Deepfakes and AI-generated identities have shifted from viral curiosities to an operational fraud tool. Hyper-realistic face swaps, voice clones, and even fake “camera feeds” can now be used to impersonate people in ways that look and sound convincing - fast enough to pressure someone into acting before they stop to question what they’re seeing.

In early 2024, an employee at UK engineering firm Arup transferred $25 million after a video call with what appeared to be senior management. The call was a deepfake. The lesson is not that this was inevitable - it is that a convincing face and voice can be enough to trigger a high-stakes decision when workflows assume audio and video are trustworthy.

If one well-executed deepfake can do that, the next question is straightforward: what happens as these attacks become easier to repeat and easier to scale?

For financial services, the answer matters immediately. Banks and fintechs spent the last decade pushing more customer journeys into digital channels on the assumption that identity could be verified at key moments and then trusted thereafter. Deepfakes undermine that premise.

They turn routine checkpoints into targets - onboarding and account opening, call centre authentication, account recovery, high-risk approvals, and any flow where a face, a voice, or a video call is treated as proof.

But the exposure is not limited to banks.

Any organisation that relies on remote interactions now faces the same class of risk: vendor payment requests, changes to payroll details, executive approvals, customer support resets, and remote hiring. A video interview can be faked. A voice note can be cloned. A “quick call” to confirm a change can be manufactured.

Not every incident is driven by time pressure, but many high-impact ones are. The most damaging deepfake attacks tend to show up in moments where teams are moving fast, trust is assumed, and verification is treated as a formality. That is why deepfake impersonation is evolving from a niche cybersecurity concern into a broad operational risk.

Why multi-layer protection is now a requirement

The risk with deepfakes is not only that the media can look real. It is that the scam can be delivered at speed, and repeated.

When creating a convincing voice or face becomes cheap and scalable, attackers don’t have to bet everything on one attempt. They can try more often, learn what works, and refine the approach. And as deepfakes improve, the old telltale signs become less reliable - the clip looks cleaner, the lighting is better, the voice sounds natural, and the moment still feels urgent.

That combination - better quality and easier repetition - is why today’s defences are no longer enough. Defences need multiple independent signals that line up, so just looking at the face can’t carry the whole decision.

This is also where the logic of “multi-layer protection” connects directly to how modern systems like Deepsight are built. Each layer answers a different question:

Behavioural signals - does the interaction look like a real human in a real moment, or does it resemble scripted, tool-assisted, or farm-like behaviour?

Device and camera authenticity - is the session coming from a trustworthy device and a real camera feed, or from a setup that can inject, replay, or virtualise video?

Media consistency - across frames and time, do the visuals, motion, and depth behave like a genuine capture, or do they show patterns that synthetic media struggles to reproduce?

Put simply, it’s no longer enough to ask, “Does this look real?” The harder question is, “Can we trust the session end-to-end?”

Deepsight: three layers of defence, designed to secure the full path from device to decision

Incode’s Deepsight is built specifically for deepfake-era fraud - where attackers mix synthetic media with workflow manipulation and, increasingly, virtual-camera injection.

Deepsight detects and blocks deepfakes, injected virtual cameras, and synthetic identity attacks with multi-modal AI that analyzes video, motion, depth signals, and much more. It is designed to run in under 100 milliseconds and without adding friction.

Ricardo Amper, Founder and CEO of Incode, has described the shift bluntly: “Deepfakes have evolved beyond novelty. They are now a major fraud weapon.” In that context, the goal is not just to spot artefacts, but to restore trust in what the camera is seeing.

Deepsight assesses identity across three primary layers:

Behavioural layer

Designed to spot subtle interaction anomalies commonly associated with AI bots and fraud farms.

Integrity layer

Built to verify camera and device authenticity and help block virtual media, including injected or replayed streams.

Perception layer

Uses multi-modal analysis across video, motion, and depth to separate deepfakes from genuine human users by identifying inconsistencies synthetic media cannot reliably reproduce.

Roman Karachinsky, Chief Product Officer at Incode, frames the challenge in practical terms: “Being able to tell if someone is real or not is becoming one of the defining challenges of our time.”

Deepsight also anchors Incode’s broader investment in frontier AI research for identity and trust, including Agentic Identity - an approach intended to connect verified humans to AI agents acting on their behalf.

Independent validation: what Purdue University tested, and what it found

A persistent issue in deepfake defence is the gap between lab performance and real-world performance.

Purdue University’s study, “Fit for Purpose? Deepfake Detection in the Real World” (October 2025), evaluated 24 detection systems across commercial, government, and academic providers.

In that head-to-head, Deepsight achieved best-in-class results among commercial tools on a real-world social-media dataset: lowest false-acceptance rate (FAR) on images (2.56%) and the best video accuracy among commercial tools (77.27%), with video FAR at 10.53%, a rare balance of catch rate and precision that minimizes false positives and operational friction.

Shu Hu, assistant professor and Director of the Purdue Machine Learning and Media Forensics (M2) Lab, summarised the outcome: Incode’s detector achieved the highest accuracy in identifying fake samples, suggesting “stronger robustness and reliability” in challenging real-world scenarios.

These kinds of precision metrics matter operationally. Lower false acceptance reduces the chance a deepfake slips through. Lower false alarms reduce friction, abandonment, and unnecessary escalations.

Proven beyond the benchmark: performance in live identity verification

Independent studies provide useful context, but operators ultimately care about performance in production.

In internal testing, Deepsight was 10 times more accurate than trained human reviewers. In identity verification-focused real-world sessions, Deepsight has demonstrated a 68x lower false-acceptable rate than the next-best commercial solution.

Measured across 1.4M real-world sessions in H2 2025, Deepsight caught 24,360 additional fraudulent sessions - a meaningful reduction in fraud that other systems or manual review would not have identified.

Why enterprises are treating deepfakes as a near-term operational risk

Deepfake fraud is no longer a distant scenario. It is becoming a planning and resourcing problem.

Experian, one of the world’s leading data and technology companies, partners with Incode to bring Deepsight into its identity and fraud solutions. As highlighted in Experian’s 2025 Identity and Fraud report, 72% of business leaders expect AI-generated fraud, including deepfakes, to be a top operational challenge by 2026.

The Arup incident showed what one well-executed deepfake can do inside a normal workflow. The next phase is about repeatability - deepfakes as a standard layer in social engineering, accelerated by cheaper tools and easier delivery.

That reality changes what “good” defence looks like. It is no longer enough to rely on a single liveness check or to assume human judgment will catch what machines can generate.

Multi-layer protection is becoming a requirement. Systems need to validate session integrity, not just media quality - and they need to do it quickly, with calibrated precision, so genuine users keep moving.

As Amper put it: “When identity can be faked, everything breaks.” The organisations that respond effectively will be the ones that treat audio, video, and verification sessions as potentially adversarial inputs, and deploy layered controls built to keep pace with evolving synthetic media.

Brought to you by: