Treasury 
Risk Management 
Payments 
Connectivity 
Working Capital 
Accelerate ERP Migrations 
AI in Kyriba 
API Integration 
Cash Forecasting 
Enterprise Security 
Fraud Prevention 
FX Exposure Management 
FX Risk Management 
ISO 20022 Migration 
Liquidity Planning 
Real-time Payments 
Supplier Financing 
Office of the CFO 
Treasury 
Information Technology 
Retail 
Financial Services 
Higher Education 
Healthcare 
Manufacturing 
Mid Sized Companies 
Banks 
Public Sector 
Blog 
eBooks 
Webinars 
Videos 
News 
Fact Sheets 
Success Stories 
Events 
FAQs 
Value Engineering 
Research 
About Us 
Values & ESG 
Recognition 
Leadership 
Careers 
Contact Us 
Kyriba Academy 
KyribaLive 
Blog
The Threat of Deepfake Frauds in Payment
Imagine this: your CEO’s voice or your CFO’s face—and a request for funds. Something in your gut is telling you that this situation feels ‘off’ but what can you do? It’s the CEO or CFO of the company after all.
This is the reality of deepfake fraud, a clever ruse that is not only making headlines but also blurring the lines between truth and fiction with chilling precision. Every transaction and every interaction is a potential battleground, where the slightest misstep could lead to catastrophic losses.
Misinformation/disinformation is the number one concern and near-term risk according to the World Economic Forum’s 2024 Global Risks Repo for government leaders, executives, chief information security officers, and others who want to mitigate deepfake fraud.
The Evolution of BEC Scams
Business email compromise scams exploit the most vulnerable element in tools, technology, and processes: us. Leveraging BEC scams has remained one of the most profitable forms of cybercrime by exploiting weaknesses in human emotions and decision-making habits. In fact, despite increasing awareness of these types of scams amongst the general public, the FBI reported 21,489 BEC complaints with losses amounting to $2.9 billion in 2023 alone.
The integration of deepfake technology into these scams marks a significant step in their increasing sophistication and highlights the need for heightened vigilance and advanced cybersecurity measures. As criminals continue to use advanced AI to create more convincing frauds, the challenge for businesses becomes how to play defense against a technological threat and a psychological one.
The Rising Threat of Deepfake Fraud
A subset of “synthetic media” or “synthetic content,” deepfakes are defined as a type of artificial intelligence (AI) that—as the name suggests—are used to create bogus content, such as images, audio, and video.
The rise of deepfake fraud casts a shadow of doubt over every transaction. Deepfake software has become a powerful and dangerous tool in the hands of fraudsters. The technology can create the illusion of a legitimate transaction. You might think you are hearing from the CEO, the CFO, or the attorney related to a merger, requesting a legitimate payment. And by the time a company realizes it has been duped, it’s often too late.
In early 2020, deepfake voice technology was famously used in a $35 million bank heist in Hong Kong. A bank manager received a call and several emails from what appeared to be a company director he had spoken with before. The director claimed that his company was making an acquisition soon and needed a $35 million transfer to complete the process. The bank manager, recognizing the man’s voice and believing everything to be legitimate, complied and sent the money.
Of course, the person who called the bank manager and sent the emails was not who they claimed to be, and the money was stolen. The theft has implications for companies of all sizes, as it represents the latest step on the evolutionary scale of a familiar scam that has duped well-meaning financial professionals into transferring millions into the wrong hands.
The Deception Deepens with Video & Audio
Deepfake technology uses artificial intelligence to combine still images of one person with video footage of another. In a relatively short amount of time, the technology has improved to the point where very few photos—and in some cases, just one—are needed to create a convincing video deepfake.
Similarly, Deepfake audio, or “deep voice” technology is another nefarious innovation.. Much like with video, the software may only need a 30-second or less snippet of audio to create a flawless deepfake, according to Rupal Hollenbeck, president at Check Point Software.
In a case reminiscent of the Hong Kong heist, fraudsters created an elaborate and sophisticated scheme, posing as company executives during a virtual conference call. The result? A financial worker, despite initial suspicions, was persuaded into transferring $25 million into the fraudsters’ pockets.
The Office of the CFO is the Last Line of Defense Against Deepfakes
The consequences of this type of fraud is not limited to financial losses but rather also includes potential damage to an organization’s reputation and stakeholder trust. In response to this growing threat, it is imperative that treasury professionals operate within a culture of skepticism and integrate advanced security measures into their standard operating procedures. These new sophisticated technologies require sophisticated solutions that combine cutting edge technology with human expertise to detect anomalies.
Five Steps to Avoid a Deepfake-out
The following tips can help treasury and finance professionals identify audio and visual deepfakes.
- Be Wary of Incoming Calls: A tried-and-true method that often thwarts BEC scams has always been to pick up the phone and call your contact (with a number you already have on file) to verify that they requested the transfer. The same rules should apply for video calls. If your contact invited you to a Zoom call and requested a transfer, it’s best practice to call afterward on a legitimate number and clarify.
- Implement Multi-Factor Identification: An effective way to confirm that you are speaking with your true contact is to verify their identity during the call. Have the other person answer a series of questions or provide a password that only your contact would know. Much like two-factor authentication on your computer, this practice adds an extra layer of security.
- Leverage AI and Machine Learning: Use state-of-the-art detection tools to identify patterns and anomalies–blurred faces, lack of light in the eyes, mismatches in facial expressions, absent or excessive blinking–that indicate deepfake content.
- Streamline Manual Processes: Having strong payment controls interlinked with sound is key to preventing fraud. Any manual verification outside of an ERP system or TMS is a huge risk exposure for any organization to become a target of fraudsters.
- Regularly Review and Update Security Protocols: as these technologies continue to evolve, so should your processes for protecting against them. Establish a regular cadence to evaluate and update your SOPs to protect against fraud
Ultimately, the best way to avoid these deepfake scams is to follow prevention best practices and apply a critical eye. While it isn’t easy to be hyperaware of the threats around us, that is exactly what we need to be in this current environment. “It used to be that seeing was believing,” said Hollenbeck, “but not so much anymore.” Deepfakes are the latest in a long line of scams. The best way to avoid falling victim: slow down. According to Blackcloak CEO, Chris Pierson, “slowing down almost always yields a definitive answer.”
Related Resources
-
Welcome to Liquidity PerformanceToday marks an exciting new chapter for Kyriba as we unveil our new brand identity. This transformation symbolizes far more than just a visual refresh – it represents our vision and approach to elevating...Read more -
Identifying the ROI in a Treasury Transformation ProjectHow do you truly identify the total value of implementing a treasury management system (TMS)? While some aspects of a treasury transformation project may seem black and white, other value components are difficult to...Read more -
10 Things You Need to Know about APIs for TreasuryAPIs continue to be one of the most talked about technologies, as finance leaders look to make their treasury and payments operations more real-time and responsive to market volatility. APIs are critical to the...Read more
Related Resources
-
The Perfect Storm of B2B Payment Fraud: How to Defend Your Treasury Before It’s Too LateB2B payment fraud is one of the top concerns keeping CFOs and treasurers up at night, having increased in importance due to the proliferation of spear-phishing, data breaches and the resulting loss in company...Read the eBook -
Payments Fraud Detection in an Escalating Threat EnvironmentModern fraud threats are innovative and constantly evolving. To confront these threats, organizations that want to survive need to deploy the most up‑to-date detection and prevention solutions.Read the eBook -
Kyriba Payments Fraud Detection SolutionPayments fraud continues to be a top concern for organizations. According to a recent US companies and B2B payment fraud survey report published by Trustpair and Giact, 56% of US companies were targeted by...Read the fact sheet