Email or username:

Password:

Forgot your password?
nixCraft 🐧

This is crazy. Stable diffusion created a verification image of someone doing their KYC for a bank or similar. AI will impact Know-Your-Customer identity verification processes. As AI makes it easier & cheaper to impersonate someone’s likeness and identity markers (often found in a breach) it will become simpler for attackers to takeover accounts and steal money, data, impact brands, etc.

28 comments
MIfoodie

@nixCraft Sooo we just have people go inside the bank like it’s the 1800s.

Max Lee :pizzablobcat:

@MIfoodie @nixCraft
We have been doing that via post offices in Germany for decades now. Works quite well.

But our government (the whole EU really) is trying to move towards being able to proof you are you via a chip in your ID card. (Actually works quite well if you ignore some security and privacy concerns and that basically nothing supports it)

Paul Squires

@MIfoodie @nixCraft my first thought too. I’ve been wondering whether AI actually moves us back to traditional approaches in other ways.

publiclewdness
I'd be happy if this spelled the end of KYC but something tells me they'll just roll out something even worse.
José/Joana de Castro Arnaud

@nixCraft A workaround is to have the person take a selfie with their id document, both at creating the account and when doing something very risky (like taking a big loan).

Automated face recognition should be used by the bank to match both face *and* id document - image AIs are notoriously bad at creating small details, like filigree in the id document's surface.

AT-AT Assault :verifiedtrans:

@jcastroarnaud @nixCraft

Image AIs were notoriously bad at everything just 2 years ago. They becoming better at an exponentially shocking exponential rate.

Keith Böhler

@nixCraft It still looks a bit too nice for just a quick selfie, but still very close. Concerning as it will prompt for even more ID when it comes to some verification. Anonymity might really be gone in the new web.

gumnaam

@jonfr600 @nixCraft damn it. You can't even know now if someone on internet is real.

The Green Knight

@nixCraft enthusiastically yes!

This kind of tech will be used in nefarious ways but ultimately it protects our right to privacy.

If this tech is left unchecked visual evidence will no longer hold the "proof" it does currently and the justice system will be required to do its job again and provide definitive evidence from multiple sources.

Forbearance

@GreenKnight23 @nixcraft It could also just continue to fail spectacularly though.

zeruch

@GreenKnight23 @nixCraft and interesting (and idealized) take, but I have far less hope that humanity will take that lesson (particularly corporate boardrooms trying to find an angle).

I believe what we are in for, is -in common parlance- an epic cockup.

Linus

@nixCraft@mastodon.social as much as I hate KYC laws, this tech is just gonna force companies and the government to push further invasive forms of online verification. Hopefully in person registration for banks n such still remains an option for those who value their privacy ​:sob:​

Mamus

@nixCraft why can't I simply prove that it's me by a gov issued TOTP or other cryptographic key pair? #wishlist

Renan

@nixcraft if only this could stop the kyc madness and the invasion of #privacy it causes

Forbearance

@nixcraft

It was never secure to take presenting a webcam picture of an ID card and a person as some kind of evidence that you are who you say you are. Banks and other institutions need to stop deciding other people are you just because they can produce pictures of your stuff.

Lewis Cowles

@nixCraft post looks like it's since been deleted and I can't tell if it's a troll from the imgur they linked

imgur.com/a/BsIiWpi

others in the comments have this right, that KYC is often a load of crap anyway

How thinking people have let moron led processes become the arbiter of legitimacy and identity is beyond me.

As usual, any "improvements" to KYC processes, punish all users, to protect against the bad behaviour of startlingly few actual bad actors

Jimmy Hoke :tardis:

@nixCraft Well crap, there goes that authentication vector.

It’s crazy how well established human-tests that have exited forever can just suddenly cease to exist.

Michal Bryxí 🌱

@nixCraft This is IMO good. This verification method was bonkers from day one. Merely an inconvenience for someone who really wants to impersonate someone and not-so-great for many reasons for ordinary people.

Patrick

@nixCraft Next step: AI fakes a whole verification call with a Callcenter-Agent.

kurtseifried (he/him)

@nixCraft Doing security processes cheaply works until the attackers gain a capability that allows them to attack it cheaply.

For example, in Canada, I can log into the tax authority (CRA) using a trusted bank as an identity provider, most of which still do KYC the old-fashioned way, at the bank branch with Gov ID and so on (which is more expensive for an attacker, and harder to scale, not impossible though).

Cat and mouse, the game continues.

Óscar Morales Vivó

@nixCraft considering what the AIs are trained on I feel like ugly nonwhite people will be safer from this for a while longer.

Luca Broggi

@nixCraft Imagine when banks will introduce the "Verify your Bard" service.

metallcorn 🐧

@nixCraft ну все, прощайте удобные банки и удаленные сервисы. Добро пожаловать снова в пение прогулки в МФЦ, банки и прочие собесы

Iron Bug
@nixCraft only idiots use such "verification" like KYC or via phones SMS/push messages. really, all such things must be banned by normal banks and only phisical presence of a client or a predefined and verified RSA private key/bank card with similar key can identify a person.
Go Up