Attack Vectors

What and how generative AI techniques are used to deceive, impersonate and defraud.
Back to Attack Vectors

Screen replay attack

Video
Corporate Fraud
Consumer Fraud

A screen replay attack plays a recorded or deepfake video of the target on a screen held up to a verification camera, defeating face liveness checks during remote identity verification. It is the visual counterpart to a voice replay attack, and it needs no live generation once the footage exists.

Use cases: Identity verification & KYC · Finance · Marketplace

How it works

  • Attackers capture or generate video of the target, then present it to the camera on a phone, monitor, or tablet
  • The replayed footage passes basic liveness prompts when the system cannot tell a live face from a screen
  • Screen artifacts such as moire patterns, glare, refresh-rate flicker, and bezel edges are the signals detection looks for

Where it shows up

  • Remote KYC and onboarding liveness bypass at banks, fintech, and crypto exchanges
  • Account recovery flows that rely on a selfie video match
  • Video-based identity verification for gig platforms and marketplaces
  • Gaining access to accounts protected by face verification after a data breach
  • Repeated attempts using the same captured footage across many target institutions