The Moon Landing Was Probably Fine. Your KYC Controls Are Not.

Sometime around the turn of the millennium, during freshers week, with alcohol definitely involved and possibly other substances that I won't be cataloguing here, I got into a spectacularly spirited argument about the moon landing. My position, and I want to be clear that I did not believe a word of it, was that the whole thing was suspiciously convenient. America and the Soviet Union locked in the geopolitical equivalent of a locker room stare-down, and the US manages to pull out the Dirk Diggler of space achievements on July 20th, 1969. My actual argument involved overhead projectors, which in retrospect was not my strongest work. I was winding people up. It worked. Reaction duly received.

Deepfake Fraud in Banking and Financial Services: Detection, Compliance and the Race to Keep Up

Deepfakes have moved beyond social media curiosities into a direct threat to the financial services sector. Synthetic identities are bypassing KYC controls, cloned voices are targeting call centres, and automated fraud pipelines are scaling faster than most security roadmaps can respond. In this panel discussion, three practitioners examine the deepfake threat from genuinely different vantage points — compliance and audit, detection technology, and enterprise fraud systems — to assess where the industry stands and what needs to change. Panellists: Nikita Kuzmin, Product Manager, Western Union Vunavia McDuffey, Compliance Consultant, RBC Bank Parya Lotfi, Co-Founder, DuckDuckGoose AI The panel covers: Why deepfakes are shifting from social engineering tricks to full identity replication capable of passing standard verification controls Whether organisations should treat deepfake fraud as a distinct threat category rather than absorbing it into existing AML and fraud programmes Why 60–70% detection accuracy is not an acceptable benchmark for financial services — and what happens when 40% of deepfakes pass through undetected The build-versus-buy decision for detection capability, including where vendor solutions repeatedly break down during integration A real-world case study of a fraudster who opened 46 bank accounts at a major Dutch bank using face-swapped identity documents — caught only because of a gender mismatch on the 47th attempt Why static detection models can degrade within days, and what continuous retraining and production feedback loops look like in practice Concrete 90-day actions for CISOs, CIOs, and compliance leaders, starting with controlled deepfake attack simulations against their own systems This session is essential viewing for senior leaders in banking, financial services, and insurance who need to understand the gap between current defences and the industrialisation of deepfake-driven fraud.

BrightTALK

I was nineteen, it was freshers week, and the moon landing was very much real. I knew that then and I know it now.

What I didn't know then, and what nobody really knew then (no smartphones remember, this was a world where you still had to be somewhere to know something) was that we were about twenty years from living in a world where that argument stops being obviously stupid. Where the question "but is the footage real?" stops being a pub wind-up and becomes a legitimate, operationally relevant question that compliance teams at major financial institutions have to answer every single day.

Enter Bryson DeChambeau. Two-time major champion, physics graduate, devoted man of science, and someone who recently told a podcast that while he thinks America did go to the moon, he's not entirely sure about the footage. His source of reassurance was, and I quote, "Elon says we've definitely gone there." So that's settled then.

Bryson is entertaining, he's done more for golf's demographics than a decade of rule changes. But his moon-footage uncertainty landed the same week I was reviewing material from our panel on deepfake fraud in banking and financial services Deepfake Fraud in Banking and Financial Services , during which a practitioner described how a fraudster opened 46 consecutive bank accounts at a major Dutch bank using face-swapped identity documents. Caught only because of a gender mismatch on the 47th attempt.

Deepfake Fraud in Banking and Financial Services: Detection, Compliance and the Race to Keep Up

Deepfakes have moved beyond social media curiosities into a direct threat to the financial services sector. Synthetic identities are bypassing KYC controls, cloned voices are targeting call centres, and automated fraud pipelines are scaling faster than most security roadmaps can respond. In this panel discussion, three practitioners examine the deepfake threat from genuinely different vantage points — compliance and audit, detection technology, and enterprise fraud systems — to assess where the industry stands and what needs to change. Panellists: Nikita Kuzmin, Product Manager, Western Union Vunavia McDuffey, Compliance Consultant, RBC Bank Parya Lotfi, Co-Founder, DuckDuckGoose AI The panel covers: Why deepfakes are shifting from social engineering tricks to full identity replication capable of passing standard verification controls Whether organisations should treat deepfake fraud as a distinct threat category rather than absorbing it into existing AML and fraud programmes Why 60–70% detection accuracy is not an acceptable benchmark for financial services — and what happens when 40% of deepfakes pass through undetected The build-versus-buy decision for detection capability, including where vendor solutions repeatedly break down during integration A real-world case study of a fraudster who opened 46 bank accounts at a major Dutch bank using face-swapped identity documents — caught only because of a gender mismatch on the 47th attempt Why static detection models can degrade within days, and what continuous retraining and production feedback loops look like in practice Concrete 90-day actions for CISOs, CIOs, and compliance leaders, starting with controlled deepfake attack simulations against their own systems This session is essential viewing for senior leaders in banking, financial services, and insurance who need to understand the gap between current defences and the industrialisation of deepfake-driven fraud.

BrightTALK

Forty-six accounts. Through KYC. In a row.

When I was arguing about overhead projectors in a student bar, faking footage required Stanley Kubrick, a soundstage, and the cooperation of thousands of people across a government agency. Today, as Danielle Hopkins explained in her interview with us Ten Minutes to Deepfake , it takes approximately ten minutes to build a convincing deepfake of your CEO. Not ten days. Not a Hollywood budget. Ten minutes. And most organizations are still responding to that reality with cybersecurity frameworks that predate the problem by a decade.

The scale of what's already built and deployed is the part that tends to silence rooms. Ofer Friedman of AU10TIX joined us for a conversation aimed squarely at making the business case to skeptical CFOs The 10 Billion Synthetic ID Crisis , and the number he opened with was 10 billion synthetic identity sets, available for purchase right now. More than the entire population of Earth. Paired with one-click fraud-as-a-service tooling, the artisanal, one-at-a-time identity fraud that most detection systems were originally built to catch is essentially a heritage problem.

The authentication infrastructure underneath all of this is also failing quietly. Bob Yavuz made the case to us Mobile Identity vs SMS OTP that 15-20% of SMS one-time passwords don't deliver at all, before a threat actor has done anything. SIM swap attacks are up 1,000% in some markets. The legacy plumbing isn't just a security liability, it's losing organizations customers every day.

Deepfake Fraud in Banking and Financial Services: Detection, Compliance and the Race to Keep Up

Deepfakes have moved beyond social media curiosities into a direct threat to the financial services sector. Synthetic identities are bypassing KYC controls, cloned voices are targeting call centres, and automated fraud pipelines are scaling faster than most security roadmaps can respond. In this panel discussion, three practitioners examine the deepfake threat from genuinely different vantage points — compliance and audit, detection technology, and enterprise fraud systems — to assess where the industry stands and what needs to change. Panellists: Nikita Kuzmin, Product Manager, Western Union Vunavia McDuffey, Compliance Consultant, RBC Bank Parya Lotfi, Co-Founder, DuckDuckGoose AI The panel covers: Why deepfakes are shifting from social engineering tricks to full identity replication capable of passing standard verification controls Whether organisations should treat deepfake fraud as a distinct threat category rather than absorbing it into existing AML and fraud programmes Why 60–70% detection accuracy is not an acceptable benchmark for financial services — and what happens when 40% of deepfakes pass through undetected The build-versus-buy decision for detection capability, including where vendor solutions repeatedly break down during integration A real-world case study of a fraudster who opened 46 bank accounts at a major Dutch bank using face-swapped identity documents — caught only because of a gender mismatch on the 47th attempt Why static detection models can degrade within days, and what continuous retraining and production feedback loops look like in practice Concrete 90-day actions for CISOs, CIOs, and compliance leaders, starting with controlled deepfake attack simulations against their own systems This session is essential viewing for senior leaders in banking, financial services, and insurance who need to understand the gap between current defences and the industrialisation of deepfake-driven fraud.

BrightTALK

And if you want the full unfiltered state of play from people who are actually building detection systems, governing deployments, and handling the aftermath of attacks, our December panel is where to go. Seven practitioners, no PR filter, 95 minutes. The figure that stays with me: 40% of security professionals fail deepfake detection tests under controlled conditions. If your employees are the last line of defence, and for many organizations in practice they still are, that number needs to sit with you.

My overhead projector argument was nonsense, and everyone in that student bar knew it, including me. The moon landing happened. The footage was real. The timing was geopolitically convenient, yes, but Buzz Aldrin has punched people for less than what I was suggesting, and frankly fair enough.

We now live, however, in the world that argument was pretending to describe. One where footage proves nothing, voices prove nothing, and faces prove nothing. Where the question isn't whether something could be faked, but whether your controls are good enough to catch it when it is.

They probably aren't. But there's no excuse for not knowing what good looks like.