Biometric Spoofing StatisticsThe Real-World, Financial Consequences of Biometric Fraud
Biometric Spoofing: Statistics & Financial Impact
For many merchants, biometric spoofing feels like a sci-fi problem. Something for the crew of the USS Enterprise to worry about, rather than 21st Century eCommerce merchants.
To be fair, the current threat posed by biometric spoofing is not as substantial compared to other forms of fraud, at least for small- to medium-sized businesses. But, make no mistake: fraud patterns change abruptly. What seems like a modest risk today can morph into a headline-grabbing crisis in an instant.
And, given that biometric payments are set to balloon in popularity, we could be staring down a future where identity fraud is faster, harder to detect, and significantly more expensive. In this chapter, let’s look at the numbers to examine how big of a threat biometric scams really are (and how big they’re going to be).
Biometric Spoofing
Your face is more unique than your password: that’s the basic idea behind biometrics authentication. Biometrics are powerful, but they can still be spoofed. Today, we're discussing how biometric spoofing works, why it’s a problem, and ways to guard against the danger.
How Much of a Threat is Biometric Spoofing?
At this stage: a moderate threat.
Identifying which specific person or persons have access to the correct data is comparatively easy. The same can be said about finding what kind of biometric reader is being used by the intended victim. Getting workable data, on the other hand, is more troublesome.
Biometric marker information is stored in secured databases, and like all digital storage methods, these are vulnerable to hacking. Modern biometric systems have rigid encryption protocols for the depersonification of information, though.
Personal data, biometric templates, photographs, and more are stored in separate databases. A professional hacker may steal the info, but tying all the pieces together would be next to impossible.
Biometric information from a large data breach may actually pose less of a risk than individual, dedicated fraudsters. A scammer targeting one, specific individual with silly putty is more dangerous than a hacker, from a biometric standpoint. That doesn’t mean, however, that data breaches can’t happen.
Percentage of video biometric fraud attempts that involve deepfakes.
Source: Entrust
Increase in deepfake attacks over the last three years.
Source: Signicat
Presentation attacks as a percentage of fraud cases.
Source: Signicat
Injection attacks as a percentage of fraud cases.
Source: Signicat
Percentage of deepfake attacks involving crypto.
Source: Sumsub
Percentage of people who can correctly identify deepfakes.
Source: iProov
Percentage of global consumers who say they would rather use biometrics than passwords.
Source: iProov
Percentage of Americans who say they want to use biometrics to authorize payments.
Source: Computer Science Zone
Percentage of consumers who believe AI-enabled fraud is the #1 fraud threat.
Source: Security Magazine
Percentage of organizations that say that face biometric systems are no longer reliable due to deepfakes.
Source: Gartner
The Future Threat Posed by Biometric Spoofing
Biometric spoofing is expected to become a much greater threat over the next decade, as more consumers embrace contactless payments while fraudsters have access to more sophisticated AI tools.
It’s beyond question that biometric payments are already mainstream. However, as popular as they are today, there’s room to run, with the biometric payments market expected to exceed $90 billion in 2029.
As usage surges, so does the target on merchants’ backs. If biometric spoofing attacks continue unchecked, it could result in a proportional rise in spoofing-enabled criminal fraud chargebacks. Because fraud detection is part of your responsibility as a merchant, you can’t fight these chargebacks, either.
The unfortunate truth is that a surge in biometric spoofing attacks is almost certain over the next decade, thanks in no small part to the scalability of these attacks. Automation, coupled with generative AI tools, can now generate thousands of synthetic identities (i.e. deepfakes) in minutes. This will let fraudsters launch attacks at a volume that human review teams cannot possibly match.
Merchants who dismiss this as a problem to tackle in the future risk being caught flat-footed when biometric spoofing becomes a dominant channel for fraud. Preparing for biometric threats now rather than later — by vetting vendors and understanding liability — should be a top priority for online sellers and retailers alike.
