As per a Deloitte poll, during the next 12 months, over half of C-suite and other executives (51.6%) expect an increase in the number and size of deepfake attacks targeting their organisations’ financial and accounting data, otherwise known as deepfake financial fraud.
This increase in attacks may impact more than one-quarter of executives in the year ahead, as those polled report that their organisations experienced at least one (15.1%) or multiple (10.8%) deepfake financial fraud incidents during 2023.
Deepfake financial frauds have become a new threat now, as the pattern in these incidents are leveraging deepfake technology (images, videos, or audio which are edited or generated using AI tools, and may depict real or non-existent people) with the intent of defrauding organisations/individuals of cash assets or otherwise causing financial losses.
As per the United States-based business advisory firm HUB International, in one instance, fraudsters used AI to create fake virtual images of finance leaders during a video conference call, leading an employee to transfer USD 25 million to the scammers.
In 2023, funds transfer fraud (FTF) and business email compromise (BEC) accounted for 56% of all cyber claims, with FTF increasing by 15% and claim severity rising by 24% from 2022. The average loss per claim was USD 275,000, with total reported losses reaching USD 2.9 billion.
Deepfake scams are quickly leaving devastating impacts on individuals, as most of the surveys indicate that the victims are not able to distinguish a real person from a deepfake one. Scams are causing significant financial losses, fines for releasing sensitive information, and potential damage to a company’s brand and reputation.
In response to the growing threat, organisations are being urged to evaluate their exposures and develop risk management plans. However, there is some good news, as a new start-up has emerged to combat the scourge of deepfakes and spoofed evidence. ForceField is building a set of “patent-pending” APIs dubbed MARQ, the first of which is designed to authenticate content.
In this episode of the “Start-up of the Week,” International Finance will talk in detail about the venture.
A Timely Emergence
A 2022 report from Europol predicted that 90% of all online content will be AI-generated by 2026. The internet is getting flooded with manipulated content (either machine-generated or made with the help of AI), forcing big tech companies to develop new tools to address the problem. Google in September 2024 announced flagging AI-generated images in its search engine, following in the footsteps of Meta, which was already doing so on Facebook and Instagram. YouTube, on the other hand, now enables people to request the removal of content that simulates their face/voice.
Along with the big tech, start-ups like Clarity, Reality Defender, and Truepic have entered the battlefield, and have raised sizeable sums from big-name backers in recent years.
“ForceField, for its part, is focusing on the device level rather than the content-this means any data stream, on any device, where the start-up’s technology is present. This could be a mobile app with ForceField’s API integrated, or a surveillance camera’s video-management system or drone’s hardware-it can sign and hash for verification in real-time,” TechCrunch reported recently.
Since data and reporting are the key elements in regulated industries, ForceField sees its applications helping businesses to remain compliant (with data security norms), apart from defending against online deception and fraud.
“That’s not the only place our technology is needed, as demonstrated in our founding story; digital evidence can easily be manipulated and accused of forgery, even when it didn’t happen if there are no guardrails in place. Our courts are not yet prepared for the influx of deepfaked evidence and people have even started using the deepfake defense,” the start-up stated.
ForceField sees threats of fraud, data breaches, and deepfakes increasing tenfold in arenas like insurance, infrastructure, mission-critical areas, and defense/Homeland security. To answer this, the start-up has developed its MARQ Technology, a well-researched set of solutions in today’s digital landscape, that takes the human out of the loop to protect chain-of-custody.
The start-up is creating solutions to enhance online security by “solving first-mile problems, notoriously hard and complex, in nascent solution categories.”
“In cyber, we are a proactive technology that protects your data and ensures submissions or content has traceable provenance, and avoids fraud, loss, data breaches, deepfake scams, and insider threats,” ForceField commented.
Meet The Technology
ForceField’s flagship product, called HashMarq (also awaiting its patent), verifies content submissions and labels it as authentic. Instead of using methods of adversarial AI (fighting AI with AI) or watermarking, Forcefield’s technology establishes a “chain of custody” to establish provenance by identifying whether a specific piece of content has been altered. HashMarq generally looks at metadata from data streams and connected devices.
Explaining this further, ForceField founder and CEO MC Spano told TechCrunch, “We’re leveraging blockchain, we’re not using coins or crypto — we’re not a web3 company. We’re using blockchain most innately and purposefully, which is smart contracting. We authenticate anything collected, like a video, photo, an audio file, a screenshot on a mobile device — but we also secure and authenticate any multimedia collected on any IoT, which means anything from a BlackBerry to a robot. But any streaming data as it’s collected, we’re signing it, we’re hashing it, and then we’re using ledger technology.”
The “smart contracts,” as mentioned by Spano, live on the blockchain to ensure their security, transparency, and immutability. Enterprise customers, including anyone from chief information officers to trust and safety teams, can access the technology through an API or SDK which they integrate into their own applications. In simple terms, HashMarq serves as a digital certificate for content that has passed its proof checks.
MARQ is a patent-pending set of APIs that accomplish two important tasks in the cyber trust and safety space: Authenticating content based on the start-up’s proprietary algorithm and protecting content in real-time against breaches or succumbing to cyber vulnerabilities.
MARQ has established its chain of custody and protecting provenance. Its blackbox is a protected space where metadata from IoT (Internet of Things) and data streams are protected and stored in real-time, off cloud and inexpensively. Depending on which IoT MARQ’s APIs are plugged into, ForceField’s tech can help accelerate investigations. While cloud and related platforms are not immune from cyber vulnerabilities, MARQ has been specially built to protect these data streams in real-time.
So how does ForceField’s technology assess the veracity of a given asset?
“We’re looking at about 90 proof points, but I can’t share all of them. The notion is that we’re looking at the geospatial intelligence around that device, what was around at the time, what signals, what other devices, and the time. What time was this device, specifically, collecting this video? And how long was it from the collection to the submission? Those points alone can tell journalists or news organisations or law enforcement so much more than what they would originally have, and it also can pinpoint a geographic location,” Spano said.
Though ForceField was established in 2021, Spano got her innovation idea in 2018 when she was reportedly assaulted in New York City, and subsequently faced major obstacles both in gathering and submitting the evidence required by law enforcement.
“I knew that there were cameras, I knew that the evidence was able to be gathered. But when I dealt with the NYPD to get the evidence, they wouldn’t get a subpoena — so I had to go to the owner of the camera myself to request the footage. I recorded it with my phone, and when I turned that recording into the NYPD, they said it wasn’t admissible. And that’s when I realised the justice system starts way earlier than in the courts,” she remarked.
Spano and ForceField have now put up a battle against the dark side of generative AI, where anyone with a laptop can create “plausible, but entirely fake, evidence.”
The “Erie” Experiment
As of October 2024, ForceField is developing a proof-of-concept (PoC) with insurance giant Erie. The start-up has also signed letters of intent with three additional customers, with plans to finalise the PoC and launch it commercially in the first half of 2025.
ForceField, as of now, is eyeing to protect the insurance market from the bad side of AI, Spano believes that with the advent of AI and the ability for even a layperson to create authentic-looking assets, no industry is immune from the phenomenon.
“A citizen journalist, for example, who has captured a video on their mobile device, could submit it to a news station, which would integrate with ForceField’s API to determine the authenticity of the source data. Law enforcement, too, could use the technology to verify witness or victim submissions,” she commented.
The start-up has so far been funded via a mixture of bootstrapping (with Spano selling her previous company) and capital provided by angels, including actor Debra Messing, Wilfredo Fernandez, X’s head of government affairs and a scout at VC firm Lightspeed. In 2023, ForceField received money through its participation in “Techstars Global Start-up Network.” The venture has recently taken its first institutional funding via a strategic investment from its customer, Erie Insurance.