Deepfakes Are a Threat to Age Assurance, and Injection Attack Detection Is the Answer

Deepfake technology has moved from a novelty to a financial‑services nightmare, exemplified by the 2024 Hong Kong Zoom scam that cost a firm roughly $25 million. As generative AI models produce ever‑more convincing synthetic faces, regulators and businesses are scrambling to protect age‑assurance workflows that underpin compliance for alcohol, gambling, and other age‑restricted services. While liveness detection once served as the frontline defense, attackers now target the gap between authentication and transaction, inserting fabricated media after the user has been verified.

The emerging threat is an injection attack, where a malicious actor hijacks the video or image feed post‑authentication to present a deepfake that appears legitimate. Yoti’s research highlights that merely confirming a live face is insufficient; the provenance of the capture device and the integrity of the media stream must also be validated. By authenticating the source—whether a smartphone camera, webcam, or embedded sensor—organizations can detect anomalies that signal a compromised feed, adding a critical layer of security beyond traditional liveness checks.

Yoti’s “Tower of London” model builds on this insight, stacking source authentication, device attestation, and advanced deepfake detection into a cohesive framework. For providers of biometric age verification, adopting such a multi‑layered strategy is becoming a competitive necessity, not a differentiator. As AI‑generated content proliferates across all screen‑based transactions, firms that embed injection‑attack detection into their pipelines will better meet regulatory standards, reduce fraud exposure, and maintain consumer confidence in digital identity ecosystems.