The central government has cautioned banks, fintech companies and consumers about the growing use of artificial intelligence in identity-related , warning that cybercriminals are deploying deepfakes and synthetic identities to target digital verification systems.
In an advisory issued by the Indian Cyber Crime Coordination Centre (I4C) under the Ministry of Home Affairs, authorities said advances in AI are enabling fraudsters to create realistic digital replicas that could potentially be used to bypass facial authentication, liveness verification, video-KYC processes and account recovery mechanisms used by financial institutions.
The warning comes as banks and fintech firms increasingly rely on digital onboarding and remote verification tools to onboard customers and provide financial services.
Deepfakes target digital onboarding
According to the advisory, fraudsters typically establish contact through social media platforms, messaging applications, online job portals, dating platforms or phone calls. During such interactions, victims may unknowingly share facial data that can later be used to create AI-generated replicas.
The advisory said cybercriminals may use recordings of facial movements, expressions and speech to generate synthetic media capable of imitating an individual’s appearance and voice. Such content can then be deployed to attempt to defeat identity verification systems where adequate safeguards are not in place.
According to I4C, successful circumvention of authentication controls could enable fraudsters to complete formalities, activate digital wallets, open financial accounts or gain unauthorised access to existing accounts and services.
The development highlights a growing challenge for financial institutions as the increasing sophistication of generative AI creates new risks around digital identity verification and customer authentication.
Financial institutions asked to strengthen safeguards
To counter the threat, I4C has advised banks, non-banking financial companies and fintech firms to incorporate deepfake detection and synthetic-content identification mechanisms into their customer onboarding and verification systems.
The advisory also outlined a series of precautions for consumers. These include securing biometric credentials, keeping a close watch on login and authentication alerts, and reporting suspicious financial activity immediately through official channels.
Users have additionally been advised to contact their telecom service providers if they experience an unexpected disruption in mobile connectivity, which could indicate a fraudulent SIM-swap attempt linked to financial crime.
The advisory said the guidance is intended to raise awareness about emerging AI-enabled identity fraud techniques and should not be interpreted as indicating vulnerabilities in any specific organisation, platform or service.