- Security experts say that traditional identity checks fail because they process each verification as an isolated event
- Deepfake variations allow fraudsters to easily bypass biometric and live detection systems
- The validation of the consortium sharing data between organizations to detect subtle and repeated fraud attempts in real time
In a digital world increasingly shaped by artificial intelligence, identity fraud evolves in scale and sophistication.
Experts from AU10TIX have reported a new threat tactic known as “repeaters” that reshapes how fraudsters infiltrate digital systems.
Unlike traditional attacks, these are not designed for instant damage – instead, repeaters quietly test the defenses of banks, cryptographic platforms and other services using slightly varied synthetic identities.
Once the weak points have been identified, these same assets are redeployed on several platforms of large-scale and coordinated fraud campaigns.
At the heart of this strategy are deeply improved identities, slightly modified versions of a basic digital asset.
These changes may include adjustments to facial characteristics, background images or documents.
When examined individually, each variation seems legitimate, often bypassing the traditional processes of your customer (KYC) and biometric controls.
The CEO of Au10tix, Yair Tal, describes them as “the fingerprint of a new fraud class: automated and improved attacks which reuse synthetic identities and large -scale digital assets.”
What makes repeaters particularly dangerous is how they use gaps in current fraud detection systems.
Most traditional defenses are based on static validation, evaluating each identity as an isolated event. Techniques such as biometric scans, detection of liveliness and identification checks often lack the wider image.
Because these synthetic identities are only subject to a few times by platform and seem unique, conventional tools are struggling to detect repetition.
To counter this threat, at10tix therefore introduces “consortium validation”. Unlike silent systems, this method allows several organizations to share identity signals on a real-time network, as well as the best platforms for the protection of termination points.
If an identity, or even a slightly modified version, appears in more than one member organization, the system immediately unclates it.
It is a collaborative defense strategy aimed at connecting points between otherwise isolated incidents.
“We are proud to be at the forefront of the detection and blocking of these attacks by the advanced recognition of the models and the validation of the consortium in real time,” added Tal
AT10TIX recommends organizations also vulnerability audits to deep FFAKES and synthetic identities which can bypass the traditional KYC defenses.
He also recommends close monitoring of behavior between devices, sessions and integration events, as he can reveal coordinated activities before they go to.
The best chance of early detection of this fraudulent activity is a connected and conscious safety infrastructure, because no unique solution can claim to be the best antivirus or the best protection against malware against this new generation of fraud.
