Tag Archives: synthetic identity

The “Biometric Digital Identity Deepfake and Synthetic Identity Prism Report” is Coming

As you may have noticed, I have talked about both deepfakes and synthetic identity ad nauseum.

But perhaps you would prefer to hear from someone who knows what they’re talking about.

On a webcast this morning, C. Maxine Most of The Prism Project reminded us that the “Biometric Digital Identity Deepfake and Synthetic Identity Prism Report” is scheduled for publication in May 2025, just a little over a month from now.

As with all other Prism Project publications, I expect a report that details the identity industry’s solutions to battle deepfakes and synthetic identities, and the vendors who provide them.

And the report is coming from one of the few industry researchers who knows the industry. Max doesn’t write synthetic identity reports one week and refrigerator reports the next, if you know what I mean.

At this point The Prism Project is soliciting sponsorships. Quality work doesn’t come for free, you know. If your company is interested in sponsoring the report, visit this link.

While waiting for Max, here are the Five Tops

And while you’re waiting for Max’s authoritative report on deepfakes and synthetic identity, you may want to take a look at Min’s (my) views, such as they are. Here are my current “five tops” posts on deepfakes and synthetic identity.

How Much Does Synthetic Identity Fraud Cost?

Identity firms really hope that prospects understand the threat posed by synthetic identity fraud, or SIF.

I’m here to help.

(Synthetic identity AI image from Imagen 3.)

Estimated SIF costs in 2020

In an early synthetic identity fraud post in 2020, I referenced a Thomson Reuters (not Thomas Reuters) article from that year which quoted synthetic identity fraud figures all over the map.

  • My own post referenced the Auriemma Group estimate of a $6 billion cost to U.S. lenders.
  • McKinsey preferred to use a percentage estimate of “10–15% of charge offs in a typical unsecured lending portfolio.” However, this may not be restricted to synthetic identity fraud, but may include other types of fraud.
  • Thomson Reuters quoted Socure’s Johnny Ayers, who estimated that “20% of credit losses stem from synthetic identity fraud.”

Oh, and a later post that I wrote quoted a $20 billion figure for synthetic identity fraud losses in 2020. Plus this is where I learned the cool acronym “SIF” to refer to synthetic identity fraud. As far as I know, there is no government agency with the acronym SIF, which would of course cause confusion. (There was a Social Innovation Fund, but that may no longer exist in 2025.)

Never Search Alone, not National Security Agency. AI image from Imagen 3.

Back to synthetic identity fraud, which reportedly resulted in between $6 billion and $20 billion in losses in 2020.

Estimated SIF costs in 2025

But that was 2020.

What about now? Let’s visit Socure again:

The financial toll of AI-driven fraud is staggering, with projected global losses reaching $40 billion by 2027 up from US12.3 billion in 2023 (CAGR 32%)., driven by sophisticated fraud techniques and automation, such as synthetic identities created with AI tools​.

Again this includes non-synthetic fraud, but it’s a good number for the high end. While my FTC fraud post didn’t break out synthetic identity fraud figures, Plaid cited a 2023 $1.8 billion figure for the auto industry alone, and Mastercard cited a $5 billion figure.

But everyone agrees on a figure of billions and billions.

The real Carl Sagan.
The deepfake Carl Sagan.

(I had to stop writing this post for a minute because I received a phone call from “JP Morgan Chase,” but the person didn’t know who they were talking to, merely asking for the owner of the phone number. Back to fraud.)

Reducing SIF in 2025

In a 2023 post, I cataloged four ways to fight synthetic identity fraud:

  1. Private databases.
  2. Government documents.
  3. Government databases.
  4. A “who you are” test with facial recognition and liveness detection (presentation attack detection).

Ideally an identity verification solution should use multiple methods, and not just one. It doesn’t do you any good to forge a driver’s license if AAMVA doesn’t know about the license in any state or provincial database.

And if you need an identity content marketing expert to communicate how your firm fights synthetic identities, Bredemarket can help with its content-proposal-analysis services.

Find out more about Bredemarket’s “CPA” services.

Amazon One and Palm/Vein Identity Scanning in Healthcare: Does It Work?

If you create your own test data, you’re more likely to pass the test. So what data was used for Amazon One palm/vein identity scanning accuracy testing?

(Part of the biometric product marketing expert series)

(Image from Imagen 3)

I’ve previously discussed Amazon’s biometric palm/vein identity scanning efforts. But according to Dr. Sai Balasubramanian, M.D., J.D. in Forbes, Amazon is entering a new market, healthcare.

“Amazon announced that it is partnering with NYU Langone to launch Amazon One, a contactless palm screening technology, throughout the health system.”

Which makes sense, as long as the medical professional isn’t wearing gloves. I don’t know if Amazon One can read veins through medical gloves.

As I reflected upon this further, I realized something:

  • NIST has tested fingerprint verification and identification.
  • NIST has tested facial recognition. (Not that Amazon participated.)
  • NIST has tested iris recognition.

But NIST has never conducted regular testing of palm identification in general, or palm/vein identity scanning in particular. Not for Amazon. Not for Fujitsu. Not for Imprivata. Not for Ingenico. Not for Pearson. Not for anybody.

So how do we know that Amazon One works?

Because Amazon said so.

“Amazon One is 100 times more accurate than scanning two irises. It raises the bar for biometric identification by combining palm and vein imagery, and after millions of interactions among hundreds of thousands of enrolled identities, we have not had a single false positive.”

Claims may dazzle some people, but (as of 2023) Jim Nash was not among them:

“The company claims it is 99.999 percent accurate but does not offer information supporting that statistic.”

And so far I haven’t found any either.

Since the company trains its algorithm on synthetically generated palms, I would like to make sure the company performs its palm/vein identity scanning accuracy testing on REAL palms. If you actually CREATE the data for any test, including an accuracy test, there’s a higher likelihood that you will pass.

I think many people would like to see public substantiated Amazon One accuracy data. ZERO false positives is a…BOLD claim to make.

More on Injection Attack Detection

(Injection attack syringe image from Imagen 3)

Not too long after I shared my February 7 post on injection attack detection, Biometric Update shared a post of its own, “Veridas introduces new injection attack detection feature for fraud prevention.”

I haven’t mentioned VeriDas much in the Bredemarket blog, but it is one of the 40+ identity firms that are blogging. In Veridas’ case, in English and Spanish.

And of course I referenced VeriDas in my February 7 post when it defined the difference between presentation attack detection and injection attack detection.

Biometric Update played up this difference:

To stay ahead of the curve, Spanish biometrics company Veridas has introduced an advanced injection attack detection capability into its system, to combat the growing threat of synthetic identities and deepfakes…. 

Veridas says that standard fraud detection only focuses on what it sees or hears – for example, face or voice biometrics. So-called Presentation Attack Detection (PAD) looks for fake images, videos and voices. Deepfake detection searches for the telltale artifacts that give away the work of generative AI. 

Neither are monitoring where the feed comes from or whether the device is compromised. 

I can revisit the arguments about whether you should get PAD and…IAD?…from the same vendor, or whether you should get best in-class solutions to address each issue separately.

But they need to be addressed.

Defeating Synthetic Identity Fraud

I’ve talked about synthetic identity fraud a lot in the Bredemarket blog over the past several years. I’ll summarize a few examples in this post, talk about how to fight synthetic identity fraud, and wrap up by suggesting how to get the word out about your anti-synthetic identity solution.

But first let’s look at a few examples of synthetic identity.

Synthetic identities pop up everywhere

As far back as December 2020, I discussed Kris’ Rides’ encounter with a synthetic employee from a company with a number of synthetic employees (many of who were young females).

More recently, I discussed attempts to create synthetic identities using gummy fingers and fake/fraudulent voices. The topic of deepfakes continues to be hot across all biometric modalities.

From https://www.candynation.com/gummy-fingers

I shared a video I created about synthetic identities and their use to create fraudulent financial identities.

From https://www.youtube.com/watch?v=oDrSBlDJVCk.

I even discussed Kelly Shepherd, the fake vegan mom created by HBO executive Casey Bloys to respond to HBO critics.

From https://twitter.com/KellySh33889356.

And that’s just some of what Bredemarket has written about synthetic identity. You can find the complete list of my synthetic identity posts here.

So what? You must fight!

It isn’t enough to talk about the fact that synthetic identities exist: sometimes for innocent reasons, sometimes for outright fraudulent reasons.

You need to communicate how to fight synthetic identities, especially if your firm offers an anti-fraud solution.

Public Domain, https://commons.wikimedia.org/w/index.php?curid=607428.

Here are four ways to fight synthetic identities:

  1. Checking the purported identity against private databases, such as credit records.
  2. Checking the person’s driver’s license or other government document to ensure it’s real and not a fake.
  3. Checking the purported identity against government databases, such as driver’s license databases. (What if the person presents a real driver’s license, but that license was subsequently revoked?)
  4. Perform a “who you are” biometric test against the purported identity.

If you conduct all four tests, then you have used multiple factors of authentication to confirm that the person is who they say they are. If the identity is synthetic, chances are the purported person will fail at least one of these tests.

Do you fight synthetic identity fraud?

If you fight synthetic identity fraud, you should let people know about your solution.

Perhaps you can use Bredemarket, the identity content marketing expertI work with you (and I have worked with others) to ensure that your content meets your awareness, consideration, and/or conversion goals.

How can I work with you to communicate your firm’s anti-synthetic identity message? For example, I can apply my identity/biometric blog expert knowledge to create an identity blog post for your firm. Blog posts provide an immediate business impact to your firm, and are easy to reshare and repurpose. For B2B needs, LinkedIn articles provide similar benefits.

If Bredemarket can help your firm convey your message about synthetic identity, let’s talk.

Drive content results with Bredemarket Identity Firm Services.

Intelligently Writing About Biometrics

Let’s say that your identity/biometric firm has decided that silence ISN’T golden, and that perhaps your firm needs to talk about its products and services.

Silence is not an optimal communication strategy. By Lorelei7, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=3164780

For example, let’s say that your firm fights crooks who try to fraudulently use synthetic identities, and you want to talk about your solution.

So you turn to your favorite generative AI tool to write something that will represent your company in front of everyone. What could go wrong?

Battling synthetic identities requires a multi-pronged approach. Layering advanced technology is key: robust identity verification using government-issued IDs and biometrics to confirm a person’s existence, data enrichment and validation from diverse sources to check for inconsistencies, and machine learning algorithms to identify suspicious patterns and red flags. Collaboration is crucial too, from financial institutions sharing watchlists to governments strengthening regulations and consumers practicing good cyber hygiene. Ultimately, vigilance and a layered defense are the best weapons against these ever-evolving digital phantoms.

From Google Bard.

Great. You’re done, and you saved a lot of money by NOT hiring an identity blog writing expert. The text makes a lot of important points, so I’m sure that your prospects will be inspired by it.

Bot-speak is not an optimal communication strategy either. Generated at craiyon.com.

Well…

…until your prospects ask what YOU do and how you are better than every other identity firm out there. If you’re the same as all the other “me too” solutions, then your prospects will just go with the lowest price provider.

So how do you go about intelligently writing about biometrics?

No-siree.

Intelligently writing about biometrics requires that you put all of this information together AND effectively communicate your message…

…including why your identity/biometrics firm is great and why all the other identity/biometric firms are NOT great.

If you’re doing this on your own, be sure to ask yourself a lot of questions so that you get started on the right track.

If you’re asking Bredemarket to help you create your identity/biometric content by intelligently writing about biometrics, I’ll take care of the questions.

Drive content results with Bredemarket Identity Firm Services.

Oh, and one more thing: if you noted my use of the word “no siree” earlier in this post, it was taken from the Talking Heads song “The Big Country.” Here’s an independent video of that song, especially recommended for people outside of North America who may not realize that the United States and Canada are…well, big countries.

From https://www.youtube.com/watch?v=cvua6zPIi7c.

I’m tired of looking out the window of the airplane
I’m tired of traveling, I want to be somewhere

From https://genius.com/Talking-heads-the-big-country-lyrics.

Kelly Shepherd, #fakefakefake

My belief that everything on the Internet is true has been irrevocably shattered, all because of what an entertainment executive ordered in his spare time. But the Casey Bloys / “Kelly Shepherd” story is just a tiny bit of what is going on with synthetic identities. And X isn’t the only platform plagued by them, as my LinkedIn experience attests.

By the way, this blog post contains pictures of a lot of people. Casey Bloys is real. Some of the others, not so much.

Blame COVID

Casey Bloys. Fair use. From https://wbd.com/leadership/casey-bloys/

Casey Bloys is the Chairman and CEO of HBO and Max Content. Bloys had to start a recent 2024 schedule presentation with an apology, according to Variety. After explaining how passionate he is about his programming, he went back in time a couple of years to a period that we all remember.

So when you think of that mindset, and then think of 2020 and 2021, I’m home, working from home and spending an unhealthy amount of scrolling through Twitter. And I come up with a very, very dumb idea to vent my frustration.

From Variety.

Casey Bloys’ very, very dumb idea

So why did Bloys have to apologize on Thursday? Because of an article that Rolling Stone published on Wednesday. The article led off with this juicy showbiz tidbit about Bloys’ idea for responding to a critic.

“Maybe a Twitter user should tweet that that’s a pretty blithe response to what soldiers legitimately go through on [the] battlefield,” he texted. “Do you have a secret handle? Couldn’t we say especially given that it’s D-Day to dismiss a soldier’s experience like that seems pretty disrespectful … this must be answered!”

From Rolling Stone.

(A note to my younger readers: Twitter used to be a popular social media service that no longer exists. It was replaced by X.)

Eventually Bloys found someone to create the “secret handle.” Sully Temori is now alleging wrongful termination by HBO (which is why we’re learning about these juicy tidbits, via court filings). But in 2021 he was an executive assistant who wanted to get ahead by pleasing his bosses.

This is where Kelly Shepherd enters the story.

Kelly Shepherd, fake vegan mom

From https://twitter.com/KellySh33889356

Ms. Shepherd seems like a nice woman. A mom, a Texan, a herbalist and aromatherapist, and a vegan. (The cows love that last part.)

Most critically, Shepherd is a normal person, not one of those Hollywood showbiz folks. Although Shepherd, who never posted anything on her own, seems to have a distinct motivation to respond to critics of HBO shows. Take her first reply to a critic from (checks notes) Rolling Stone. (Two years later, Rolling Stone would gleefully report on this story. Watch out who you anger.)

From https://twitter.com/KellySh33889356/status/1379101699969720323

alan is always predictably safe and scared in his opinions

From https://twitter.com/KellySh33889356/status/1379101699969720323

Kelly’s other three replies were along the same lines.

  • All were short one-sentence blurbs.
  • Most were completely in lower case, because that’s how regular non-Hollywood folk tweet.
  • All were critical of those who were critical of HBO, accusing them of “shitting on a show about women,” getting their “panties in a bunch,” and being “busy virtue signaling.”

Hey, if I couldn’t eat hamburgers and my home was filled with weird herbs and aromas, I’d be a little mad too.

And then, a little over a week later, it was over, and Kelly Shepherd never tweeted again. Although Temori apparently performed other activities against HBO critics via other methods. Well, until he was terminated.

Did Kelly Shepherd open a LinkedIn account?

But as part of the plan to satisfy Casey Bloys’ angry whims, Kelly Shepherd acquired a social media account, which she could use as a possible proof of identity.

Even though we now know she doesn’t exist.

But X isn’t the only platform plagued with synthetic identities, and some synthetic identities can do much more than anger an entertainment reviewer.

Many of us on LinkedIn are regularly receiving InMails and connection requests (in my case, from profiles with pictures of beautiful women) who say that we are constantly recommended by LinkedIn, who tell us how impressive our profiles are, and who want to contact us outside of the LinkedIn platform via text message or WhatsApp.

Now perhaps some of these messages are from real people, but I seriously doubt that so many of the employees at John Q Wine & Liquor Winery in New York happen to have the last name “Walter.” And the exact same job title.

Partial results from a LinkedIn search.

Let’s take a close look at what Karina has been doing for the last 4+ years. Other than posing in front of her car, of course.

From https://www.linkedin.com/in/karina-walter-853923245/
From https://www.linkedin.com/in/karina-walter-853923245/

Ms. Walter is a pretty busy freelance general manager / director / content partnerships manager.

As for her colleague Ms. Alice Walter, she has more experience (having started in 2018) but also has an extensive biography that begins:

The United States is a country with innovative challenges, and there is more room for development in the wine industry at John Q Wine & Liquor Winery. I am motivated and love to learn, and like to be exposed to more different cultures, and hope to develop more careers in my future life.

From https://www.linkedin.com/in/alice-walter-b97bb2113/

Sound familiar?

And you can check out Maria Walter’s profile if you’re so inclined. Or at least check out “her” picture.

Now none of the Walters women tried to contact me, but another “employee” (or maybe it was a “freelancer,” I forget) of this company tried to do so, which led my curious nature to discover yet another hive of fake LinkedIn profiles.

Sadly, one person from this company is a second-degree connection, which means that one of my connections accepted “her” connection request.

Synthetic identities are harmless…right?

Who knows what Karina, Alice, and Maria will do with their LinkedIn profiles?

  • Will they connect with other professionals?
  • Will they ask said professionals to move the conversation to SMS or WhatsApp, for whatever reason?
  • Will they apply for new jobs, using their impressive work history? A 98.8% customer satisfaction rate while managing 1,800 sub-partnerships is remarkable.
  • Will they apply for bank accounts…or loans?

The fraud possibilities from fake LinkedIn accounts are endless, and could be very costly for any company who falls for a fake synthetic identity. In fact, FiVerity reports that “in 2020, an estimated $20 billion was lost to SIF” (synthetic identity fraud). Which means that LinkedIn account holders and Partnerships Managers Karina, Alice, and Maria Walter could make a LOT of money.

Now banks and other financial institutions have safeguards to verify financial identities of people who open accounts and apply for loans, because fraud reduction is critically important to financial institutions.

Social media companies? Identity is only “important” to them.

They don’t even care about uniqueness (as Worldcoin does), evidenced by the fact that I have more than two X accounts (but none in which I portray a female Texas mom and vegan).

So if someone comes up to you on X or LinkedIn, remember that all may not be as it seems.

ICYMI: Voice Spoofing

In case you missed it…

But are computerized systems any better, and can they detect spoofed voices?

Well, in the same way that fingerprint readers worked to overcome gummy bears, voice readers are working to overcome deepfake voices.

This is only the beginning of the war against voice spoofing. Other companies will pioneer new advances that will tell the real voices from the fake ones.

As for independent testing:

For the rest of the story, see “We Survived Gummy Fingers. We’re Surviving Facial Recognition Inaccuracy. We’ll Survive Voice Spoofing.”

(Bredemarket email, meeting, contact, subscribe)

Is Your Company Ignoring Your Prospects?

Are you locking your prospects out?

Designed by Freepik.

Ignoring your prospects is NOT a winning business strategy. But a lot of companies do it anyway by not communicating regularly with their prospects.

If you ignore your prospects, your prospects will ignore you.

Meetings and money, via a third party

Of my three Bredemarket meetings (so far) today, the second was the most promising.

A person at a large company needs consulting services from me. All we need to do is work out the mechanics. The large company relies on a third party to manage its indpendent contractor relationships, including onboarding, time cards, and payments for hourly work. I wanted to learn about the third party, but I ran into walls when seeking current information about the firm.

The third party’s website is static

The third party’s website talks about its services, some unique aspects about the business, the story of its founder (a fascinating story), its technology partners, and its call to action. It provides ALMOST everything…with the exception of CURRENT information.

Does your company website look like http://www.dolekemp96.org/main.htm?
  • No press releases from the third party.
  • No links to news articles that mention the third party.
  • Not even a blog.

Basically if you want CURRENT information about the company…

…you get crickets.

African field cricket, Gryllus bimaculatus. By Arpingstone – Own work, Public Domain, https://commons.wikimedia.org/w/index.php?curid=620363

Not literally, but you know what I mean.

Which makes me wonder—is the third party doing anything NOW? Or was all of the existing content set up when the company was founded a decade ago?

If text like this is on your home page, you have a problem. From https://serverfault.com/questions/65952/objective-speed-comparison-of-windows-7-vs-windows-xp, which acknowledges that this text is over 13 years old. Does your site have old text without such an acknowledgement?

Luckily for me, I knew where to find current information on the company. Since the company is a B2B provider, I assumed that the company has a LinkedIn page. And I was right. But…

The third party’s LinkedIn page is also static

As you probably know, company LinkedIn pages have several subpages. The “About” supage talks about the third party company’s services, and the “People” subpage links to the profiles of the company’s employees, including the founder. So I went to the “Posts” subpage for the third party…

…and found crickets.

From https://www.youtube.com/watch?v=oSW6IFt8OpQ

Not literally, but you know what I mean.

In nearly a decade of existence, the company has NEVER written a LinkedIn post to reach out to its prospects or customers.

Ignoring your prospects

As I’ve said before, companies that refuse to generate current content in the form of blog posts or social media posts make it appear that your company is no longer an ongoing, viable concern.

By Yintan at English Wikipedia, CC BY 4.0, https://commons.wikimedia.org/w/index.php?curid=63631702

And this is so easy to fix.

Pay attention to your prospects by providing current content.

If you ignore your prospects, your prospects will ignore you.

Are you ready to stop ignoring your prospects?

If you need help creating content for your blog, your social media platforms, or your website, Bredemarket can help you regain credibility with your prospects and customers.

Authorize Bredemarket, Ontario California’s content marketing expert, to help your firm produce words that return results.

Bredemarket logo