Source: Technologyreview
The KYC facial scan—positioned as the security layer replacing human judgment—is now being systematically defeated by commodity tools available on Telegram, with attackers using stolen biometric datasets to impersonate legitimate customers during account opening. This exposes a hard architectural problem: biometric verification systems assume the baseline data (your face) is secret and singular, but mass breaches of government ID databases and corporate facial recognition collections have made that assumption obsolete. Banks' migration toward faster, cheaper automated identity verification has created a middle ground where security is worse than both traditional human review and genuine liveness detection, turning the speed advantage into pure liability.