iProov, a global leader in biometric identity verification, has identified a newly active cybercriminal group codenamed “Grey Nickel” targeting the financial sector through sophisticated, AI-powered attacks designed to bypass digital identity verification systems.
Disclosed by iProov’s Security Operations Center (iSOC), Grey Nickel has been conducting coordinated operations since mid-2023, focusing on banks, cryptocurrency exchanges, e-wallets, and digital payment platforms across Asia-Pacific, North America, and EMEA. The attacks exploit weaknesses in liveness detection technology, particularly systems relying on single-frame verification, to defeat Know Your Customer (KYC) protocols.
iProov reported that Grey Nickel employs advanced techniques such as face-swapping, metadata manipulation, and video injection attacks, often using virtual camera networks and deepfake capabilities. Supporting this ecosystem are “Deepfake-as-a-Service” providers offering KYC bypass kits and AI-generated synthetic identities—an increasingly commercialized approach to digital fraud.
“These are not opportunistic scams but highly organized operations that threaten the foundation of digital finance,” said Dr. Andrew Newell, iProov’s chief scientific officer.
Commercial and Regulatory Implications:
- A surge in corporate losses: Companies globally report losses ranging from USD5 million to over USD25 million per incident, with one notable case involving a deep fake scam that defrauded a multinational firm of USD25.6 million in 2024.
- Escalating risk to financial transformation: The attacks expose systemic gaps in existing verification methods, particularly those unprepared for AI-based injection and spoofing techniques.
- Regulatory lag: Many jurisdictions lack mandatory reporting frameworks, hindering threat visibility and coordinated response. In contrast, the European Union is moving ahead with stronger ID assurance measures through tools like the EU Digital Identity Wallet.
iProov urges financial institutions to reassess their identity assurance frameworks and move beyond conventional liveness detection. A context-aware, risk-based approach tailored to threat sophistication and user interaction is now essential to maintaining trust and compliance in the digital financial landscape.
