In Mission: Impossible, criminals wear near-flawless face masks to impersonate others and gain access to secrets. Today’s fraudsters do not need latex—they use generative AI, fake documents, and injected scripts to do the job instead.
This was the message from a recent webinar hosted by Mitek in collaboration with Goode Intelligence, where fraud prevention experts warned that the security measures we’ve long relied on to protect payments are being outmanoeuvred at alarming speed.
“Fraudsters have the upper hand right now when it comes to speed,” said Carmel Maher, Director of Market Strategy and Intelligence at Mitek.
Biometric technologies have become increasingly common in customer verification, but the attackers are evolving just as quickly. Deepfakes, synthetic identities, and document template kits are being used at scale.
In one case discussed during the session, fraudsters used a stolen driving licence and morphed their face to resemble the photo. “The licence is real, the person is really there, and liveness detection can pass—but what doesn’t pass is resolution,” said Maher. The attack only failed because additional checks picked up manipulation artefacts.
Another example showed the same document template used across multiple banks in different countries, suggesting fraud-as-a-service tools are not only available—they’re increasingly easy to use.
Why traditional tools are falling short
Fraud has become faster, cheaper, and easier to commit. The barrier to entry has been lowered by AI tools that allow individuals with limited technical skills to generate convincing fake identities or spoof biometric systems.
“Even just a couple of years ago, it would have taken engineering skills to pull off some of these attacks,” noted Maher. “Now anyone can download a kit and execute at scale.”
According to Goode Intelligence’s latest research, over 760 million people globally will be using biometrics to help prevent payment fraud by 2030. That figure underscores a shift away from passwords and PINs and towards more dynamic, AI-powered defence mechanisms.
Could biometrics be the backbone of next-gen defences
Alan Goode, CEO of Goode Intelligence, outlined how biometrics now support the entire payments journey—from onboarding to transaction approval. They help to:
- Authenticate users via face or voice recognition
- Add extra security for high-value payments through step-up authentication
- Detect suspicious behaviour through behavioural analytics and liveliness checks
Server-side biometrics are gaining traction for their ability to verify identity centrally, without relying on possibly compromised local devices.
Layering is not optional anymore
Relying on a single biometric check or device-based security is no longer enough. Attackers often combine methods—face morphing, injection attacks, and fake documents—making it essential to have multi-layered protections in place.
“You wouldn’t protect your house with just one lock,” said Maher. “You check the windows, install alarms, maybe even monitor for unusual behaviour.”
The same logic applies to fraud. Layered systems—such as combining biometric checks with behavioural patterns, liveness detection, and anomaly detection—are proving critical in identifying threats without slowing down legitimate users.
The cost of getting it wrong
Account takeover is one of the fastest-growing types of fraud. In the UK alone, cases rose by 76% in 2024, with SIM swap fraud up over 100%, according to data cited during the webinar.
If organisations fail to properly verify users at onboarding, or lack step-up controls when high-risk activity occurs, the results can be expensive—both financially and reputationally.
And it’s not just fraud losses. Weak onboarding processes can expose firms to regulatory action, especially when KYC (Know Your Customer) and AML (Anti-Money Laundering) compliance is lacking.
As AI threats become more sophisticated and accessible, biometrics offer a vital, user-friendly way to mitigate fraud across the payments ecosystem. But without a layered strategy and modern tooling, even the best biometric systems can fall short.
You can watch the full discussion below:
