AI Can Fake Faces, But Not Audit Trails

Armor Up eID Certificates with the Highest eSign Legal Record.

Howdy, friends--Armand the armadillo here, your RPost workflow and digital transaction evangelist. Let’s talk about electronic identification (eID) and why, in today’s world of Generative AI, maybe the best answer isn’t the fanciest gadget, but the simplest path.

When Security Becomes Overkill

Remember the infamous shoe bomber? Over 20 years ago, a would-be terrorist tried to hide explosives in his shoe to sneak onto a plane. Luckily, alert passengers stopped him mid-flight. But what happened afterward? For the next two decades, every traveler in the world connecting in the USA was forced to take their shoes off at airports.

Billions of shoes scanned. Billions of bare feet padding across security floors. Two decades of collective annoyance -- and, let’s be honest, a whole lot of foot fungus on those airport floor tiles.

And here’s the kicker: there was never another shoe bomber. Yet airports spent 20 years fixating on footwear while determined attackers found new tricks elsewhere.

That’s a perfect metaphor for electronic identity today.

The Promise of eID

Everywhere you turn, folks are adding layers of “proof” to digital transactions:

• Multi-factor logins with email and SMS
• Knowledge-based questions (“What’s your first car?”)
• Selfie face scans
• Digital certificates on devices
• Video notarizations
• Government smart cards

All sound impressive, right?

Enter Generative AI: The Great Equalizer

Here’s the emerging reality: Generative AI tools like OpenAI’s ChatGPT, image creators, and voice cloners have turned the old defenses into Swiss cheese.

• KBA questions? Most answers are already leaked online.
• SMS codes? If your computer’s compromised, attackers see those too.
• Face recognition? AI can generate realistic faces or deepfake video in real time.
• Voice ID? Synthetic voice models make you sound just like… you.
• Digital ID cards? Fake government IDs can be whipped up with AI graphics in minutes.
• eNotary video calls? With AI, even “live” faces and voices can be replicated.

None of these methods is perfect anymore. In fact, it’s fair to say that every single one can eventually be defeated by a determined bad actor with AI at their side.

So, What’s Left?

If everything can be faked, maybe the best answer isn’t adding more hoops for honest users to jump through. After all, security that frustrates real people but doesn’t stop criminals isn’t much security at all!

That’s where the basics come in:

• Audit Trails: The legal gold standard under ESIGN laws. Track the who, when, and how of every signature, and bind it cryptographically to the record.
• Simple MFA: A code by SMS or email still blocks most casual fraud without overloading the signer.

These are low-friction, easy for users, and legally solid.

The Future?

Sure, regulators and vendors will keep inventing new identity tricks. But Generative AI is only going to get better at poking holes in them. The market may ultimately decide that the smartest move isn’t chasing the “unbreakable ID,” but leaning on what really matters: strong, tamper-proof records and a signing experience people don’t abandon out of frustration.

“Don’t make your customers take their shoes off forever just because one guy tried something once. Keep it simple. Keep it strong. Roll with the audit trail.”

Ask RPost why RSign was named a Worldwide Leader by IDC and Aragon Research for eSignatures and Digital Transaction Management, and by Gartner for Preemptive Cybersecurity. 

Learn how with RSign, eID verification shows up in the Advanced Signature Certificate and how it is cryptographically and logically associated with the signoff record for the highest eSign legalities.

You might also like