.jpg)
Introduction & The Background
A digital non-bank lender (personal loans, credit cards, online onboarding, sub-60-minute funding SLA, approximately 10,000 identity checks per month) sent us five recent applications their fraud team suspected were synthetic. Their incumbent IDV provider, delivered through a credit bureau partnership, had cleared all five. We flagged the four deepfakes and confirmed the genuine one.
That result was the start of a different conversation. Not about a new threat, but about losses already on the lender's book that had been miscategorised as bad credit decisions rather than what they actually were.
Three checks. Different questions. Different answers.
Three checks happen in every onboarding video that look similar but answer different questions. Conflating them is the most common reason deepfakes pass production identity verification today.
Layer 1: Liveness / PAD
Is there a real human in front of the camera, or a printed photo, screen replay, or 3D mask? This is what IDV platforms are built for and do well.
Layer 2: Injection detection
Is the video stream being fed into the camera API by software, bypassing the physical camera? Some liveness vendors have added this. Some claim it.
Layer 3: Deepfake content detection
Even with a real human and a genuine camera, is the face being shown real or synthetic? This is the specialist layer. This is what DuckDuckGoose AI does.
A deepfake can pass liveness and pass injection detection at the same time. The person is real. The camera is genuine. The stream is not injected. But the face being captured is synthetic. PAD and injection detection look at the delivery mechanism. Specialist deepfake detection looks at the content itself. The two systems do not duplicate one another. They cover different attack surfaces, which is why they sit beside one another, not against one another.
A deepfake can pass liveness and pass injection detection at the same time. The face being shown is synthetic even though the person is real and the camera is genuine. This is the gap that specialist deepfake detection is built to close.
The output from the deepfake detection layer feeds directly into the lender's existing decisioning flow:
Liveness passes and deepfake score is below threshold: the application proceeds to credit decisioning automatically.
Liveness passes and deepfake score is above threshold: the application routes to manual review with explainable output attached.
Liveness fails: handled by your existing liveness-fail policy, unchanged.
"Our incumbent says they cover this. They are updating their tool."
The lender's first instinct was that their incumbent would close the gap in the next release. Two things changed that calculation.
Cadence, not capability: Generative models evolve faster than enterprise vendor release cycles. By the time the incumbent's synthetic identity module ships, the attack vectors it was designed against will have moved on. This is not a vulnerability that gets patched once. It is a moving target that requires continuous retraining against attacks that did not exist three months ago. A specialist with a dedicated R&D pipeline can operate at that cadence. A platform with seven product lines and a quarterly release schedule cannot.
Specialisation, not headcount: A large IDV platform has more engineers than DuckDuckGoose does. It also has six or seven product lines, each with its own roadmap and resourcing. The number of engineers whose full-time work is keeping pace with the latest generative models is a small team within the platform. DuckDuckGoose AI's entire R&D function does that and only that. The relevant comparison is not total headcount. It is focused R&D capacity against a moving threat.
What this adds to your stack
Your concern is whether a new fraud layer costs you approval rate or time-to-funding. The answer is specific.
What was actually in the queue
After the initial five-sample test, the lender shared a wider blind sample drawn from recent approved applications, with a focus on early-payment delinquency and thin-file customers who funded and went quiet. Two patterns emerged in the flagged set.
Fully synthetic identities. Faces, documents and personas generated end-to-end by AI. No real person involved at any stage. No device anomaly: the application is being submitted by a real device operated by a real attacker. No behavioural flag: behaviour is consistent with a first-time applicant. The only signal that distinguishes these submissions is the synthetic content of the face itself.
Face-augmented fraud. A real individual's appearance modified by AI to pass as a different identity. The person in front of the camera is real. The document is real or convincingly forged. Liveness, PAD and injection all pass. What changes is the visual content rendered onto the captured face during the liveness check. This category is increasing fastest because the tooling is now commoditised.
How this proceeds
A specialist control of this kind is not signed off in a single decision. What an executive sponsor authorises today is the first stage only, and every subsequent decision has its own gate.
