How AI Deepfakes Are Forcing a Rethink of Identity Verification Standards
The rapid rise of AI-powered synthetic identity fraud is making a hard job that much harder. Anti-fraud teams already have to deal with detecting and stopping near-constant attacks, all while making sure detection systems aren’t tuned so tightly that they reject good customers.
Now with the rise of generative AI, fraudsters can now create near-perfect replications of identity documents, causing even more difficulties for businesses and their fraud and customer experience teams. That’s why it was exciting when late last year, a group of researchers supported by the US Department of Homeland Security published a dataset called IDNet, which represents the first large scale dataset (consisting of more than 800,000 images) of AI-generated synthetic documents. This meant anyone could now test their document verification solutions by seeing how well they can detect these AI-generated deepfakes.
At Microblink, we did just that. We shared the results in a webinar which you can access here and below are the top 5 takeaways from that discussion.
The Power of Layered Defenses
In an ideal world, every fake ID gets blocked and every legitimate customer glides through. But in the real world, perfect fraud detection simply doesn’t exist. Why? Because fraudsters constantly evolve, and legitimate users often don’t behave in perfectly predictable ways. That’s why it’s important to focus on layered defense. If a fake ID slips through the document verification stage, it might still get flagged later; perhaps during face match, liveness detection, or address validation.
What matters isn’t whether a fake ID is caught at step one, it’s that your system is smart and resilient enough to catch fraud somewhere in the process without stopping good users from getting through. Businesses that embrace this kind of holistic, risk-based approach avoid the trap of “overfitting” their defenses and losing real customers.
FRR and FAR: Achieving the Right Balance
Microblink’s document fraud model detected 100% of synthetic fake IDs from the IDNet dataset. However, it should be noted that anyone can achieve this if they set their risk setting to the strictest level. Then you’d stop all fraud, but stop all good customers too! That’s why Microblink used our default setting when testing against the IDNet dataset.
FAR (false acceptance rate) measures how often a system incorrectly accepts a fraudulent document as legitimate. During our test against the IDNET dataset, not a single image was marked as “Accept”, meaning our False Acceptance Rate (FAR) was 0% across the tested dataset. On the opposite end is FRR (False Rejection Rate). Because there are no true “real” documents in the dataset, calculating an actual FRR from the IDNet data isn’t feasible. However, in our evaluation we included the expected FRR for our system at the default sensitivity settings used – and we saw an average FRR of 2.33%. It should also be noted that Microblink did not use the raw IDNet data for model training, meaning the exercise was 100% unbiased and purely performance-based.
The Importance of Fine-Tuning Risk Levels
Many organizations enter the identity verification space with lofty expectations: zero fraud, zero false rejections, and a flawless experience for every user. But real-world implementation quickly reveals the complexity of that balancing act. Fraud typically accounts for only a small fraction of overall transactions — often in the single digits — and the acceptable level of risk can vary dramatically depending on the industry or specific use case.
That’s why fine-tuning verification systems is crucial. Companies must calibrate their fraud detection thresholds to match their own risk tolerance and operational goals. Often, a lower false rejection rate (FRR) takes priority over catching every edge-case fraud, especially when other layers in the onboarding or transaction flow provide additional protection. A/B testing, pilot runs, and ongoing monitoring help teams strike the right balance between security and user experience, reinforcing that identity verification isn’t static. It’s a process of continuous optimization.
The Fraud Landscape is Moving Fast
The fraud landscape is moving at breakneck speed and it can be hard for businesses to catch up. With the rise of generative AI tools, it’s now easier than ever for bad actors to generate fake IDs, documents, and faces that look disturbingly real. We’re not just talking about isolated cases anymore — it’s automated, industrial-scale identity fraud.
To keep pace, Microblink is constantly evolving. That means training our models on fresh, diverse data. It means expanding our ability to detect new types of fraud — like GAN-generated faces, identity morphing, and ultra-high-resolution fakes. And it means building a feedback loop between our customers, our in-house Fraud Lab, and our engineering teams so we can respond to emerging threats in real time. Fraud isn’t static, and neither are we. The goal is to stay one step ahead.
Deepfake Detection is in Our DNA
Speaking of our Fraud Lab, we’ve been generating synthetic training data for years to simulate the exact types of deepfake attacks fraudsters are now deploying in the wild. That internal investment has paid off and the results can be seen in the testing we did against the IDNet data.
Despite not being trained on that specific data, as noted our system caught 100% of fake IDs in the test. That’s a testament to the 5 years of effort Microblink has been doing in generating synthetic data in our model training and evaluation in the Fraud Lab.
These are just broad takeaways from Microblink’s testing with IDNet. For a full, in-depth analysis, please download our report on the IDNet dataset now.
