In January 2021, the Shanghai People’s Procuratorate charged two Chinese residents with facial recognition fraud – Wu and Zhou had been cheating the tax service identity verification system and forging invoices since 2018, the South China Morning Post reported.
To cheat the system, the scammers bought high quality photos and fake identities on an “online black market” common in China.
These cost between 30 and 250 yuan ($5-38), the publication wrote, citing an investigation by The Xinhua Daily Telegraph. Hacking services can cope with public or private systems that collect such data.
Wu and Zhou processed the photos they took with deepafake apps – they can “animate” the uploaded picture and make it into a video, giving the impression of faces nodding, blinking, moving and opening their mouths. Such applications can be downloaded for free.
For the next stage, the fraudsters bought special smartphones that were re-flashed: during face recognition, the front camera of such a device does not turn on; instead, the system receives a pre-prepared video and perceives it as an image from the camera. Such phones cost about $250.
Using such a scheme, the scammers registered a shell company that could issue fake tax invoices to its customers. The scammers made $76.2 million over two years.
Biometrics is widespread in China – it is used to confirm payments and purchases, verify identity while applying for government services and so on. But with the development of the technology, one of the main problems in the country has become data protection, says SCMP.
Law enforcement agencies are having a hard time dealing with insiders and brokers who collect and sell data, says the publication.
From May 1 a law comes into force in China which restricts “excessive” collection of personal information: the authorities have defined the list of minimum required data for 39 categories of applications. For example, for online stores and delivery of products enough number, name of the recipient and user, address and payment details. The government also drafted a bill on fines for data leaks and abusive collection of personal information – up to 50 million yuan or 5 percent of a company’s annual revenue.