BID® Daily Newsletter
May 12, 2025

BID® Daily Newsletter

May 12, 2025

Facial Recognition Technology — A Mixed Bag

Summary: Facial recognition has been embraced for convenience and security, but it may not be as secure as previously believed. As cybercriminals step up their efforts, CFIs need to be aware of the risks the technology introduces.
In 1877, Thomas Edison invented the phonograph, the first device able to record and play back sound. The device worked by engraving grooves onto the surface of wax cylinders. Following several years of refining, the Edison Standard Phonograph became available for purchase by the general public in 1888, a cutting-edge technology at the time. But while Edison’s phonograph was a marvel, multiple scientists were quick to build upon and advance his creation. By the early 1890s Emile Berliner’s gramophone, which played sound engraved onto disc records, was already on the scene — a precursor to the record player.
Even in the 1800s, “state of the art” was a short-lived classification, as technology is ever evolving. Though it has been less than a decade since the banking industry embraced facial recognition on a widespread basis, cracks have already begun to show in the technology’s status as a top-notch security measure.
Though facial recognition software traces its roots to research conducted in the mid-1960s, it was Apple’s introduction of its Face ID software in 2017 that spurred widespread adoption of the technology as a security measure. Today, at least 32% of financial institutions rely on facial recognition as a security measure and a means of electronically confirming people’s identity. From mobile app authentication to real-time facial recognition alerts to banking staff about customers as they enter a branch, financial institutions have embraced facial recognition in multiple ways. In fact, its usage continues to rise and advance.
Japan’s Seven Bank recently added Face Cash, a service that gives its customers the ability to make deposits and withdrawals at the bank’s 26K ATMs without the need for a debit card or smartphone. Once they have registered their facial information with the bank, Seven Bank’s customers interested in using the service can access their accounts and initiate transactions using nothing but facial recognition, a password, and a passcode.
How Cybercriminals Take Advantage of Facial Recognition
Despite its growing popularity within the banking industry, facial recognition technology is not without its risks and drawbacks. Just as financial institutions are stepping up the ways they use facial recognition technologies, so, too, are cybercriminals. Scammers routinely purchase people’s identifiable information on the dark web and copy social media profile pictures, using the data they glean from these sources to create deepfakes able to circumvent the security measures put in place by financial institutions, including liveness detection.
With assistance from technologies such as artificial intelligence (AI) and generative AI, scammers are now able to do things such as altering the background of a stagnant headshot, turning a headshot into a full body image and even aging old photos of people to match their current appearance. “Leveraging advanced AI models, face-swapping technologies enable attackers to replace one person’s face with another’s in real time using just a single photo… these technologies can effectively deceive facial recognition systems due to their seamless, natural-looking swaps and the ability to convincingly mimic real-time expressions and movements,” Yuan Huang, a cyber fraud analyst with Group-IB, recently told Forbes.
Beyond successfully impersonating individuals, cybercriminals also use hacking methods and app cloning to manipulate biometric data and simulate certain security devices and measures.
Financial institutions also need to be concerned with the risks of storing large quantities of people’s personally identifiable data, as cybercriminals actively seek to hack such information and have already succeeded in multiple instances.
What Financial Institutions Can Do
As the use of facial recognition technology becomes more embedded in banking, so do the risks of increasingly sophisticated attacks — including AI-powered deepfakes and face spoofing. To stay ahead, banks must adopt a layered, adaptive approach to authentication and fraud prevention.
  1. Strengthen liveness detection systems. Liveness detection is a critical line of defense against deepfake and spoofing attempts. Financial institutions should prioritize biometric systems that combine passive and active liveness checks. Passive systems analyze natural movements and textures, while active methods may prompt users to perform specific actions like blinking or turning their heads. These measures help identify fraudulent inputs generated by deepfake tools or replayed videos.
  2. Leverage multimodal biometrics. Relying solely on facial recognition can leave systems vulnerable. By integrating additional biometric markers such as voice recognition, fingerprint scans, or behavioral biometrics (like typing rhythm or mobile motion data), banks create a more resilient authentication process. These layered methods make it significantly harder for fraudsters to impersonate users convincingly.
  3. Deploy AI for pattern recognition and anomaly detection. According to Federal Reserve Vice Chair Michael Barr, banks “must evolve their use of AI to catch fraud enabled by deepfakes” and invest in systems capable of detecting subtle anomalies that human reviewers might miss (Banking Dive). Modern fraud detection platforms use machine learning to flag unusual patterns — like mismatched image artifacts, synthetic identity markers, or login behavior inconsistent with known customer profiles.
  4. Escalate high-risk cases for human review. Even with AI in place, manual oversight remains essential. Banks should have protocols in place to escalate biometric or identity verification cases that display inconsistencies or fall outside typical risk thresholds. Human reviewers trained in spotting synthetic identities or deepfakes can catch what machines might overlook.
  5. Educate customers and staff. Awareness is another line of defense. Educating customers on what legitimate verification looks like — and warning them about impersonation attempts — helps reduce risk. Internally, fraud teams should stay informed about evolving spoofing tactics and regularly review system performance.
  6. Invest in standards-based technology and industry collaboration. As the Risk Management Association (RMA) notes, some banks are starting to embed fraud detection earlier in the customer lifecycle, especially during digital onboarding. Collaborating with vendors that comply with international standards and sharing threat intelligence within the financial sector can boost collective resilience.
Let’s “face” it, facial recognition within the banking industry is here to stay. Financial institutions need to be extremely vigilant — from how they use the technology to the types of backup security measures that are employed. Keeping customers and employees updated about cybercriminals’ ever-changing tactics is critical.
Subscribe to the BID Daily Newsletter to have it delivered by email daily.

Related Articles:

Core Providers Beefed Up Tech, But Satisfaction Can Improve
Many CFIs are unsatisfied with their core providers, but few will actually switch, according to a new ABA survey. We delve into why CFIs convert cores and critical considerations before making the jump.
Is Behavioral Biometrics the Future of Fraud Protection?
Behavioral biometrics, which tracks how users interact with their devices, could help CFIs seamlessly enhance their cybersecurity. We explore how it works, how it can help CFIs, and implementation challenges.