Cheapfakes on the Rise in Zero Contact Environments

Over the past few years, the COVID-19 pandemic has dealt a severe blow to our daily lives. People have refrained from having face-to-face interactions with others in order to protect themselves from the spread of the virus. And the rise of the “zero contact economy” driven by the pandemic has led to the growth of mobile-based financial transactions. According to the data of the Financial Supervisory Service (FSS) of Korea, the opening of securities accounts via non-face-to-face channels has increased more than nine-fold compared to account openings at offline branches, and non-face-to-face transactions now account for 90% of total transactions at banks.

The Korea Institute of Public Finance also forecast that the share of non-face-to-face financial transactions would continue to increase even after the end of the pandemic. Similar trends are seen in other countries abroad. With the prevalence of simple and convenient financial transactions in contactless environments, consumer complaints related to such transactions are also on the rise, such as the complaints on financial damages resulting from identity theft.

Number of customers registered through contact-free digital banking (Unit:100 million) PC, Mobile 2.00 1.75 1.50 1.25 1.00 1.47 1.64 1.74 1.91 1.05 1.22 1.35 1.53 Year 2018 2019 2020 2021
2022 Digital Finance Supervisory Direction (Mar. ’22, FSS)
Number of bank complaints (Unit: case) Contact-free account, Identify theft 400 300 200 100 106 122 148 134 159 119 243 141 283 138 414 298 Year 2016 2017 2018 2019 2020 2021
Number of Complaints at Korean Banks (May ’22, FSS)

· How COVID-19 has sped up digitization for the banking sector (EY)
· Covid-19 has increased the adoption of online banking (Retail Banker)

At its briefing session on digital finance supervision held in March this year, the FSS highlighted the need to manage risks related to personal information leakage. With the surge of personal data breaches, management of third-party risk is becoming increasingly important in recent days. As a specific measure to ensure safety in non-face-to-face identity verifications, the FSS stressed the need to prepare a real name verification process to prevent unlawful account openings and loans done through identity theft.

Now, let’s have a look at cheapfake cases associated with identity theft.

Messenger Phishing

The growth of social media has led to the increase of phishing scams that use messenger services to defraud victims. In messenger phishing, the perpetrator logs into someone else’s messenger by stealing the ID and password and extorts money from family and friends added in the messenger by faking emergency situations like hospitalization or car accident and asking for money through the messages exchanged with them. Recently, there have even been cases where offenders withdrew money from other people’s accounts only with the identification card copies they stole through messenger phishing.

“Mom, my cell phone screen cracked and I need an insurance to fix it. Could you send me a picture of your ID?”

The mother sent her ID without any suspicion since she’s done it before when her child broke his phone in the past, but on the next day, she found out after receiving a call from the bank that some thousands of dollars had been withdrawn from her account.

· Massive Facebook Messenger phishing operation generates millions (BleepingComputer)
· Philippine senate probes large-scale phishing scams (Reuters)

Digital Loan Using Forged ID

There was also a case in which a group of perpetrators received a loan by using ID forged with a photo posted on the Internet. The offenders fabricated a driver’s license by using personal information and photo they downloaded from a web portal, went through the “open cell phone > issue joint certificate > open account on securities company app” process, and ultimately received a KRW 150 billion (approx. $106k), loan from Kakao Bank.

Digital Loan Using ID Copies

When we visit a mobile operator store to open a phone or change device, there is a process in which the shop assistant makes a copy of our ID card or passport. In a digital loan scam, the shop assistant did not shred the copy of the victim’s ID and rather used it to receive a digital loan after undergoing the “open cell phone > issue public certificate > install mobile bank app” process. In May 2016, Korea Communications Commission enforced a rule on the mandatory use of scanners in order to prevent identity theft through the use of ID copies, but only a few consumers are aware of this requirement. Therefore, we must closely check whether our ID cards are scanned or copied in such circumstances and left behind after opening a new smartphones.

· Identity theft: how to protect yourself from fraud (The Guardian)
· Delhi: 3 held for cheating hundreds of bank customers with fake IDs, stolen customer data (The Indian Express)

Due to such frauds that exploit IDs, Turkey introduced a process of conducting liveness check on customers through real-time video calls. In April 2021, Turkey’s Banking Regulation and Supervision Agency (BRSA) officially announced security items for detecting deepfake-related risks, which include items like rainbow mark, optically variable ink, hidden image, and hologram micro lettering on IDs. These measures demonstrate the need to address cheapfake and deepfake methods used in crimes.

For more information about detection technologies for preventing unlawful digital account openings and loans through identity theft, check out our previous article: ”What are Cheapfakes (Shallowfakes)?”

Cheapfake Crimes against Insurance Companies

Recent data of the FSS shows that insurance frauds have been on a steady rise since 2019 when the number of insurance fraud cases reached a record high level. Particularly, frauds using injury/illness-related insurance products have increased profoundly. Frauds involving small-sum insurance claims of less than KRW 3 million (approx. $2,000), such as wrongful insurance claims obtained through over-billing of medical expense, account for nearly 56% of total fraud cases, which suggests that petty insurance frauds commonly conducted in daily lives are becoming more prevalent.

(Unit: 100million) 2018: 7,982 2019: 8,809 2020: 8,986 2021: 9,434 Less than KRW 1 million: 27.8% Less than KRW 3 million: 28.1% Less than KRW 5 million: 15.3% Less than KRW 10 million: 13.4% Over KRW 10 million: 15.4%
Source: FSS Statistics on Insurance Fraud Cases (Apr. ’21)

Offenders of insurance frauds (false claims) using cheapfake methods make false requests for insurance money by forging documents or receipts that had already been used for past insurance claims or stealing other people’s medical treatment receipts. They usually use Photoshop or Windows Paint to fabricate the documents. After getting an image of the medical treatment receipt issued under the name of themselves or other people, they make false claims through the methods outlined hereunder.

Case1) Making redundant insurance claims by revising hospital name, treatment date, patient name, etc.
The criminal skillfully fabricated the document image but was eventually caught as bills from different hospitals showed the same doctor name. According to Article 662 of the Commercial Act amended in March 2014, the right to insurance claim stays valid for three years in Korea. Taking advantage of such a long validity period, there have been many cases in which the year part of the treatment date was revised for false claims.

Case 2) Overbilling medical expenses by fabricating treatment records
The criminal received insurance claims for some 200 rounds of treatment although he actually went to the hospital only eight times, and thus was caught for such wrongful claims.

It will be necessary for both the financial industry and consumers to make efforts to prevent damages from the use of cheapfake techniques. The financial industry should strengthen oversight and management by applying relevant detection technologies, while consumers take extra precaution when sending the image of their ID to others or uploading it on the Internet. One might ask, “Who on earth would thoughtlessly send a copy of his/her ID to others or upload it online?” But in fact, there have been countless number of cases in which parents share their ID image to their children. And some youngsters may upload the picture of their driver’s license in the social media, feeing proud of their hard-won license, but this may also be exploited for various crimes.

In our next article, we will go over the pre-emptive measures for preventing forgery and falsification.

Read previous articles on deepfake:
+ Which One Is Real? Generating and Detecting Deepfakes
+ What Are Cheapfakes (Shallowfakes)?
+ What Is Proactive Media Forgery Prevention?
+ Is the Media You Are Watching "Real"?

※ This article was written based on objective research outcomes and facts, which were available on the date of writing this article, but the article may not represent the views of the company.

By Minki Hong Leader of Team9 (Samsung SDS Corporate Venture)