Summary

OnlyFake, an underground website, employs neural networks to swiftly produce convincing fake IDs for just $15, potentially facilitating bank fraud and money laundering. Verified by 404 Media, the service allows users to input desired information and a passport photo, generating realistic IDs, even mimicking signatures. With its purported use of neural networks and generators, OnlyFake claims to churn out up to 20,000 documents daily, mainly for US identities. The IDs, backed by real-looking backgrounds, can pass online verification, posing challenges to platforms like OKX cryptocurrency exchange. While some companies, such as Jumio and Coinbase, aim to counter such fraud, OnlyFake’s AI-powered IDs present a formidable challenge. Wick, the service’s owner, aims to expand its capabilities, potentially including face and selfie generation. Discussions within OnlyFake’s community suggest a pursuit of solutions for video verification challenges. Senator Ron Wyden warns of the growing threat posed by AI-based tools, urging the adoption of secure authentication methods. This revelation comes amidst a broader trend of AI-driven fraud, exemplified by AI-generated voices and images, highlighting the need for robust cybersecurity measures.

  • cadekat@pawb.social
    link
    fedilink
    English
    arrow-up
    1
    ·
    10 months ago

    You use cards for offline authentication (bars/festivals/etc.), and use a different process for online authentication.

    Proving someone has the physical card in their possession (which is what a reader does) isn’t really useful for proving identity when you can’t also check the picture.

    • shortwavesurfer
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 months ago

      Mmm. Good point. Otherwise, somebody could just steal the card from you and insert it into the reader and would therefore be you. My guess is something like that would at least require some sort of OTP 2 factor authentication. If you were going to do it that way, and it would have to be application based and definitely not text based.