Cyberscammers Are Bypassing Bank KYC Facial Scans Using Stolen Biometrics and Virtual Cameras

A detailed investigation has revealed how cybercriminals are systematically bypassing the biometric KYC (Know Your Customer) facial verification systems used by major banks to onboard customers and prevent identity fraud. Using stolen biometric data combined with virtual camera tools sold openly via Telegram channels, scammers are opening fraudulent accounts and passing liveness checks at scale — defeating a security layer that hundreds of millions of consumers assume is robust.

How the Attack Works

The attack exploits the gap between what facial recognition systems check and what they cannot check. Most bank KYC systems use "liveness detection" — algorithms designed to distinguish a live person from a photograph or deepfake. The new attack method bypasses liveness detection entirely by injecting manipulated video through a virtual camera driver that the KYC system recognizes as a real webcam.

Scammers purchase stolen biometric data — including high-resolution facial scans sourced from data breaches, phishing kits, or social media scraping — and feed it through the virtual camera at the exact moment of KYC verification. The result: the KYC system receives what appears to be a live facial scan of the identity document holder and approves the application.

The Telegram Marketplace

The toolkits enabling this attack are not being developed from scratch by each attacker. They are sold as ready-made services on Telegram channels, often with step-by-step instructions, video tutorials, and customer support. Prices range from a few hundred dollars for a single-use kit to subscription models that include access to regularly updated biometric datasets and virtual camera software.

The availability and low cost of these toolkits has democratized the attack — it no longer requires sophisticated technical knowledge, only the willingness to purchase and follow instructions.

Bank Responses

Banks contacted for comment have acknowledged awareness of the attack vector without confirming specific incidents. Several have indicated they are implementing additional behavioral signals — including device fingerprinting, IP analysis, and typing patterns — to supplement facial recognition checks. The challenge is that many of these supplementary signals can also be spoofed with sufficient effort.

The Bottom Line

Biometric KYC was supposed to be unforgeable. It is not. The systematic availability of virtual camera bypass kits on Telegram means that facial verification, used as a sole authentication factor, is no longer sufficient to prevent identity fraud at account opening. Banks that have not layered additional verification signals are exposed — and the attackers are already at scale.

Related Articles

• ByteDance Launches Seedance 2.0 Video Model
• Apple and Google App Stores Are Promoting Nudify Apps That Generated $122M
• Anthropic Rolls Out Identity Verification for Claude

Sources

• Wired