Deepfake Liveness Bypass in eKYC

How Deepfake Liveness Bypass in eKYC Works

Overview: The deepfake liveness bypass scam is a sophisticated identity fraud targeting Indian banking and fintech sectors. Scammers use AI tools to manipulate selfie or live-video verification meant for eKYC (electronic Know Your Customer) onboarding. The goal is to impersonate real people—often unsuspecting individuals—by generating or modifying videos to pass liveness checks, enabling fraudulent account openings or access to financial services. The scam threatens everyone from professionals and small business owners to students, as almost every Indian bank and loan app now relies on digital onboarding. How It Works: Scammers first collect or purchase stolen personal data—Aadhaar numbers, PAN cards, selfies, and so on. Using AI software, they create videos or webcam feeds that mimic a target’s face movements and expressions. When prompted for a liveness selfie or video during eKYC, the fraudster streams the manipulated media, fooling the bank’s automated system. Once verification succeeds, they gain access to open loan accounts, withdraw funds, or execute further fraud in the victim’s name. India Angle: In India, this fraud is amplified by reliance on eKYC through platforms like UPI and digital banks. Many banks, NBFCs, and fintech apps use video or selfie-based KYC—especially for fast approvals and microloans. The scam has been observed in metro hubs such as Mumbai, Bengaluru, and Ahmedabad, but is rapidly spreading nationwide as fraud toolkits become available in local languages. Real Examples: - A WhatsApp message reads: "Dear Sir, your bank account requires KYC update. Click here for selfie verification." - A digital loan app requests a live video check via an embedded link. Test runs fail, but one ‘perfect’ video passes after repeated attempts. - A customer receives an SMS confirming account creation, despite never onboarding or sending a selfie. Red Flags: 1. Unusual smoothness or uniform lighting in selfie videos during onboarding 2. Blinking or facial movements appear robotic or delayed 3. Verification repeatedly fails, then suddenly passes on one attempt 4. New account access notifications from banks you never contacted Protective Measures: - Never share selfies, videos, or ID scans with unknown callers or apps - Use official app stores and trusted links to access eKYC portals - Monitor SMS/email alerts for unauthorized account openings - Enable multi-factor authentication on all financial apps - Report fake eKYC requests to your bank immediately If Victimised: - Contact your bank to freeze suspicious accounts/services - Report immediately to 1930 or the National Cybercrime Portal (cybercrime.gov.in) - Register a grievance with RBI’s Sachet portal if financial damage occurs Related Scams: - Synthetic identity with fake document uploads - UPI frauds using stolen KYC data - Loan app misuse through deepfake onboarding

How This Scam Works — Detailed Explanation

The deepfake liveness bypass scam begins with scammers identifying potential victims through popular platforms like WhatsApp and social media. These criminals leverage fake profiles or hijacked accounts to build trust with unsuspecting individuals. Once rapport is established, scammers may pose as bank officials or financial service providers, initiating the KYC process. During this stage, they may request a selfie or live video to confirm the victim's identity, often claiming it is a mandatory step for digital banking continuity or loan approvals.

Scammers employ advanced AI technology to manipulate images or videos to make them appear as if the victim is performing the required liveness checks. Psychological tactics, such as urgency and fear of account suspension, are utilized to pressure victims into complying. For instance, a scammer may say, "Your account will be frozen unless you complete this verification within the next 15 minutes!" This kind of manipulation can lead to individuals parting with their biometric data, often without realizing the implications.

Once the victim shares their selfie or liveness video, the scammers can generate deepfakes that mimic the victim's biometric features. These forged assets can bypass the security checks usually implemented in onboarding processes, leading to unauthorized accounts being opened under the victim's name. For example, individuals have reported discovering new bank accounts or loan applications initiated without their consent, and receiving SMS alerts or emails regarding transactions they never authorized — all while the scammers quietly siphon off funds through platforms like UPI.

The impact of this deepfake liveness bypass scam has been grave. According to recent reports, at least ₹500 crores was lost due to various forms of identity theft in 2023 alone. The Ministry of Home Affairs (MHA), in conjunction with the Reserve Bank of India (RBI) and CERT-In (Computer Emergency Response Team India), has urged citizens to be vigilant against identity fraud. These agencies are ramping up efforts to combat such advanced scams by enhancing public awareness and cybersecurity measures.

To spot this scam amidst legitimate communications, there are several tell-tale signs to look out for. Watch for unusual requests for selfie verification that ask for erratic head movements or repetitive actions. Moreover, if a liveness video appears overly stable or smoothed out, it could be a fake. Be extra cautious if your account gets approved after multiple failed KYC attempts or if you receive unexpected alerts about new accounts. Always verify any suspicious communication with your bank directly through official helplines such as SBI at 1800-11-1109 or HDFC at 1800-202-6161.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Deepfake Liveness Bypass in eKYC Target?

General public across India

Red Flags — How to Identify Deepfake Liveness Bypass in eKYC

• Selfie verification asks for unusual head movements or repetitions
• Liveness video appears oddly stable or over-smoothed
• Account approval after several failed KYC attempts
• Unexpected alerts about new bank or loan accounts

What To Do If You Encounter Deepfake Liveness Bypass in eKYC

1. Report any suspicious activity immediately to the cybercrime helpline at 1930 or visit cybercrime.gov.in.
2. Contact your bank's customer service to lock your accounts and prevent further unauthorized access.
3. Change passwords for your banking and related accounts to strengthen security.
4. Monitor your bank statements regularly to detect any unauthorized transactions early.
5. Educate family and friends about the deepfake liveness bypass scam to raise awareness.
6. Consider enabling two-factor authentication wherever possible for added security on your accounts.

How to Report Deepfake Liveness Bypass in eKYC in India

• Call 1930 — National Cyber Crime Helpline (24x7)
• File a complaint at cybercrime.gov.in
• Contact your bank immediately if money was lost
• Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my biometric data in a scam?

Immediately contact your bank's customer service to freeze your accounts and report the incident. You can also report the scam to the cybercrime helpline at 1930.

How can I identify a deepfake liveness bypass attempt?

Look for requests for unusual head movements, overly smooth video feeds, or convenience of failed attempts being followed up by instant approval.

How do I report this type of scam in India?

You can report the scam at 1930 for cybercrime issues or use cybercrime.gov.in for further assistance and guidelines on filing a complaint.

What steps can I take to protect my accounts after being targeted?

Change your passwords immediately, enable two-factor authentication, and keep a close eye on your bank statements for unauthorized transactions.

Related Scams in India

• 'PrintSteal' Operation - Fake KYC Document Generation
• AI Deepfake CEO Fraud (BEC Scam)
• AI Deepfake Executive Authorization Scam
• AI Deepfake Voice Payroll Fraud
• AI Voice Clone Urgent Money Transfer Scam (General)

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.