Deepfake Fraud Lingers for Years in Corporate Systems
Deepfake-enabled fraud has shifted from a novel technical exploit to a persistent operational risk, with synthetic voices remaining in circulation for an average of three-and-a-half years, according to deepfake-detection provider Resemble.AI.
The 2025 Deepfake Threat Report documented 41 incidents last year with $74.9 million in verified losses. The median loss per incident was $243,000. However, 71% of victims did not report losses, suggesting the actual financial damage is substantially higher.
A voice clone of a German energy company CEO remained in circulation for nearly six years after the initial 2019 attack, which resulted in a €243,000 loss. The long shelf life of these attacks creates extended exposure for finance teams.
How Deepfakes Bypass Controls
Deepfakes work because they enable real-time impersonation and the creation of synthetic identities from mixed real and fake data, said Dominic Forrest, CTO of biometric security vendor Iproov. "These are extremely difficult to detect, and once trusted, they can be used to bypass controls and commit fraud."
The most common targets are account openings, payment authorization, credential resets, and high-value transactions. Researchers estimate deepfake-based fraud attacks on corporations reached 8.5 billion potential incidents, ranging from audio impersonations of executives to doctored images.
Detection Technology Lags Behind Creation
Detecting deepfakes has become an AI-versus-AI battle. Generative AI models that produce deepfakes improve continuously through scaling and additional training data, while deepfake detectors rely on identifying artifacts and inconsistencies that disappear as the models improve.
"In practice, detectors lag by about six to 18 months on specific modalities," said Siwei Lyu, professor of Computer Science and Engineering and director of the Institute for AI and Data Science at the State University of New York at Buffalo. "But more importantly, they are chasing a moving target whose failure modes are actively being optimized away."
Multi-Layered Verification Required
Forrest recommends moving identity verification away from single checks toward a multi-layered approach. "You need to confirm that a real person is physically present, not a deepfake, while also analyzing the digital environment for signs of compromise. No signal should be trusted in isolation."
Finance teams should treat AI for Finance security as an ongoing process rather than a one-time implementation. As Generative AI and LLM technology advances, the tools used to verify identities must evolve in parallel.
Your membership also unlocks:
