Q. What strategies does your R&D team use to stay one step ahead of increasingly sophisticated fraud tactics in a constantly shifting threat landscape?

A. The very nature of our technology and the architecture it was built around “dictates” that we are always putting a strong emphasis on the robustness of our solution, making it rigid when it comes to getting that “yes” or “no” answer to our customers. This allows us to stay one step ahead and ensure that fraudulent attempts are stopped on time. I’ll give you an example – Deepfake AI and its associated stories keep Treasurers awake at night and for a good reason… No one wants to make a callback to their alleged vendor or make a payment according to instructions they get from their boss only to find out they were speaking to a fraudster mimicking the voice of the person they were supposed to talk to.

When we validate an account using actual data from the banking system, we eliminate the chance deepfake AI will dupe our customers.

Our patented Cooperative Cyber Security™ (CCS™) framework powers all our solutions. nsKnox’s roots are deep in cybersecurity—our founding and R&D teams come from that world—so from day one, it was clear that protecting sensitive data like bank account details had to meet the highest possible standards.

CCS™ delivers that protection by breaking sensitive data into multiple encrypted “shreds” and distributing them across different systems. That means no single system holds enough information to expose or manipulate the data. Even if one system is compromised, the information is useless without the rest. This architecture not only prevents data tampering, but it detects and flags any attempt to manipulate information in real time.

Our R&D team continues to refine and evolve these technologies based on real-world fraud scenarios, emerging threat patterns, and close collaboration with our customers. It’s not just about building strong defenses—it’s about making fraud prevention smarter, more resilient, and involving as little friction as possible.

In February 2024, a Hong Kong-based multinational firm fell victim to a sophisticated deepfake scam, losing $25 million USD.

The attackers employed AI technology to create convincing video deepfakes of the company’s CFO and other executives, which they used during a video conference to deceive an employee into authorizing large fund transfers.

Drawing on nsKnox’s understanding of how deepfake payment fraud attacks are typically executed, here is our perspective on how the $25 million Hong Kong deepfake scam likely transpired. This is based on the steps outlined in an interview with nsKnox’s CISO, Yaron Libman (also featured in this newsletter).

In today’s rapidly evolving digital landscape, the rise of deepfake AI technology has introduced a new and significant threat to B2B payment security.

With cybercriminals using artificial intelligence to create highly convincing fake videos, audio, and images, businesses are at risk of falling victim to sophisticated fraud attempt.

These attacks can easily bypass traditional security measures, leading to unauthorized transactions, stolen data, financial losses, and reputational damage. In this interview with nsKnox’s CISO, Yaron Libman, we explore the dangers posed by deepfake AI, its impact on B2B payments, and how companies can safeguard themselves against this emerging

Q. What are Deepfakes, and how do they work?

A. Deepfakes are highly realistic but fabricated digital content created using artificial intelligence (AI) and machine learning (ML). By training algorithms on massive amounts of real data, such as voice recordings, videos, and images, deepfake technology can generate media that closely mimics actual individuals. This means a person’s voice, facial expressions, and videos can be convincingly faked. These deepfakes can impersonate company executives, stakeholders, or clients to manipulate financial transactions or obtain sensitive data.

Q. What is the future of deepfakes in the context of B2B payment security?

A. Deepfake AI attacks are effective because humans have a natural tendency to trust the data they receive. However, companies must verify and validate this data, regardless of its source. As deepfake technology advances and becomes more accessible, these attacks will likely increase in frequency and become more challenging to detect. The future of payment security will likely rely on more sophisticated, technology-driven tools capable of identifying deepfakes in real time. Additionally, closer collaboration between private payment protection companies and security firms and the implementation of
regular audits and employee training will be critical in developing systems and frameworks that can stay ahead of this evolving threat.

Q. Why are Deepfake scams such a significant threat to B2B payment security, and how are they used in fraud?

A. Deepfake AI poses a serious risk to B2B payment security by enabling cybercriminals to impersonate trusted individuals or entities with alarming accuracy. Criminals can create deepfake videos or audio messages of executives—such as CEOs, CFOs, or Treasurers—directing employees to authorize fraudulent transactions or redirect payments. Without proper verification protocols, these impersonations can lead to substantial financial losses, data breaches, and reputational damage.

Deepfakes can be deployed in multiple ways to manipulate payment systems.
For example:

• Executive Fraud: Scammers create deepfake content mimicking a senior executive to pressure employees into transferring funds to fraudulent accounts.
• Invoice Manipulation: Attackers use deepfake-generated voices or signatures to alter
  payment details or submit fake invoices, tricking finance teams into processing
  unauthorized payments.
• Social Engineering Attacks: Cybercriminals craft realistic deepfake communications
  from clients or vendors requesting sensitive information or urgent payments.

These attacks are especially dangerous because they are designed to bypass traditional security measures like email verification or invoice checks. Even well-trained staff can be deceived, highlighting the critical need for multi-factor authentication, independent and
technology-based account validation technology, and robust employee training to
mitigate these risks.

Q. Is there a specific case that serves as a wake-up call for businesses about deepfake fraud?

A. Consider this scenario: you’re on a video call with your company’s CFO. They appear exactly as you’ve always known them—the same voice, mannerisms, and familiar expressions you’ve observed over years of meetings. They urgently request a multi- million-dollar transfer to a vendor’s account for a time-sensitive deal. Would you question it?

This is exactly how the $25 million deepfake scam in Hong Kong unfolded. Attackers used advanced AI to create a highly realistic video of the CFO and conducted a live video call with an unsuspecting employee, completely mimicking the CFO’s appearance and behavior. By leveraging trust, authority, and a sense of urgency, the scammers persuaded the employee to bypass standard verification procedures and approve the transfer. By the time the fraud was discovered, the funds were long gone.

What makes this case so alarming is how authentic the deception was—these are not basic scams but sophisticated and carefully planned schemes. The distinction between real and fake is increasingly blurred, leaving companies at risk. Without advanced, technology-based protections—such as deterministic account validation and deepfake fraud detection tools—any business could fall victim. In today’s landscape, even seeing and hearing can no longer be trusted.

Q. How can companies stay ahead of deepfake-related risks?

A. Staying ahead of deepfake attacks involves continuous investment in technological,
automated security solutions, regular employee training, and raising awareness and alertness to unexpected or unusual payment requests.

Businesses should also conduct regular security audits of their Master Vendor Files (MVF) and ERP systems, stay informed about emerging AI threats, and implement proactive measures such as automated fraud detection technologies. By adopting strong security protocols and keeping abreast of technological advancements, companies can stay one step ahead of cybercriminals and protect their financial systems from fraud, including deepfake attacks.

Q. How does nsKnox’s solution protect companies from deepfake attacks?

A. nsKnox PaymentKnox™ solution protects companies from deepfake attacks by offering a multi-layered approach to continuously verify account ownership and protect payments throughout the transaction journey. It focuses on deterministically verifying account data based on details from the banking system instead of trusting or trying to confirm the source.

nsKnox ensures that every transaction adheres to a verified payment process, making it extremely difficult for fraudsters to carry out deepfake impersonations or manipulations. This robust, multi-layered verification system offers companies a powerful defense against evolving threats like deepfakes, safeguarding payment security and maintaining trust across the entire B2B transaction process.

Deepfake AI presents a severe and growing threat to B2B payment security. Businesses must adopt robust safeguards and remain vigilant to mitigate the risks posed by this emerging technology. While the threat landscape evolves, so must our defenses against it.