top of page

Hello,
I´m Marcelo.

marcelo.JPG

I´m a User Researcher Specializing in Generative AI & Cybersecurity for Banks.
I am an Especialist in Prompt Design, DeepFake, AI Face Training and I have found a 
on almost every

breach

DIGITAL BANK.

picpaylogo.webp
WISE.L_BIG.D-d4b35106.png
nubank-logo-branco.png
gov.png
revolut-logo.png
Binance-Horizontal-White-Logo.wine.png

"I found that most Digital Banks services and even Governmental Institutions are in danger

with AI and DeepFake Methodologies."

Banks and Governements should be ahead of Scam practices and I can help.

Challenges and Problems investigated

  • Security Vulnerabilities: Face Recognition​

  • Identity Theft: Creation of Fake Bank Accounts

  • Data Privacy Concerns: Unauthorized access to sensitive data

  • Customer Trust and Confidence: Security breaches and incidents of fraud

- Techniques -

3D mesh

Depth Map

Control Net Face Model

28m Focal lengh wide-angle

​

​

- Original Model -

Example of DeepFake Face Recognition Bypass

- The possibilities of DeepFake Scam are countless.

- Several different types of Face Movements are only getting better.

- Some banks only request ID information and a Picture

The conceptual architecture for the SynthFace generation pipeline.

Captura de tela 2024-05-11 235048_edited
Captura de tela 2024-05-11 235041.png

3D Mesh

Depth Map

keanu.jpg

Control Net

Face Output

Prompt + 

28m Focal lengh wide-angle

​

Negative Prompt

Video Output

Stable Diffusion

A1 (27).png

Condicioned Realistic Video -Print-

FLAME

DECODER

3DMM Parameters 1,3000

Facial 

face.png

Recognition

gifdeepfake.gif

Several Banks has shown a Flaw in the Face Recognition Cybersecurity in some stages as...

*Creation of Fake Bank Accounts

*Password and E-mail Reset - Standard Security

*Support Security Flaws

*Government Info Leak

​

Open Pose

Control Net Face

Face Trainning

Prompt

deep.jpg
veredict.png
ID.png

Creation of Fake Bank Accounts

​

- Fake Bank Accounts were already created in the past using people´s ID Information, therefore with DeepFake technologies becoming more and more of a threat and better by the day, it´s important to be one step ahead of Scammers using it.

​

- One example of creating a Fake Bank Account is the ability to perform Scams using information a Bank that doesn´t belong to you, and later on send the money to an international Bank or to your Metamask account, making it untrackable.

Password and E-Mail Reset

​

- Several Banks has shown some flaws in Cybersecurity User Experience regarding resetment of E-mails and Passwords. One big example is that for some Banks, it was only necessary a new E-Mail on the previous screen before the Recognition transpass to reset the account of the target.

​

- After applying the Face Recognition in the App, the Scammer has access to the application and so with a new E-Mail he can change the Password in a few minutes.

Screenshots of Facial Recognition from Several Banks

In this particular example, it´s possible to reset the password by just taking a screenshot  of your Face with the frontal part of you camera, it´s not even a video.

​

So if the model is trained correctly you can apply the technic with a Live Facial of the trained Target and invade someones account.

Most of the Digital Banks tend to have a fast UX for the costumers, but that´s something that must be reviewed, due to the advancement of technology, and I can help.

​

And one interesting fact that I like to point in most cases, is how the App itself helps the Scammers with Prompt Design,e.g., (Remove, Hats, Glasses, Scarves, neutral expression...)

Revolut.jpeg

Revolut Bank Screenshot

Nubank.jpeg
picpay email.jpeg
picpayselfie.jpeg
Govfacial.jpeg

Different Banks showing the same UX flaws for Reseting you E-mail, like a single shot from your face and aiding with Design Prompts for correcting the Model in case one fails to pass the Face Recognition.

In one of the cases as shown above, the Second Screenshot is from one of the Biggest Banks of Brazil with more than 250 Million Accounts called PICPAY. The Usability open up a Tab for you new E-Mail beforehand of the next phase as shown in the third Screenshot.

Another Big Issue coming up with Government Info and Services going Digital.

Gov.jpeg
if-youve-been-following-along-this-is-a-3rd-and-last-post-v0-btv1fcxv2iac1-1.jpg

Control Net and Face of a Target

(AI Generated as Example)

In the Example above, I demonstrated how Governemental Information and Services can be accessed by bypassing security using as a target like Commom Citizens, Governmental Entities, Famous and many other.

 

Famous people are the easiest because usually their ID's and personal information like Age, Date of Birth, Name of their parents are all on the internet, as long as millions of photos arround the internet and even their voices, wich is usually easy to clone nowadays.

​

So many Governnamental Institutions are going Digital in the past few years, having a peak after the Pandemic Outbrake. So it´s not difficult to invade and access those informations using new technologies that are getting better and as a UX Researcher/Designer with almost 10 years of Experience in many areas and I can help your Bank to think ahead of many unusual Scams using those technologies.

 

​

Some Usability Flaws that I observed in my Research

Transfer Funds

The hacker can transfer money from the compromised account to other accounts they control, including international banks or cryptocurrency wallets, making it difficult to trace and recover the funds.

​

Impact: Financial Loss, Emotional Distress.

Apply for Loans or Credits

Using the victim’s identity, the hacker can apply for loans, credit cards, or other financial products. They can then withdraw the loaned amount or max out the credit card, leaving the victim with the debt.

​

Impact: Financial liabilities, damage to their credit score, and complex financial recovery processes.

Access and Steal Personal Information

Hackers can access sensitive personal information stored in the account, such as Social Security numbers, addresses, and phone numbers, which can be used for further identity theft or sold on the dark web.

​

Impact: Identity Theft, Potential Harrasment, Extortion, Unauthorized accounts

Make Unauthorized Purchases

The hacker can use the account to make unauthorized purchases, either online or through connected payment services, potentially buying high-value items or services.

​

Impact: Financial losses, complications in disputing the charges, potential legal issues if illegal items are purchased.

Monitor and Exploit Account Activity

The hacker can monitor the account activity to gather more information about the victim’s financial habits, which can be used to time further attacks or sell the detailed account information to other criminals.

​

Impact: security threat, loss of privacy, argeted phishing attacks.

Change Account Settings

The hacker can change critical account settings, such as email addresses, phone numbers, and security questions, making it harder for the legitimate owner to regain control of their account.

​

Impact: Increased difficulty for the victim to recover their account, potential lockout from essential services, and further security breaches.

And much more problems related to Governmental Digital Leaks... 

Remember, not to invest in someone to think ahead of time will be extremelly expensive to you, and I am that guy.

​

I have a whole project for developing and enhancing a Follow-Up Usability of CyberSecurity for Banks and Devs, let´s have a chat.

I have countless other examples of Flaws in the Usability inside Banks, but this presentation would be to long so let´s have a call and I can create a Follow-Up for your Bank

"

"

marcelo.dezen@hotmail.com

+39 333 345 6366

Rome Time-Zone (GMT+2)

© 2024 Portfolio by Marcelo Zem

bottom of page