How Deepfake Passport Fraud Actually Works

When most people picture deepfake identity fraud, they imagine someone generating a fake face on a live video call. The attacker morphs their appearance in real time, tricks the system into thinking they’re someone else, and walks away with access to an account.

That happens. But it’s not the most common attack. The version that’s actually scaling is simpler, cheaper, and harder to catch.

Zach Meltzer, CEO of VeryAI — a company building palm biometric verification from any smartphone camera — breaks down the technique that’s currently driving the 58% year-over-year surge in deepfake biometric attacks. It starts with a passport photo.

The Document-First Attack

The attack doesn’t target the biometric scan itself. It targets the document.

“A lot of people assume that when you do a deepfake, that has to be of your actual face when you’re doing an authentication method,” Meltzer explains. “But sometimes it can be as simple as deep faking the picture on your passport and then lining that up to your face as you go through a verification process.”

Here’s the sequence: an attacker takes a legitimate passport document and swaps the photo using AI tools. The generated face matches the attacker’s actual appearance closely enough to pass the comparison. When the verification system asks them to hold up their document and then show their face, both sides match — because the document was forged to match the real person holding it.

This sidesteps the hardest part of deepfake fraud (generating a convincing real-time face) by attacking the easier target (a static document photo). The attacker doesn’t need to fool a live face scan. They just need to fool the document check.

Why It Scales

A Dutch bank, ABN AMRO, recently discovered 46 fake customer accounts created by a single individual using this approach. One person, 46 accounts, all passing KYC. The technique works because most identity verification flows treat documents as ground truth. If the passport looks real and the face matches the photo, the system assumes it’s legitimate.

The tools to generate convincing document photos are getting cheaper and more accessible. You don’t need a state-level adversary for this attack. The FBI has created an entirely new category for AI fraud to track this volume.

The asymmetry is stark. Meltzer frames the broader landscape this way: “There are quite literally trillions of dollars being poured into AI generation and hardly even billions being poured into AI detection.” The tools that generate fake passport photos are improving faster than the systems designed to catch them.

The Biometric Modality Problem

This type of fraud works specifically because the face is the most exposed biometric in existence. Your face is in government databases, social media platforms, airport systems, and security cameras. Facebook alone holds one of the largest facial databases in the world.

“For your entire life, you’ve probably been forced to at some level share your face, your fingerprint, and even your iris,” Meltzer says. That exposure creates the training data that makes facial deepfakes possible. The more images of a biometric that exist in the wild, the easier it is to synthesize a convincing fake.

VeryAI’s bet is that palm biometrics avoid this vulnerability through data asymmetry. Most people have never shared their palm data online. There are no large public datasets of palm prints comparable to what exists for faces. The attack surface for deepfaking a palm is orders of magnitude smaller than for a face — because the training data doesn’t exist.

What This Means for Identity Systems

The passport fraud pattern exposes a design flaw in document-based verification: the system trusts the document more than the person. Swapping the document photo is easier than fooling a live biometric scan, so attackers go for the weaker link.

For companies building verification flows, the implication is that document checks alone are no longer sufficient as a primary identity signal. They might still be legally required — and they serve a purpose for collecting identifying information — but they shouldn’t be the sole gate between a fraudster and a financial account.

Meltzer is careful about what VeryAI can and can’t replace. “We can’t replace those traditional scenarios” where document verification is legally mandated, he says. “But anytime there’s a requirement of a human being in front of an interaction, our goal is to not only improve, but replace the existing solutions that are in place today.”

The 46 accounts at ABN AMRO were all created by one person. The system checked documents 46 times and was fooled 46 times. The question for platform builders isn’t whether this attack will scale — it already has.

FAQ

How do deepfake attacks on identity verification actually work?

The most common technique doesn’t target the live face scan — it targets the document. Attackers deepfake the photo on a passport or ID, then match that forged document to their real face during verification. The system sees a matching face and document and assumes legitimacy.

How many fake accounts can one person create using deepfake identity fraud?

A single individual created 46 fake customer accounts at ABN AMRO, a Dutch bank, all using deepfake documents that passed KYC verification. The technique is scalable because it exploits document-based checks rather than attempting to fool live biometric scans.

Why are deepfake biometric attacks increasing so fast?

Deepfake biometric attacks are up 58% year-over-year. The tools to generate convincing fake document photos are cheaper and more accessible, while detection investment lags — trillions flow into AI generation versus barely billions into detection. The FBI created a new fraud category to track the volume.

Why is facial recognition more vulnerable to deepfakes than other biometrics?

Faces are the most exposed biometric. They appear in government databases, social media, airport systems, and security cameras. Facebook holds one of the largest facial databases in the world. This exposure provides the training data needed to generate convincing facial deepfakes. Less-exposed biometrics like palms lack that attack surface.

Can document-based KYC still be trusted for identity verification?

Document checks alone are increasingly unreliable as a primary identity gate. Deepfaking a passport photo is now simpler than fooling a live biometric scan. Documents may still be legally required for collecting identifying information, but platforms relying solely on document verification face growing fraud risk.

How does palm biometric data asymmetry protect against deepfake attacks?

Most people have never shared their palm data online. There are no large public palm datasets comparable to facial databases. Without training data, attackers can’t generate convincing palm deepfakes. VeryAI uses this data scarcity as a security advantage — the biometric is harder to fake because the raw material to fake it doesn’t exist.

What is the funding gap between AI generation and AI detection?

Trillions of dollars are flowing into AI generation capabilities — image, video, audio, and text synthesis. Detection and fraud prevention receives a fraction of that investment, barely reaching the billions. This gap means deepfake tools improve faster than the systems built to catch them.

Is deepfake identity fraud only a risk for celebrities and high-profile targets?

No. Anyone linked to a financial platform is at risk. While celebrities have more facial images available online, enough photos of any individual can be found to generate a convincing deepfake. The ABN AMRO case involved ordinary bank customers, not public figures.

What should financial platforms do to defend against deepfake document fraud?

Add biometric verification layers beyond document checks. Re-verification at the moment of transaction — not just at account creation — catches compromised accounts. Use biometric modalities with less public exposure than faces. VeryAI suggests palm biometrics because the training data for palm deepfakes doesn’t exist at scale.