Deepfake fraud in banking is the use of AI-generated faces, voices, and documents to defeat identity checks — to open accounts, take over accounts, or approve payments while pretending to be someone else. It now makes up 6.5 percent of all fraud attacks, a 2137 percent rise since 2022, according to Signicat data in the deepidv benchmark report. Your remote onboarding flow is the new vault door, and the tools to pick its lock cost less than a phone.
The 2026 threat numbers every bank should memorise
Four figures tell the whole story.
- 6.5 percent of all fraud attacks now involve deepfakes — from a rounding error to a headline category since 2022.
- 2137 percent — the growth of deepfake fraud over that period, according to Signicat data in the deepidv benchmark report.
- 1151 percent — the year on year jump in iOS injection attacks that iProov measured in late 2025. The attack surface everyone called safe grew fastest.
- 24.5 percent — the share of high quality deepfakes that human reviewers actually catch, per deepidv.
Sit with that last one. Your best-trained analyst misses three out of four good fakes. This is not a training problem. It is a physics problem — the fakes crossed below the threshold of human perception, and they are not coming back up.
Presentation or injection — which attack are you facing?
Every deepfake attack on video KYC falls into one of two classes, and they demand different defences.
Presentation attacks
The fraudster shows something to a real camera. A printed photo. A screen replaying a synthetic face. A silicone mask. The camera is honest — the thing in front of it lies. Classic liveness detection was built for exactly this class, and against it, decent liveness still works.
Injection attacks
The fraudster skips the camera entirely. Using virtual camera drivers, emulators, or hooked software interfaces, they feed a synthetic video stream straight into your app, frame by frame, as if a real camera had captured it. Your liveness check then dutifully analyses a video that no lens ever saw.
Injection is the growth story. That 1151 percent iProov figure on iOS should end any lingering belief that locked-down platforms are immune. If your defence assumes the camera feed is genuine, your defence has already lost.
Why do human reviewers and single-layer liveness fail?
Because both were designed for the last war.
Human review fails on perception. At a 24.5 percent catch rate for high quality fakes, a manual review queue is a comfort blanket with a badge. Reviewers anchor on video quality, lighting, and demeanour — signals modern generators reproduce perfectly.
Single-layer liveness fails on predictability. Blink twice. Turn your head left. Read these digits. The challenge script is public, so attackers train their generators on the script. A face model that can blink on command defeats a blink test by definition. Any single check, however clever, gives the attacker one stable target to optimise against — and optimisation is the one thing this generation of fraud tooling does brilliantly.
What does a defence stack that actually holds look like?
Layers. Independent ones, so beating one tells the attacker nothing about the next.
- Device integrity. Detect emulators, rooted devices, and virtual camera drivers before a single frame arrives.
- Injection detection. Verify the video stream physically originated from the sensor on the device.
- Passive liveness. Analyse skin texture, light response, and micro-movement with no user action at all.
- Randomised challenge. When risk is elevated, issue an unpredictable prompt the generator has never rehearsed.
- Artefact detection. Hunt the statistical fingerprints synthesis leaves in frames, invisible to eyes but not to models.
- Behavioural signals. Typing cadence, device history, session patterns — context the fake cannot fabricate.
- Human final review. A trained analyst rules on escalated cases, armed with every layer output above.
The payoff is measurable. Layered stacks hold bypass rates under 0.3 percent according to deepidv, against a 24.5 percent human catch rate alone. That is not an incremental improvement. That is a different sport.
Friction versus conversion — the balance that decides revenue
Security teams add steps. Growth teams delete them. Both are right.
Every extra second in onboarding bleeds completions, and a clunky KYC flow hands customers to the competitor with the smoother one. The answer is not maximum friction — it is invisible friction. Device integrity, injection detection, passive liveness, and behavioural signals all run silently, adding zero user steps. Reserve visible challenges for the small slice of sessions the silent layers flag as risky. Legitimate customers glide through in seconds. Attackers hit a wall that keeps moving. Fraud falls while conversion holds — and that combination, not either number alone, is the metric your board should ask for.
The regulator squeeze
Supervisors caught up fast. Across Europe, the Gulf, and Asia, guidance on remote onboarding now names deepfakes and injection attacks explicitly, and examiners have started asking a brutally simple question: show us how you detect a synthetic video stream. Silence is now a finding.
The burden has flipped. Banks must demonstrate their remote identity checks resist known synthetic media attacks — not merely assert that they do.
Expect documented control testing, vendor due diligence on liveness providers, and board reporting on deepfake exposure to become standing requirements. The institutions that build the evidence trail now will sail those exams. The rest will build it under enforcement deadlines, at triple the cost.
Inside SentinelKYC — layers first, human last
SentinelKYC is a deepfake-resistant onboarding platform that AiLeap deploys with partners, built on exactly the stack above. It combines layered liveness with dedicated injection detection — device integrity, sensor-origin verification, passive analysis, and randomised challenge — then routes every borderline case to mandatory human final approval, with each layer verdict laid out for the analyst.
The human stays in the loop by design, not as the front line. Machines filter the millions. People judge the hundreds. That division of labour is what keeps bypass rates near zero without turning onboarding into an interrogation.
Your 10 point self-audit checklist
Score one point per yes. Below seven, you have work to do.
- We detect virtual cameras and emulators before capture begins.
- We verify video streams originate from a physical sensor.
- We run passive liveness with no scripted user actions.
- Our challenges are randomised, never fixed sequences.
- We scan frames for synthesis artefacts.
- We score behavioural and device signals alongside the face.
- No single layer failure lets a session through.
- Human reviewers see machine layer outputs, not raw video alone.
- We measure bypass rate and conversion rate together.
- We can show a regulator our injection defence in writing, today.
Want your score moved before an attacker or an examiner moves it for you? Talk to AiLeap about a SentinelKYC deployment, or start with our AI Kickstart — a fixed-scope sprint that audits your onboarding flow and maps the layered defence to your stack.
Ready to make the leap to AI?
Book a free 30-minute discovery call — we will pinpoint your best first AI use case.
Book a discovery call