A video call with the face and voice of a company’s own CEO authorizing a multi-million-dollar wire transfer. A phone call that sounds exactly like a relative in distress, using their real voice. These aren’t hypothetical scenarios anymore: in 2026 they’ve become real cases, and the volume of deepfake-based fraud attempts has grown enough to push banks, companies, and platforms to rethink their identity verification systems from the ground up.
Why deepfakes became a real problem
The same advances that make it possible to generate realistic video and voice for creative purposes (see generative AI video) also lower the barrier for malicious use. Cloning a voice now takes just seconds of reference audio, often publicly available from interviews or social content. The result is a leap in the quality of social-engineering scams: no longer just suspicious emails, but calls and video calls that look and sound authentic down to the last detail.
How companies and institutions are responding
- Stronger multi-factor verification. Beyond passwords and codes, more and more systems now require a combination of biometrics, registered devices, and behavioral checks.
- Personal passphrases. Banks and companies are bringing back, in a modern form, the idea of a “secret word” to verify before authorizing sensitive operations over phone or video.
- Deepfake detection tools. Specialized software analyzes micro-artifacts in video and audio recordings to flag likely generated content, though the race against generative models remains tight.
- Staff training. Companies are investing in specific training for employees who handle financial operations, teaching them to recognize the warning signs of a possible deepfake-based scam.
The limits of current solutions
- Detection isn’t foolproof. Systems that identify generated content still have non-trivial error rates and are constantly outpaced by newer generations of models.
- Biometric verification has its own vulnerabilities. Even voiceprints and facial recognition can be targeted by increasingly sophisticated attacks.
- A gap between large companies and small ones. Smaller organizations often lack the resources to implement advanced verification systems, leaving them more exposed.
- User fatigue. Adding too many verification steps risks pushing people toward shortcuts, partly undermining the goal of stronger security.
Tip: for sensitive operations (wire transfers, credential changes, urgent money requests), always verify through a channel different from the one the request came on — a call to an already-known number is worth more than any video call, no matter how convincing.
A landscape set to keep evolving fast
Digital security has entered a phase where the question is no longer “does this content look real?” but “can I verify where it came from?” Companies that manage identity and payments are shifting their focus from a content’s perceived quality to its verifiable provenance — a shift in approach that will likely define security standards for years to come.