Deepfake Liveness Bypass in eKYC — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 30, 2026

Severity: CRITICAL | View Full Scam Details

Beware of Deepfake Liveness Bypass in eKYC Scams in India 2026: A Critical Threat to Your UPI and WhatsApp Security

Fraudsters are now using deepfake technology to bypass eKYC (electronic Know Your Customer) processes, putting your digital banking, UPI transactions, and Aadhaar-linked services at critical risk.

What Is the Deepfake Liveness Bypass in eKYC?

The deepfake liveness bypass scam is an emerging cybercrime in India, where fraudsters use advanced artificial intelligence (AI) to create manipulated videos or images of victims performing liveness checks required during the eKYC process. eKYC is essential for opening bank accounts, verifying identities for UPI payments, or availing financial products digitally. Typically, it involves submitting a live selfie video or photo to confirm that the person is physically present and genuine.

In this scam, criminals exploit this verification process by convincing victims—primarily those using mobile banking and UPI apps—to share selfies or live videos. Scammers posing as bank officials or representatives of financial institutions may approach targets through WhatsApp, social media platforms, or even hijacked profiles. Using AI-driven deepfake technology, they craft fake live videos that fool eKYC systems, bypassing biometric and liveness checks without the victim’s actual involvement during verification.

The scheme has gained alarming traction in India, especially after broader adoption of UPI and Aadhaar-based verification boosted demand for smooth digital onboarding. The Indian government’s cybercrime arm, I4C (Indian Cyber Crime Coordination Centre), along with CERT-In and RBI, have highlighted the increasing sophistication of eKYC-related frauds. While no widespread official advisory has singled out this exact method yet, these agencies repeatedly caution users to be vigilant against any requests for videos or selfies outside secure app environments.

How This Scam Works — Step by Step

1. Initial Contact: Victims receive a WhatsApp message, friend request, or social media contact from a profile claiming to be a bank official, loan agent, or UPI helpdesk representative.

2. Building Trust: The scammers engage the victim in conversation, sometimes using fake testimonials or hijacked contacts, to gain credibility.

3. Request for KYC: The caller insists the victim must complete or reconfirm their eKYC details through a "mandatory" selfie or live video for continued access to banking, loan approval, or UPI services.

4. Liveness Check Bypass: When the victim submits the selfie or short video, scammers use deepfake tools to manually or automatically generate convincing live-video content simulating the victim performing required liveness actions (e.g., blinking, head-turning).

5. Digital Identity Theft: The deepfake video is submitted to the legitimate eKYC portal or banking app, fooling the system and allowing fraudsters to create fake accounts or authorize transactions in the victim’s name.

6. Financial Fraud: Once in control, scammers may initiate UPI transactions, take loans using the victim’s identity, or commit Aadhaar-based identity theft. The victim often discovers unauthorized charges or blocked accounts too late.

Real Warning Signs to Watch For

• A message or call pressuring you urgently to complete an eKYC selfie or video outside official bank apps or websites.
• Requests for selfies or live videos sent via WhatsApp, social media, or any channel not officially designated by your bank.
• Unsolicited messages from unknown or recently created profiles claiming urgent financial reasons like loan sanction, account suspension, or compliance.
• Your bank or UPI app never directly asking for live video verification via WhatsApp or social platforms.
• Any unusual or sudden change in your UPI PIN, linked mobile number, or bank account status soon after submitting personal images/video.
• Receiving OTPs or transaction alerts you did not initiate following an eKYC verification request.
• Being asked to share Aadhaar or PAN details along with selfie/video in an unofficial manner.

What Happens to Victims

Victims of the deepfake liveness bypass scam usually suffer severe financial and emotional consequences. Fraudsters impersonate them digitally to open fraudulent bank accounts, siphon money through UPI transactions, or take unsecured loans in the victim’s name. Reversing such transactions can be difficult, as fraudsters use manipulated biometrics considered highly trustworthy by banks’ automated systems.

The misuse of Aadhaar and SIM swap attacks tied to this scam further worsen victims' situations, causing identity theft and long-term credit damage. Many victims report facing prolonged legal hassles, blocked accounts, and mistrust in digital banking—all while suffering the stress of financial loss.

As UPI and digital payments dominate India’s financial landscape, victims often lose thousands or even lakhs of rupees, with minimal immediate recourse.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) has continuously emphasized strengthening eKYC processes but warns that technology can be exploited by fraudsters. RBI advisories urge banks and payment service providers to implement robust multi-factor authentication and educate customers about avoiding sharing personal details on unofficial channels.

CERT-In (Indian Computer Emergency Response Team) encourages users to report suspicious messages and maintain strict control of biometric data while highlighting the dangers of social engineering scams. The national cybercrime helpline 1930 is available for filing complaints related to identity and payment fraud.

While I4C has issued alerts on cyber fraud involving eKYC and UPI, the rapid advancement of AI deepfakes presents a new serious challenge demanding increased user awareness and institutional safeguards.

How to Protect Yourself

1. Only use official banking or UPI apps for all eKYC or related verification; never share selfies or videos over WhatsApp or social media.
2. Verify caller identity independently by calling your bank’s official helpline before sharing any personal or biometric details.
3. Do not respond to urgent or threatening messages demanding immediate submission of video verification outside official channels.
4. Regularly monitor your bank and UPI accounts through official apps and SMS alerts for any suspicious activities.
5. Enable two-factor authentication (2FA) on banking and financial services apps.
6. Avoid sharing Aadhaar, PAN, or other sensitive documents over messaging apps or phone calls.
7. Educate family and friends, especially elders, about this deepfake-based scam and the importance of verifying any eKYC or video request.

What to Do If You’ve Been Targeted

• Immediately contact your bank or financial institution on official numbers to report suspected fraud and request account freezing.
• Change all relevant passwords and UPI PINs without delay.
• File a complaint at the cybercrime.gov.in portal or call the 1930 cybercrime helpline to report the scam.
• Inform your mobile service provider if you suspect a SIM swap has occurred.
• Consider lodging a police complaint with proof of communication and transaction records.
• Notify Aadhaar authorities if your biometric or identity details have been compromised.

Quick action improves the chances of recovering lost funds and preventing further identity misuse.

Frequently Asked Questions

Q: Can deepfake videos really fool bank eKYC systems in India?
A: Yes, recent incidents indicate that sophisticated AI-generated deepfake videos can bypass liveness detection used during eKYC, allowing fraudsters to impersonate victims digitally.

Q: How can I tell if a video request for KYC is legitimate?
A: Legitimate requests come only from official banking or UPI apps, not over WhatsApp or random social media contacts. Always verify independently by contacting the bank’s official helpline.

Q: If I accidentally shared my selfie or video for eKYC, what should I do?
A: Immediately alert your bank, change all security credentials, and report the incident to cybercrime authorities via the 1930 helpline and cybercrime.gov.in.

Be cautious with any unexpected eKYC requests and verify all communications before sharing personal information. To check suspicious messages or calls, visit BharatSecure.app and if you encounter fraud, report it to 1930 immediately.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.