“In the case of ‘I want to transfer money to your card, you can help send it to my friend, and I restrict the transfer through wechat’, it is found that it is me through video verification with the other party, so we should still be cautious.” On February 17, a university teacher in Beijing said in a circle of friends. In the early morning of that day, one of her friends asked her to help transfer money through wechat. She got through the other party’s wechat video for verification. She saw familiar faces in the video, but the other party didn’t speak, so she hurriedly closed the video call.
“I already knew that his wechat was stolen and was not deceived, but some of his friends were cheated out of 14000 yuan in this way.” She told the economic observer that the swindler made the above transfer request to others through wechat. The victim conducted a video audit and received 6000 yuan transferred by the swindler to help him transfer the money. However, in the afternoon, the swindler borrowed 14000 yuan from the victim on the pretext of being in urgent need of money. It was not until the evening that he was found cheated.
Video verification is a familiar face. Why are you still cheated?
“The potential security risks of identity verification have brought uncertainty to the assets of the financial industry. The increasing diversity of attacks and counterfeiting cases has brought great challenges to the security of AI technology, such as hole digging of empty photos, 3D masks, deep forgery, voice synthesis, voice splicing, etc. effective anti-counterfeiting capabilities are urgently needed for different attacks.” Feng Yue, director of Kejin AI security attack and defense laboratory, said in an interview with economic observer that due to the development of deep learning and the emergence of deep fake (a controversial face changing technology software), the production threshold of “fake face” has been greatly reduced. Ordinary people can make a face that may not exist or exchange faces, The formed single frame picture can be very realistic. Generally, the black production will use the dynamic processing software to complete the actions such as opening the mouth and turning the head of the characters in the photos, and then use other software deception systems again. By modifying the relevant data and settings, import the dynamic face video made in advance into the app, complete the authentication, and then complete the whole fraud process
how much is your face “worth”?
Mobile payment has become the mainstream method of payment. According to the statistical report on China’s Internet Development released by China Internet Network Information Center (CNNIC) in September 2021, the number of Internet payment users in China reached 872 million, accounting for 86.3% of the total Internet users.
At present, the normalization of epidemic prevention and control has led to a surge in the demand for identity recognition such as contactless authentication and senseless authentication. Face recognition technology plays an important role in the financial field with its convenient and easy-to-use characteristics. Many financial apps can carry out payment, transfer and other businesses through face recognition. Biometrics such as fingerprint and face brushing have become common mobile payment verification methods, and their utilization rate has exceeded that of digital password verification.
On January 25, China UnionPay released the 2021 mobile payment security investigation report, which showed that among mobile payment verification methods, biometric methods such as fingerprint and face brushing have the highest recognition, and their utilization rate has exceeded that of digital password verification. In terms of age, people over the age of 45 prefer password payment, and people under the age of 45 prefer biometric methods such as fingerprint and face brushing. In particular, 75% of young people aged 18-24 use biometric verification, which is 9 percentage points higher than the average level. About 30% of the respondents use dynamic verification code to verify their identity, of which 35% are aged 46-55, 6 percentage points higher than the average level.
While technology brings convenience, it will also be used by some criminals. The problem of personal information protection brought by face recognition technology is becoming increasingly prominent, which has aroused the general concern and concern of the public. Feng Yue said that in the conventional face recognition technology, the system will only do basic quality detection and truth verification for the collected videos or pictures. However, this basic truth verification technology can not effectively identify the true and false faces. With the evolution of forgery attack tools, the effectiveness will be sharply reduced, which is common, Black production can be achieved by remaking photos or videos. This leads to a series of security problems.
Generally, the black production will use the dynamic processing software to complete the actions such as opening the mouth and turning the head of the characters in the photos, and then use other software to deceive the system. When the app needs to verify the face through the camera, start the “plug-in”, and import the dynamic face video prepared in advance into the app by modifying relevant data and settings.
The national Internet Emergency Response Center once described the risk of face recognition authentication vulnerability in June 2021: due to security defects in the design process of some apps, attackers can use publicly obtained user photos to replace photos collected by in vivo detection, thus damaging the face recognition authentication mechanism, Login user account and steal user sensitive information.
If the above-mentioned black industry practitioners’ fraud technology is relatively primary, now the fraud has been upgraded.
\u3000\u3000 “The attack and defense game between the security industry and the black industry in the field of face recognition has gone through many iterations. From the early image level to the medium-term application level, and then to the later algorithm level, the financial industry and security companies have effectively protected the attack methods of the black industry through a series of means. However, the confrontation has not stopped. The face attack and defense has further penetrated into the mobile operating system and provided a new platform for enterprises Protection brings new challenges. ” On February 14, China Industrial And Commercial Bank Of China Limited(601398) Institute of financial science and technology released the 2021 Research Report on online financial black production, which shows that with the continuous development of face recognition attack and defense technology and repeated games, face recognition application scenarios have become the main battlefield of black production confrontation. In addition to the well-known photo activation attack, new attack techniques have emerged in 2021, Black industry has carefully designed the face fraud scene and used new attack technology to make “brush face” face new challenges again.
“Video calls should be answered carefully, and face theft should be prevented.” The 2021 Research Report on online financial black industry points out that black industry practitioners steal the victim’s face information through video calls. Black industry practitioners generally fake public security organs or bank staff, intimidate the victims into cases such as “money laundering”, “drug possession” and “loan arrears”, and require the victims to verify their identity through video calls. During the video call, the black industry practitioners require the victim to complete the specified face action, and turn on the screen recording function to obtain the victim’s face information. Compared with the synthetic video generated by activation software, the face video obtained through video call is the face recognition action completed by the victim. There are no synthetic and forged features, so it is difficult to be recognized by face algorithm. Considering the uniqueness of face features, once stolen by black products, it will directly lead to the failure of face authentication and the loss of funds and property. Therefore, before answering a video call, you must verify the identity information of the other party
rampant network black production
In the whole year of 2021, Xiaodun security detected a total of 9381 criminal gangs, with an average number of individual Gang accounts of about 500. Generally, it is a professional studio mode, using its own group control equipment or renting cloud control services, and cooperating with machine change tools, simulators, IP agents, coding platforms, coding platforms, etc. to complete batch quantitative cheating.
According to the 2021 mobile payment security investigation report, the proportion of people who suffered losses from online fraud was higher than that in 2020. The proportion of people who suffered losses from online fraud in 2021 increased by 6% to 14% compared with last year, and the average amount of damage was 1650 yuan, 272 yuan lower than that in 2020. In terms of age, Post-00 is the high-risk group of mobile payment risk, the proportion of bank card lending is high, and the proportion of economic losses caused by online fraud ranks first. The middle-aged and the elderly are also the main groups suffering from fraud, which are mainly concentrated in the fourth and fifth tier cities and various townships, towns and villages. They are generally less popular with science popularization. They take webcast fraud as the main channel, and the amount is usually huge. From a professional point of view, college students are at high risk of online fraud, and nearly half of them are used to using third-party credit loan accounts. In addition, online shop owners and self-employed entrepreneurs are also the people who suffer more from online fraud.
“People under the age of 40 are the main victims, and fraud by the elderly is relatively rare.”. According to the Research Report on the governance of telecom network fraud in 2021 released by Tencent, from the perspective of the age composition of victims, the proportion of young groups under the age of 40 is as high as 79%, and the proportion of victims over the age of 50 is only 8%. However, with the deepening and accelerating aging of Chinese society, the elderly will become an important part of Chinese Internet users, The network security of silver haired groups also needs to be paid special attention.
“The whole black industry chain has a long history. Since the Internet era, we have divided the evolution of black industry into four stages.” According to the 2021 business risk control insight report released by Xiaodun security, they are the wild era, the wild growth period, the initial scale period and the black production sea period.
Before 2010, it was the wild era of black production. In the Internet era represented by PC, the main profit way of black production was to control the personal computer as a “broiler” and realize it through DDoS attack, advertising and installing rogue software. The number of “broilers” in this cycle determines the upper limit of profit scale.
Around 2013, with the rise of o2o and the influx of a large amount of capital, the expansion of black products was used for user innovation, and the value of account was highlighted. It was also during this period that the industrial chain of black products around the “account system” was gradually formed, including number merchants, code receiving platform, code printing platform, group control, etc., thus entering a period of barbaric growth.
Around 2015, the online loan industry entered a period of prosperity, which is also a period of concentrated risk outbreak. Due to its pan financial attribute, it needs more strict KYC certification, that is, at this stage, the whole industrial chain around the “KYC suite” gradually formed, including two elements, three elements, human face, living body, etc., and the black industry began to take shape.
Since 2019, going to sea has become the choice of many Chinese enterprises. Whether e-commerce, social networking or pan entertainment enterprises have joined the army of going to sea. At that time, China’s regulatory policies became stricter, and China’s black products also started the voyage to sea. Based on China’s years of technology accumulation, black production enterprises are more rampant overseas.
According to Tencent, there are three main ways for fraudsters to illegally obtain citizens’ personal information. Illegally obtaining citizen information through “rogue software”, phishing websites, system vulnerabilities, “dragging libraries” and other means; Purchasing citizens’ personal information illegally obtained by others through illegal channels such as dark networks; “Crawling” citizens’ personal information from public channels such as enterprise industrial and commercial information query website, enterprise official website and organ website.
On February 18, the Ministry of industry and information technology reported the first batch of apps that infringed on users’ rights and interests in 2022 “In accordance with laws and regulations such as the personal information protection law, the network security law, the Telecommunications Regulations and the provisions on the protection of personal information of Telecom and Internet users, our ministry has recently organized third-party testing institutions to inspect mobile Internet Applications (APPs). So far, 107 apps have not been rectified.” The information and communication administration of the Ministry of industry and information technology said that during the detection process, it was found that 13 embedded third-party software development kits (SDKs) illegally collected user equipment information
how to win the “protracted war” with black products?
In view of the severe trend of black production development, on the one hand, the government has issued policies and taken a series of measures to crack down, and technology companies are also playing an increasingly important role.
The public security organs have cracked down on illegal production through a series of means such as “breaking the card” action and the national anti fraud app, which has effectively reduced the number of black cards and blocked the source of illegal production activities. Under the heavy blow of the state, it has played an effective deterrent role to the employees of black industry, and the black industry has further shifted to concealment and random grouping.
Since the “card breaking” action was launched in October 2020, all localities and departments have focused on cracking down on criminal gangs, cleaning up telephone cards and bank cards, effectively curbing the rapid rise of telecom network fraud cases from the root. From June to September 2021, the incidence of telecom network fraud crimes in China has decreased year-on-year for four consecutive months. With the in-depth promotion of the “card breaking” action, the delivery and trafficking channels for telecom network fraud gangs to obtain “two cards” are blocked, the “two cards” used in fraud dens are seriously insufficient, a large number of funds involved in the case are frozen, and some fraudsters even directly use their own bank accounts to transfer money laundering. The crime cost of criminal gangs has increased significantly, which has dealt a heavy blow to telecom fraud activities.
In September 2021, the general office of the CBRC issued a notice on strengthening the application security management of face recognition technology, requiring all institutions to comprehensively sort out the business scenarios and application systems related to face recognition, carry out risk investigation and rectification, and upgrade or repair the security vulnerabilities of the face recognition technology in use as soon as possible, The application system with potential risks shall be strengthened or transformed as soon as possible.
On January 18, 2022, China’s first “trusted face application guard plan for face information compliance operation guide” led by the Institute of cloud computing and big data of the Chinese Academy of communications and communications pointed out that China has initially established a legal standard system for face information protection. The criminal law and the interpretation of several issues on the application of law in handling criminal cases of infringing on citizens’ personal information clearly stipulate criminal acts such as illegal trading of face information, The civil code, the personal information protection law and the provisions on several legal issues applicable to the trial of civil cases related to personal information using face recognition technology provide a solid basis for regulating face information processing activities, and relevant laws, regulations and standards are constantly updated and improved.
In November 2021, the Chinese Academy of information and communications announced the first round results of “trusted AI: face recognition evaluation”. Seven well-known enterprises such as Beijing Centergate Technologies (Holding) Co.Ltd(000931) Kejin, Tencent cloud, Baidu, jd.com and ant financial successfully passed the evaluation, and the system security protection ability reached excellent level. According to public data, Beijing Centergate Technologies (Holding) Co.Ltd(000931) Kokin’s multi-modal anti-counterfeiting and security platform currently supports 11 types of anti-counterfeiting capability detection, of which the single frame silent error acceptance rate of live presentation attack is as low as 0.5%; The error acceptance rate of deep forgery single frame detection is as low as 0%; The single frame detection accuracy of ID card forgery is as high as 99.2%.
Feng Yue said that by 2023, the product will have more than 30 anti-counterfeiting types, with an average anti-counterfeiting accuracy of more than 95%, which is expected to serve more than 300 enterprises. Up to now, Dezhu multi-modal biological anti-counterfeiting and security platform has been applied in many business scenarios of financial institutions. For example, in the current scene where “black and grey property intermediary” is for profit, inducing consumers to entrust their agents to protect their rights and making financial institutions unbearable, the product can be used to identify the agent rights protection institutions and clarify whether the users are themselves through voiceprint recognition and voice forgery detection.
Tencent guard is a public welfare comprehensive security service platform integrating “user reporting, violation crackdown and user education”. Since its establishment, Tencent guard has served 150 million users, accepted nearly 60 million effective reports and cracked down on more than 10 million illegal accounts.
\u3000\u3000 “In the era of industrial digital interconnection, black industry protection and digitization are two sides of one. With the expansion and growth of business boundaries, the characteristics of black industry concealment, technicalization and industrialization are becoming more and more prominent. An enterprise alone and behind closed doors is bound to be unable to cope with the ever-changing forms of black industry in the future. It needs to be jointly controlled by the state, industry and institutions Build and strengthen the way to resist black production. ” According to the 2021 Research Report on online financial black production.