AI presents a new challenge for fintech
Tech entrepreneur and venture investor Borys Musielak created the fake passport in just a few minutes and shared the result on his LinkedIn profile. The generated document appeared so convincing that it triggered heated discussions about the readiness of modern identity verification systems to counter generative AI-based attacks.
Fake passport generated by ChatGPT (Borys Musielak)
Typically, AI-generated fake documents are easy to detect due to formatting errors, poor typography, or inconsistencies in the machine-readable zone. However, Musielak’s forgery looked nearly identical to a genuine passport. Users noted that forging documents has now become much faster and easier than with traditional tools like Adobe Photoshop.
Although the fake passport likely wouldn’t pass a full security check due to the absence of an embedded chip, it was sufficient to bypass basic KYC procedures used by some fintech companies. Services like Revolut or Binance often only require a photo of the passport and a user selfie. In such cases, deepfakes could become an effective tool for fraudsters.
Musielak emphasized that the risks of mass personal data theft for the purposes of obtaining loans or creating fake accounts have significantly increased. Generative AI allows fraudsters to scale their attacks and gain access to banking, cryptocurrency, and other financial systems.
In response to this emerging threat, experts are calling for the wider adoption of NFC-based verification methods and electronic IDs (eID). These approaches rely on hardware-level data validation, making them more resistant to generative attacks.
Interestingly, 16 hours after Musielak’s post, attempts to replicate the experiment were no longer successful. ChatGPT refused to generate a fake passport, citing safety policies and prohibitions against creating fraudulent documents.
This situation shows that measures to prevent the misuse of generative AI are being implemented — albeit with a delay. Nevertheless, the fake passport incident serves as a stark reminder of how quickly technology can become a threat if not accompanied by robust control mechanisms.
