response

Operations and security teams respond to emerging signals through investigation and incident response processes.

Deepfakes may not always be prevented during the initial verification stage.

However, their operational impact can be understood and investigated before it grows into a larger incident.



How LMD and TrueWatch Help Financial Institutions

Modern fraud challenges require more than tools alone. Organizations need an operational approach capable of:

  • Connecting telemetry across systems

  • Understanding application behavior holistically

  • Reducing operational blind spots


Lintas Media Danawa (LMD) is an official implementation partner for TrueWatch in Indonesia.


TrueWatch is a full-stack observability platform that provides visibility into application performance, infrastructure telemetry, logs, and distributed tracing within a unified ecosystem.


This enables organizations to better understand application behavior, telemetry relationships, and service dependencies across modern environments.



Why Observability Is Becoming More Relevant in the Era of AI-Driven Fraud

AI-powered fraud techniques targeting identity verification systems will continue to evolve.

The question is no longer:

Can fraud be prevented completely?

The better question is:

How quickly can an organization understand that something is not behaving normally?

In modern systems, the biggest challenge is rarely a lack of data.

Instead, organizations often face:

  • Too many signals

  • Too little context

  • Slow understanding of relationships between anomalies


This is precisely why observability is becoming increasingly relevant for modern financial institutions.


This approach becomes even more valuable when identity verification solutions such as eKYC are combined with observability.

Identity verification helps determine who gains access to the system. Observability helps organizations understand what happens after access is granted. Together, these capabilities help organizations build broader visibility into operational risks and modern fraud scenarios.


Learn how observability can help financial institutions improve post-onboarding visibility and gain deeper insight into operational anomalies.

As an official TrueWatch implementation partner in Indonesia, LMD helps organizations build greater visibility into operational activity.


Contact LMD to discuss how observability and operational visibility can help your organization better understand post-onboarding activity and modern fraud risks.



 
 
bottom of page