Tag: FRAUD
Businesses need biometric orchestration to handle AI fraud, system complexity: Aware
The need for biometric orchestration is nearly universal among businesses using biometrics as they attempt to mitigate the surge in AI-driven fraud, according to a new survey from Aware.
The company’s 24-page report on “The State of Biometric Security in the Age of AI Fraud” shows 98 percent of businesses aligned on that necessity. They are motivated by the frequency of AI-driven fraud attacks, with nearly 50 percent experiencing them within the past year and nearly 90 percent concerned about such attacks targeting their biometric systems. More than half say they lost revenue due to fraud incidents involving AI, including deepfakes, synthetic identities and biometric injection attacks. Nearly as many see such attacks causing damage to their brand and reputation.
Aware surveyed 500 leaders at companies with 50 or more employees using biometrics in the U.S., UK and Brazil to compile the results.
Three-quarters of those surveyed already use biometrics or liveness detection in their fraud prevention strategies, including over 60 percent who use biometrics specifically to prevent identity fraud.
Businesses need to orchestrate these biometrics due to system complexity, which in turn is illustrated by the average use of three biometrics vendors by each business. Nearly 40 percent have multiple biometrics vendors, and nearly 40 percent have either 4 or 5.
More than half annually spend between $138,000 and $688,000 on biometrics to combat fraud, but more than a third spend between $688,000 and $1.4 million per year.
“Organizations are no longer asking if they need biometrics — they’re already managing complex ecosystems and asking how to make them work together,” says Ajay Amlani, CEO of Aware. “Biometric orchestration is emerging as the critical layer that helps security teams stay ahead of AI-driven threats while maintaining performance, accuracy, and user experience. It turns complexity into an advantage by enabling smarter, faster identity decisions.”
Regulatory compliance is another motivating factor, with more than 95 percent seeing a benefit to using biometrics in that area. The second most commonly-seen benefit of biometrics adoption is not preventing fraudulent account creation (58.6 percent), but reducing employee login and MFA fraud (64 percent).
“Deepfakes and AI-powered attacks are fundamentally changing how identity can be manipulated,” says Maxine Most, CEO of The Prism Project, in the company announcement. “To keep pace, organizations must rethink how identity is secured and invest in intelligent systems. Biometric orchestration is a critical layer that brings those systems together into a cohesive, effective defense.”
The Prism Project hosted the Deepfake Summit last month to convene stakeholder in biometrics, digital identity security and deepfake protection.
The report also highlights the importance of independent technology validation, quoting BixeLab CEO Ted Dunstone on the topic. Aware passed a Level 3 biometric liveness detection evaluation by BixeLab in February.
GenAI fraud makes zero-knowledge proofs non-negotiable
By Jarek Sygitowicz, Co-Founder and Chief Strategy Officer of Authologic
By now it’s something of a cliché to say the rapid rise of generative AI has fundamentally changed the threat landscape of the internet.
Nevertheless, it has, and the point bears repeating. Synthetic identities, deepfakes and AI-generated documents are no longer edge cases but the go-to tools of fraud. The more convincing generative models become, the faster they sideline traditional methods of digital verification like uploading photos of IDs, sharing personal data or performing visual checks.
The more data people share, the more material fraudsters have to exploit. Identity verification methods still depend on oversharing. Few flaws are more pressing.
Zero-knowledge proofs (ZKPs) offer a way out of this trap. Instead of asking users to reveal sensitive information to prove eligibility, ZKPs allow them to prove a fact about themselves without disclosing the underlying data. When AI can fabricate a face or a document, a photo becomes largely useless as a verification method.
More than that, ZKPs limit data exposure. Once viewed as a privacy improvement, data minimisation is now a security imperative.
Oversharing as a systemic vulnerability
Most online verification flows today unintentionally collect hordes of unnecessary information. Age checks often require a full photo of a government-issued ID, collecting addresses, height and weight, and eye color in the process. Address verification exposes home locations. Identity checks routinely capture names, document numbers, and biometric images, all stored beyond the reach and control of the end user.
When fraud required human effort and manual forgery, this model provided adequate protection. GenAI has made this model dangerously outdated almost overnight. A single leaked ID image can be reused and altered at scale. AI systems trained on real documents can generate convincing counterfeits that outpace any human review process.
The more data a platform collects in the name of safety and compliance, the larger its attack surface becomes. This paradoxical situation is begging to be fixed.
Provable facts are the new identity
Zero-knowledge proofs flip the logic of verification. Instead of asking “Who are you?” they ask “Is the specific claim you are making true?”
Wallets with zero-knowledge technology provide cryptographic answers to simple yes-no questions like ‘Does this person live in the UK?’ or ‘Is this person over 18?’ No exact birthdate or address is given; no document image changes hands. The verifier learns only what it needs to know.
Apple, Samsung and Google wallets now verify age or identity attributes via mobile driver’s licenses (MDLs) and digital IDs. The increasingly widespread use of MDLs, already live in 20 U.S. states, is evidence this approach is moving from theory into practice. A user authenticates locally, often with biometric verification like Face ID and the wallet generates a proof that satisfies the request. The relying party never views the underlying credential.
Even GenAI has its limits. It can indeed forge an image, but it can’t fabricate a cryptographic proof tied to a government-issued credential without access to the wallet itself.
How Spain’s age verification laws could popularise ZK proofs
ZK-based verification introduces a different compliance model that reduces liability, which may prove critical as more age verification laws come into effect. Earlier in February, the Spanish government publicly announced plans for a nationwide ban on social media for children under 16. Enforcing it would require digital verification checks.
Using ZK proofs, adults in Spain could access social media sites without uploading any real data to a given platform. Since it never receives the full identity data, that platform cannot leak it or fail to protect it. A hacker can’t access actual personal data, just a useless set of binary confirmations. Verification, long an extended data custody problem, is now a momentary cryptographic interaction.
In and beyond Spain, age verification can and should rely on ZK proofs. Asking users (especially minors) to upload identity documents creates serious ethical and security risks. Proving age without revealing identity resolves this tension.
For the first time in digital history, trust online depends less on visual evidence and more on cryptographic certainty. Photos, videos and documents are becoming unreliable signals in the age of GenAI. No more holding up three fingers and nodding your head for a live selfie. Verifiable credentials and zero-knowledge proofs are becoming the new anchors of trust. The days of this technology being treated like a niche cryptographic concept are over. A truly secure and modern verification system asks better questions to get only the answers it needs. No more and, crucially, no less.
About the author
Jarek Sygitowicz is the co-founder and Chief Strategy Officer of Authologic, the full-stack global e-ID hub for industries reliant on KYC and AML processes. In 2013 he co-founded ZenCard, which allowed businesses to offer loyalty and rewards programs to customers using their existing payment cards. The company was acquired in 2017 by PKO BP, one of the largest banks in Poland. A longtime entrepreneur, he now serves as co-founder of Authologic, where he oversees strategy, client relations, design, and UX.
