Can I see some ID? Deepfakes are pushing the digital identity business to play catch-up
Talk about an identity crisis.
How can businesses and their people trust that someone actually is who they say they are? It’s tougher than ever to know for sure.
The story that’s spooked everyone: Scammers duped a Hong Kong finance worker into shelling out $25 million—by using AI-powered deepfake technology to pose as the company’s CFO and other staff members during a video call.
Granted, that’s an elaborate ruse. But the threat of similar trickery has left providers of digital identity verification scrambling to catch up.
Just ask Franz Gilbert, a managing director at Deloitte, where he’s global growth leader for human capital ecosystems and alliances. Gilbert, who spends a lot of time talking with HR tech providers, is also hearing from clients worried about visual deepfakes.
Their line of questioning: “How do I know the person I interviewed is the same person that I printed out a badge for,” Gilbert relates, “and is the same person that four months from now is actually sitting behind the keyboard and doing the work?”
The digital trust market is booming. By 2030, it’s expected to grow to almost $190 billion worldwide, more than double its value last year.
But the industry has no magic solution to deepfakery.
AI is “definitely going to live up to the hype,” says Todd McKinnon, cofounder and CEO of employee and customer identity platform Okta. As he points out, someone could create a fake video of me that says I need a new password.
“The vendors making tools to defend companies against that have to step up,” McKinnon says. “I think some of that is actually going to be done with AI itself as well.”
Deepfakes are just part of the problem. Because biometrics and hardware tokens have made it harder to break into people’s accounts, threat actors have moved upstream with their phishing efforts, McKinnon observes. For example, a hacker might call a company’s help desk, pretending to be an employee, and ask to reset their two-factor authentication.
“So they have to be diligent and get a video call with you and make sure you’re really you,” says McKinnon, whose company does workforce identity for FedEx and customer identity for ChatGPT. “Hopefully, AI doesn’t make that harder.”
Deloitte sees a gap in digital identity management. There are products that cover interviewing and some onboarding, Gilbert notes: “That’s a very distinct software category from badge management tools, facility management tools.” A third suite of products allows monitoring, by taking snapshots of workers via their computers.
But there’s still nothing that compares all three, Gilbert says. And the fix isn’t as simple as it might look.
“You can say, ‘Okay, let’s do a facial-recognition comparison from a snapshot taken during an interview, a snapshot off the badge, a snapshot later, and compare the three,’” Gilbert explains. But when it comes to regulation, the storage and comparison of biometric data is highly problematic in some jurisdictions: “The reality is, I think it’s going to take some time for the industry to try to figure out how to navigate.”
But after speaking to firms that are working on the problem, Gilbert is optimistic. “This really is a real-time issue,” he says. “It’s an operational concern that companies have to solve.”
Luckily, the SaaS industry responds well to that, Gilbert adds: “We’ll probably see a couple solutions that are commercially out there pretty quickly, probably within the next 12 months.”
In the meantime, hold my video calls.
Nick Rockel
nick.rockel@consultant.fortune.com
This story was originally featured on Fortune.com
