Key Insights from The WEF’s Latest Deepfake Report

In January 2026, the World Economic Forum released its Unmasking Cybercrime: Strengthening Digital IDV Against Deepfakes Report,  a detailed document on the effectiveness of deepfake tools against digital KYC systems. The report analyses real-world attack techniques, evaluates deepfake tooling, and forecasts issues for the next one to three years. 

This blog distils the most important findings from the Report.

Key Insights from the WEF Study on Deepfakes

The Report concludes that Identity manipulation by modern deepfakes in KYC processes has created an operational, financial, and systemic risk for FIs. Advances in Gen-AI have made it possible for attackers to industrialise identity fraud, bypassing the need for isolated attempts.

Through an analysis of 17 face-swapping and camera injection tools, the Report discusses how deepfakes created by stolen or AI-generated documents enable repeatable fraud techniques that target digital KYC workflows. This evolution has turned deepfakes theft into an organised cybercrime capability.

What are Face-Swapping Deepfakes?

Face-swapping is a technique that swaps an individual’s facial identity with another person’s while retaining their expressions. To bypass Know Your Customer systems, face-swaps in the form of selfies or videos bind a fraudulent identity to a real account. 

A fraudster may face-swap another individual’s face to gain access to their bank account. They may also impersonate employees to gain access to sensitive company data.

Evaluating Deepfake Tools Targeting IDV:

To assess claims about face-swapping methods and camera injection tools that bypass KYC systems, the Report collected data from darknet forums and other social media sources between 1st July, 2024 and 30th April, 2025. Based on the evaluation criteria, the Report identified and evaluated 17 face-swapping software and 08 camera injection tools.

Face-Swapping Tools and Their KYC Risk:

The face-swapping tools were analyzed to see if they could bypass modern digital KYC systems in three different environments:

1. Real-time webcam swappers.
2. Offline desktop frameworks.
3. Hosted web services.

Most tools were built for entertainment use. However, a small subset demonstrated real-time face-swapping capabilities.

Many tools struggled with lighting changes and natural expressions.  As a result, not every face-swapping attack succeeded against modern verification systems. 

However, low-latency, high-fidelity, real-time swaps applied directly in a verification process posed the greatest risk to KYC systems. 

Camera Injection Tool:

The World Economic Forum’s study evaluated eight camera injection tools to understand their potential to bypass digital KYC systems. This assessment revealed:

• Multiple Use-Cases: The tools reviewed demonstrated a range of features, with some supporting both pre-recorded and live streaming media, while others were limited to using pre-prepared content.
• Platform Coverage: These tools were observed on multiple platforms (Android and iOS) and on desktop (Windows). This suggests that camera injection can be applied across a range of devices used for digital IDV.
• Technical Limitations: Issues such as delays, content format restrictions, and detectable artefacts reduce the effectiveness of such tools.  Thus, for KYC systems that have dynamic prompts and SDK integration level integrity checks in place, these tools cannot reliably bypass the system. 

It is important to note that this result is based on a small sample of deepfake tools available on the internet during the study period. 

Threat Forecasting: How Deepfake Attacks Will Evolve?

Threat forecasting is the most critical section of the Report. While the selected tools demonstrated limited success against modern KYC systems, the rapid scale at which deepfakes are developing indicates that this outcome may change soon. The Report forecasted 5 threats to digital KYC systems in the next 12-15 months:

1. Democratization of Technology:

The Report forecasts that access to technology will accelerate deepfake attacks. Open-source models, shared datasets, and cloud-based computing reduce the technical barriers to entry. As a result, deepfake fraud will become faster to execute and harder to attribute.

2. Financial Services and Cryptocurrency Platforms as the Primary Targets:

Financial institutions and cryptocurrency platforms are targeted due to their reliance on remote onboarding, high monetary activity, and uneven regulatory standards. The Report notes that deepfake fraud in identity verification directly enables money laundering, loan fraud, and account abuse. Other regulated industries are expected to follow as KYC adoption expands.

3. Rising Realism in Facial Identity Manipulation:

Improvements in face-swap realism threaten traditional biometric defences. Enhanced expression modelling and micro-movement simulation reduce the effectiveness of static checks, placing pressure on organisations that have not upgraded anti-spoofing capabilities.

4. From Presentation Attacks to Injection-Led Fraud

While presentation attacks will persist in the near term, injection-led attacks are expected to grow as organisations deploy stronger liveness, especially in mobile web applications. 

5. Future Scenarios:

Fragmented global regulation limits coordinated defence. The Report suggests that while regulatory convergence will improve resilience in the medium term, deepfakes threaten online identity verification most acutely during this transition period.

Recommendations/Countermeasures Against Deepfake Fraud

The advanced nature of modern deepfakes mandates equally advanced countermeasures that can identify synthetic identities and fraud attempts. Addressing three different groups within the digital KYC realm, the Report advocates for adaptive, multi-layered, and continuously upgraded. 

6. KYC Solution Providers:

KYC vendors are positioned perfectly to detect synthetic identities in the identity verification process. As such, the Report recommends:

• Camera Path Verification: This detects virtual camera, mid-session device swaps, and new driver installations.
• Dynamic Liveness Checks: Randomized prompts and variations in dynamic lighting to expose timing and synchronization errors often seen in real-time face swaps.
• Transport-Aware Stream Scoring: Score the stream quality for visual inconsistencies, such as flicker, lip sync drift, and texture abnormalities, to detect deepfake-based media. 
• Context Telemetry APIs: Provide detailed stream and device information through APIs to flag suspicious activity related to device types, OS/browser details, and mid-session changes. 
• Policy Integration Hooks: Offer flexible APIs that can vary verification steps based on deepfake suspicion.

7. Fraud Teams:

Fraud teams are tasked with monitoring activity to determine risk. For such teams, the Report recommends:

• Trusted Camera Source Control: Allow native device cameras and block sessions from virtual or swapped sources to prevent camera injection attacks.
• Timing Correlation and Latency Analysis: Monitor user response latency and timestamped prompts to flag any suspicious patterns.
• Contextual Signal Correlation: Analyze device, browser, and encoder data to flag deepfake media being used to bypass verification.
• Step-Up Verification: Trigger additional checks (e.g., document verification or human reviews) when suspicious activity or inconsistencies are detected.
• Post-Compression Artefact Analysis: Examine video streams for compression artefacts that may indicate manipulation or deepfake-based media.
• Threat Chain Correlation: Combine camera anomalies, timing data, and transaction risks to uncover multi-stage attacks.
• Closed-Loop Feedback to Vendors: Provide fraud detection outcomes to KYC solution providers to help improve detection algorithms and reduce false positives.

Addressing the Reality of Deepfake-Driven Identity Fraud

Remote onboarding controls today are in an arms race against the deepfake-driven identity fraud. Financial institutions need an IDV that can spot spoofing patterns earlier, reduce false approvals, and support stronger fraud decisioning at scale.

Shufti supports these outcomes with identity verification capabilities that include liveness detection and deepfake detection built for real-world onboarding workflows.

Discover Shufti’s Deepfake detection solutions that are designed to protect digital identity verification, now deployed on the AWS Marketplace.