Back in the 1970’s there was a commercial that said, “Is it Live, or Memorex.” Fast forward 50 years and AI. Artificial intelligence has made fake IDs nearly undetectable, pushing dealers toward biometric verification for security. Credible identity documents, printed or electronic, are now so easy to forge that printed documents are on their way out and biometrics, identifying someone by their face and other characteristics that are harder to imitate, are on their way in, experts say. Artificial intelligence is what’s changed in the “Spy vs. Spy” competition between fraudsters and cybersecurity.
Both sides are now armed with AI, and that has greatly enhanced their capabilities, says Blair Cohen, founder and president of AuthenticID, Kirkland, WA. AuthenticID is a vendor that specializes in identity verification and fraud detection for telecom companies, auto lenders, dealership IT providers and, through them, auto dealers. “Everybody is going to biometrics” as a more reliable way to establish someone is who they say they are,” Cohen tells WardsAuto. For example, it may become a requirement in the near future for a credit applicant to provide a live image of their face, or even a video, to establish their identity, he says.[1]
Anyone Can Do It - Today’s fake IDs are so realistic it’s unlikely that any amateur, any trained F&I manager or basically any human being could spot state-of-the-art forgeries with the naked eye, even with close scrutiny for details like 3-D holographic stamps, he says. “The ease with which an untrained 12-year-old can now create a sophisticated, official-looking, to a human being, identity document is now absolutely incredible,” he says. Cohen means a 12-year-old can go online and buy phony documents from someone equipped with AI, not that the average 12-year-old could invent their own AI.
At the same time, cybersecurity companies have also become more sophisticated. Around 2010, Cohen says, a dealership equipped with scanners for driver’s licenses could subject an ID to up to 24 different tests using visible, ultraviolet and infrared light. Currently, it’s up to 535 different tests. “It’s gotten very sophisticated,” he says.
Is It Live, Or Is It Memorex? With the advent of biometrics, scammers are devising ways around that, too, such as 3-D-printed masks or images of a computer-generated face that looks real but doesn’t belong to any real person, Cohen says. Accordingly, cybersecurity companies are developing ways to distinguish the visible difference in texture between a mask and an actual face or to verify whether what’s supposed to be a live video image of someone is a recording, that’s called “liveness detection,” he says. The advent of purchasing a car entirely online creates additional vulnerability for dealerships, Cohen says.
A Growing Threat - In their annual reports filed with the SEC, the publicly traded new-car dealership chains acknowledge the cybersecurity threat facing them, listing threats to their businesses in standard language. “Our internal and third-party systems have been and may in the future be subject to cyber-attacks, viruses, malicious software, ransomware, break-ins, theft, computer hacking, phishing, exploitation of system vulnerabilities or misconfigurations, team member error or malfeasance or other security breaches or loss of service,” reports Lithia Motors. In its annual filing for 2024, Lithia specifically cites last June’s service interruption at Global CDK, the dealer management system provider, as an example of what can happen.
Gone Phishing - Cohen says it remains true that among all the high-tech gadgets, many damaging cyberattacks still begin as a “phishing” email a legitimate employee clicks on. However, he says it’s becoming impossible for an ordinary person to see through AI-enabled “deepfakes” of documents, voice or video. “You can’t train human beings to do this. The dealer needs to deploy technology,” especially for any remote purchases, Cohen says. “You can’t train the frontline troops enough.”
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.wardsauto.com/finance-insurance/deepfake-danger-why-dealers-should-ditch-manual-id-checks-for-high-tech-solutions
Comments