Fighting AI Document Fraud: Tools and Tactics for CFIs

Large language models like ChatGPT, Gemini, and Meta AI, as well as diffusion models and other AI-powered image generation systems, are making it easier than ever to fabricate realistic-looking bank statements, identification papers, and other sensitive documents. The tools are either free or cost very little, making the technology very accessible.

According to a ThreatGPT webinar poll of fraud specialists across industries, 40% had encountered AI-generated fake documents, 21% said they had not, and 39% were unsure.

For financial institutions, more are experiencing first-party fraud by individuals who use AI-generated documents to secure loans, as well as third-party fraud by fraud rings that use fake documents to open accounts for synthetic businesses, which then either secure business loans or launder money.

Tips for Detecting AI-Generated Documents

Today, it is still possible to manually spot when a bank statement has been fabricated by an AI tool — though both the sophistication and volume are growing quickly. Utility bills and pay stubs are the most frequently faked documents.

Here are some things you might look for to determine manually if a document provided by a customer or potential customer has been generated with AI: 

• Formatting anomalies. This could appear as mismatched fonts, misaligned columns, and blurry or pixelated logos. It could also be in an improper file format or exist within a fake web portal design.
• Inconsistent account details. You might see different account numbers on different pages of the same statement, a name that doesn’t match the name used on the application or identifying documents, or incorrect bank branch or contact information.
• Transaction irregularities. Some peculiar transaction details that point to AI are perfectly rounded or repeated deposits, no expenditures for standard monthly expenses, backdated transactions that were processed on days when financial institutions are closed, inconsistent running balances, and deposit descriptions that don’t match the account holder’s stated employer.
• Suspicious file data and missing features. There can be metadata and file origin discrepancies, including documents created in Word or Photoshop, a recent creation date for old statements, or no encryption or digital watermark.

Read entire article.