Credit: The original article is published here.
- Security experts say traditional identity checks fail because they treat each verification as an isolated event
- Deepfake variations let fraudsters bypass biometric and liveness detection systems with ease
- Consortium validation shares data across organizations to detect subtle, repeated fraud attempts in real time
In a digital world increasingly shaped by artificial intelligence, identity fraud is evolving in scale and sophistication.
Experts from AU10TIX have flagged a new threat tactic known as “Repeaters” which is reshaping the way fraudsters infiltrate digital systems.
Unlike traditional attacks, these aren’t designed for instant damage – instead, Repeaters quietly test the defenses of banks, crypto platforms, and other services by using slightly varied synthetic identities.
Deepfakes as reconnaissance tools
Once weak points are identified, those same assets are redeployed across multiple platforms in large-scale, coordinated fraud campaigns.
At the heart of this strategy are deepfake-enhanced identities, slightly modified versions of a core digital asset.
These changes may include tweaks to facial features, background images, or document numbers.
When examined individually, each variation appears legitimate, often bypassing traditional Know Your Customer (KYC) processes and biometric checks.
AU10TIX’s CEO, Yair Tal, describes them as “the fingerprint of a new class of fraud: automated, AI-enhanced attacks that reuse synthetic identities and digital assets at scale.”
What makes Repeaters particularly dangerous is how they exploit gaps in current fraud detection systems.
Most traditional defenses rely on static validation, evaluating each identity as an isolated event. Techniques like biometric scans, liveness detection, and ID checks often miss the broader picture.
Because these synthetic identities are only submitted a few times per platform and appear unique, conventional tools struggle to detect the repetition.
To counter this threat, AU10TIX therefore introduces “consortium validation”. Unlike siloed systems, this method allows multiple organizations to share identity signals across a real-time network, just like the best endpoint protection platforms.
If an identity, or even a slightly modified version, appears at more than one member organization, the system flags it immediately.
It’s a collaborative defense strategy aimed at connecting the dots between otherwise isolated incidents.
“We’re proud to be at the forefront of detecting and blocking these attacks through advanced pattern recognition and real-time consortium validation,” Tal added
AU10TIX recommends organizations also audit for vulnerabilities to deepfakes and synthetic identities that can bypass traditional KYC defenses.
It also recommends the close monitoring of behaviors across devices, sessions and onboarding events because it can reveal coordinated activities before they scale.
The best chance at early detection of such fraudulent activity is a connected and behaviorally aware security infrastructure because no single solution can claim to be the best antivirus or the best malware protection against this new generation of fraud.
