On November 13, 2024, FinCEN issued FIN-2024-Alert004, a warning about a surge in fraud schemes using deepfake media and generative AI to exploit identity verification systems. While the alert focused on fraud targeting individuals, its implications extended to the verification of businesses as well.
FinCEN highlights fraudsters leveraging generative AI tools to create falsified documents and media that evade conventional identity and due diligence controls. They note:
“Fraudsters are using GenAI as a low-cost tool to exploit financial institutions’ identity verification processes, including by creating falsified documents… to circumvent customer identification and due diligence controls.”
The alert underscores that many fraud schemes combine these synthetic elements with hacked or leaked personal data to increase credibility, making detection more difficult.
Although the FinCEN alert focuses on individuals, the tactics described can be applied to business identities with alarming effectiveness. Synthetic businesses may incorporate:
Each of these elements can be assembled quickly, cheaply, and convincingly — allowing synthetic businesses to slip through simple KYB screenings that rely on a limited set of data points.
Defending against synthetic business fraud requires moving beyond single-source checks toward a multi-source, multi-factor verification strategy, combining:
Cross-Registry Validation: Confirm business registration, ownership, and EIN across federal, state, and trusted third-party databases
Digital Presence Analysis: Evaluate website authenticity (domain age, hosting details, web traffic patterns), social media presence, news mentions and adverse media, and archived digital footprints
Operational Evidence: Verify real-world business activities such as brick and mortar locations, headcount growth, financial transaction activity, revenue patterns, and key personnel identification.
Ownership and Beneficial Owner Verification: Independently verify UBO identities through government records or third-party data sources
Behavioral and Transactional Monitoring: Monitor early transactional behavior for anomalies or patterns indicative of synthetic entities
Deepfake and Document Forensics: Use AI and forensic tools to detect document manipulation, inconsistencies, or fabrication
Successful KYB programs prove business existence across multiple trusted data sources, reflecting actual operations in the real and digital world, not just a few documents or disclosures which are easily falsifiable by LLMs.
FinCEN’s November 2024 alert underscores a clear reality seen across industries: fraud powered by generative AI and synthetic media is not just a threat to individuals — it’s rapidly evolving in the business domain.
If your KYB process still relies mainly on superficial validation of publicly accessible information or easily faked documents, fraudsters can and will bypass your defenses at an increasing rate. If your KYB process lags behind your other anti-fraud and security measures, then bad actors may see it as a vulnerability to exploit, especially in a world where establishing convincing fake companies and exploiting compromised business profiles is increasingly trivial.
Because the tools are available for virtually no cost, the question is no longer if but when. Proactive, multi-source KYB verification is the frontline defense fintechs and financial institutions must adopt to stay ahead of increasingly sophisticated synthetic business fraud.