You needed to go a lot farther with your techniques. Things like the metadata of your photos clearly stated they were saved in photoshop and not a mobile device you needed to modify the meta data. The IP address of your computer was logged on the first attempt so you weren’t getting away with the second attempt. Also the MAC address of your phone was recorded on the first attempt. There were so many simple red flags you missed that any mid level scam artist would bypass
You're right. Looking back on this video, there are so many different things I could've done. We'll be doing another video in the future, I'm sure. Thanks for your comment!
Ok the metadata thing might account for the times he had to actually upload the passport as a file (jpg or whatever) but not for the times he had to SCAN the passport. Correct me if I'm wrong .
@@Sumsubcom Also when you took the picture using your phone of your machine, you can clearly see the other tabs that were open, exposing the fact that you were taking a picture of the passport using your computer.
I thought all hope was last on getting a job not until I was recommended to *driphack20* on Instagram, who helped I was able to got an ID and drivers license at affordable prices..
I thought all hope was last on getting a job not until I was recommended to *driphack20* on Instagram, who helped I was able to got an ID and drivers license at affordable prices..
Have to be careful... Some of this brokers have common databases, about emails, cellphones, names, when they tag ONE red flag... can be that you'll be always tagged as a red flag IP, NAME, DOB... It's not THAT easy once your IP gets tagged.
@@Sumsubcom Ip but more importantly fingerprinting and your specific device settings. If you really want to get this done just use a vm and make sure you have a vpn
two things you don’t want in life a) be on the FBI terrorist flight ban list b) be blacklisted by Banks so don't play, the consequences can be painful and long lasting
@@adammaxi, that's why use a cookie cleaner, socks 5 proxy server, and an anti detect software to bypass any security instrument. All of that will give you a better chance.
@@iainkay3630 do you have more information about using singed JavaScript to get Mac address? Also when is the last time someone used active X or internet explorer?
@@taco4121 I get what you're saying, although I think with deep fake can also change the voice of the person. Unfortunately there are and always will be ways around scammers will find
@@SkullCreationsStudio yeah they could chainge the voice but the numbers that you have to say out loud are randomly chosen in the app. So pre recording would be really difficult
You talked at the end of the video about analysis of pixels and advanced security features. However, the most basic check to automate for some time has been the reading of the MRZ; if this isn't in the standard format, it isn't a valid document. You admitted at the outset of the video that you're not sure about the proper format for the MRZ for the a passport of the identity that you were creating, and a single character being off has long enabled passport scanners to identify problems.
Dear mr Young ;-) Should the biggest take away of this not be : DONT EVER UPLOAD YOUR PASSPORT, ID OR FACE ! If the system you are trying to sign up on will ever get breached, your whole identity is out in the open and potentially in the wrong hands. "But the website needs it so they can offer their services" I hear people say..... May I suggest you find another website that does have his ducks in a row :-) And what's more: In a number of countries it is even illegal to upload such documents. In my country, The Netherlands, you are not even allowed to share your social security number with anyone exept goverment organisations. Since that number is on the passport, drivers license etc... you can't share those either unless you blatanly take out a marker and make everything black. And this will lead to yet another ban because you 'messed around' with your document. Cheeeeeeeeeeeers, Jecepede
SSN is essential for banking institutions tho, because they have to verify the identity of the person that's opening a banking account. Since multiple people can share the same name, the same date of birth and could also potentially share very similar appearance to each other (it is rare, but it may happen), and live in the same city, it's actually very hard for banks to verify your identity using only those informations. SSN however is unique to you and you only, which means that they can verify it is indeed you who is using their banking services. They can't of course share your personal informations with advertisers or literally anyone, they can only use them internally for processing to address you individually, and potentially offer you their own products and services which you might like. Do you want to tell me that banking institutions in Netherlands are not allowed to use SSNs for their internal purposes because they're not government institutions? And why am I talking about banking institutions? All of those services shown in the video are banking institutions that handle your money.
@sumsub There’s probably at least a checksum at the bottom. Also, be careful in the USA we are a surveillance state whose leadership has been compromised by the CCP and trying that could put you on a no-fly list even though the spying and lack of due process are flagrantly unconstitutional. Not sure about 🇬🇧 hopefully the Queen does not have to answer to Marxists also .
Why would you zoom in and edit out the identity verificaiton service comany's name? You can clearly see at 12:51 that there is something blurred in the middle. It's almost as if you are trying to hide that this video is secretly an ad to show the public that online identity verification works (which it doesn't, I tested it with just half an hour of work you just have to know what to to). It is so conventient that the provider who detects the scams are Sumsub (the identity verificatior) and the others are just not working (no otp or page hanging). Not to mention that this channel is called Sumsub literally the company who's business is to identify people and has benefit from it to show that it works.
I have wondered if someone could use a fake driver's license at a bitcoin ATM, and if fake money would be accepted at the atm. Seems like that would be a crazy scam
Interesting point, but I think you'll find that most services use a variety of algorithmic maps to detect forgery. It's not as simple as detecting the metadata. At Sumsub, we use five. 😎
The face recognition check could be circumvented by an external video source input, going through a pc with a facial masking programme that emulates the photo on the document onto your face.
4:45 most of the times the verification code arrives instantly after I single click on the power button of my cell phone. Otherwise it kinda remains in a somewhat 'idle mode'.
It sucks those places even require camera validation. It makes sense if they're lending you money or allowing for you to use leverage, but if you're just adding funds and trading covered (like a cash account) some of those businesses should allow plain simple KYC validation (or does the law require thorough validation like that?). Just a couple of years ago (maybe longer) you could open an account on Coinbase without even adding an ID. 😟
This is where AML comes in. Transactions that pass certain thresholds need to be verified. This is especially important when it comes to crypto wallet checks.
My problem with KYC is that accountability doesn't go both ways. I understand banks and governments wanting to hold me accountable for my actions. They need to be equally accountable for how they use and distribute my personal information and their records of my activities as well as the times they impede legitimate activity, but they aren't.
@@MatthewStinar Amen! In the end they want to know how much money we have at any given moment to tax the hell out of us. There's no other reasonable explanation (plus knowing where our assets are make it easier for them to garnish / freeze what we have).
This is 100% because regulations (MLR 2017, with 5MLD updates) require regulated crypto currency exchanges to be verifying details of customers. Even for one off transactions, this is still mostly required (as the thresholds are very low).
KYC can also reject legitimate documents and people when data is not accurate in their online databases. Also liveness checks can reject people when the documents are older.
If you wanted to change your passport details, you at least need to check your MRZ check sum and secure image. It’s a pretty easy to be detected by the system since it doesn’t matched with the document itself. Btw, it’s pretty interesting video.
Thanks Thomas for the comment. Good advice too. I might try and make bulletproof documents and try again to actually fool some of these systems. Must be possible one way or another.
Yeah I noticed that too. I know little about the exact sequencing of passport except the basic stuff you can tell from looking the passport. The last digit has to be a checksum and I would assume the part after the Passport Number and birthday would also be a checksum. Checking with my own passport that seems to be the case. And having the same checksum on the real and fake document would be a pretty big coincidence. Typing in the stuff provided into a checksum calculator it seems the last part should be a 9 instead of a 2. The passport number would be 9 instead of 7, Birthday checksum 3 instead of 6. (ofc the last part changes again after you fix the mistakes with the checksums for the other parts). Failing a single should put it into manual review in even the most basic system (checking if maybe the OCR has made a mistake), failing multiple of the check digits, I don't even think you need a human to look over that. Would've probably been more fruitful with a correct MRZ to see if the whole face thing even does a thing. A good amount of work put into making a 20 minute video but falling at the first hurdle. Also sidenote I love how he blurred the expiration date on the real passport, yet the MRZ for the expiration is still there.
@@KiinaSu The expiration date isn't really a private information, as well as the document creation. Date of birth however is. And if someone else has your SSN (which may vary in format in every country, my country for example uses YYMMDD/XXXX format, where YYMMDD is a date of birth in two digit year, month and day format - so let's say you were born May 5th 1998, then date of birth would be 980505 - except for females, the most significant digit of a month changes, simply to a month a number 50 is added, so if you are female, then it's 985505, and XXXX is a four digit random identified assigned to you - multiple people can have the same identifier, but then they cannot have the same date of birth - as for non-binary genders, Czechia doesn't really have a system for that, your SSN is assigned to you at the day of birth most of the time, and even if you transition to another gender, where surgery is a requirement, then you can have a new SSN being provided to you, because it reflects your date of birth and your gender - but non-binary people don't have a mechanism, which is why I believe the government wants to change it to be more like a US SSN), it's game over if they do. They can impersonate you and take loans on your name and not pay for them, and get you in trouble. If they have your full name, your SSN, and your full address, you're screwed. Anyway MRZ would be interesting to explore, learn how it is calculated, and try many different techniques to fool the MRZ validator. But I must stress that MRZ validator isn't the only check here. And pretty much all of those services have proceeded further into selfie check, which means that there might not even be an MRZ check in the first place, because validator only checks if the format is valid, not the informations, and if the format isn't valid, it may not proceed further and straight out refuse to continue. But the fact that even the checksums were all wrong, the app continued further, which means that there must have been some other issue preventing them to continue.
Not sure about the uk. But a RUclipsr did something similar in the EU and got jailed because the crime was real, even if he did it for educational purposes.
Okay, so here's what you pass the face check. First download OSC. Then, download an AI package called the thin spline model. It's an avatar based deepfake. Take some video of yourself doing the head check. Make sure the video seamlessly loops before you process it. The way you make a loop is by playing the whole video forward, then backward. Now that you've got your driver video, apply either your fake person or the photo of your choice to the driver video. At this point, provided you didn't open your mouth, you should have a nice low resolution video. Cool. Drop that video into the frame extractor of choice. Blender's the easier for me, but you might prefer davinci or after effects. It does not matter. The important thing is that you have all the frames. Take your raw frames and process them through one of the sharp upscalers in Stable Diffusion. You're shooting for something 1020x1020. Re-assemble your video. Ideally, with innocuous room noise. Now, set up OBS, enabling the internal camera. Within your OBS scene, drop your looping video, and tell OBS to play it on loop. Make sure your canvas matches the image resolution of your upscaled images. Set OBS camera feed to your default camera within windows or mac, or whatever you're doing. And that's how you do that one. I don't know enough to help with any of the other stuff, but you get the idea
The truth is that these ID verification companies are doing a lot more then using state of the art camera technology .. what I am saying is that these companies are running a (Background check/credit check) on you as well… to what extent I don’t know. But what I do know is that it’s not legal for companies to run a background check on you with out your consent. In America
You need to walk into Social Security & tell them you just had a kid under 1 year ago & the kid and mother are out of country and you need a social security number for the kid that was born at home with a mid wife. Then open credit cards
@@KYLE-zo4bm I see you appreciate some good ole' RUclips. Screw colledge. I can build everything from a rocketship to a non existent human being from watching RUclips!... Americka!
@@xabhax yeah i know matt cox faked the birth certificate too and all the docs needed to get them to issue an SSN and then went to the dmv and got IDs with that SSN just look him up its pretty insane what he pulled off
idk if this counts as verifying with a false identity but i got through the airbnb verification system when i was 17 (it’s 18+ only) by just changing the birth year on my passport with photoshop lmao, i think it worked because i didn’t change my name or photo? not sure though
Just wondering when 'your' passport says Paul Young Peak, where Peak is clearly the last name, why the hell are you typing in your name as Paul Young without the Peak? Even without further investigation there can't be a match. But interesting to see anyway. Also wondering isn't it illegal in the UK to even try to do something like this?
I am a bit baffled by the concept here. I must have missed something because it seems like Bradley was mixing real information with fake information rather than creating a whole new fake persona where the photo would match your face as someone woudl do when trying to actually get past this. The coding on the passport seems to be the only variable but not an unsurmountable one.
Hey Will. The goal of this experiment was to see if I could pass the online identity verification systems with a blatantly fake ID, just to see what would happen. That's why in some instances, I'm using my real address, or my own email address etc. We were ultimately looking to get some responses from these guys. Would I get through? Would they temporarily reject me? Would I end up on some sort of blacklist? We should re-do the experiment with some anti-tank dark-web ordered passports. That would be a cool experiment. Cheers for the support!
@@Sumsubcom It jsut seemed like most if not all attemtps were setup for failure rather than real attempts to get through. I am new to the channel though and do appreciate what you do.
So Bradley I think you forgot Smth… 2:54 on the pale passport the passport number isn’t reflected, on the bottom of the page it still shows 5***31970…assuming it’s your actual passport number…
Uhm.. Hypothetized scenario: Take a selfie. Upload selfie to one of the hundered "search by image" site. Chose a guy that actually looks like you. Redo what you just did. Delete all Files and done commit a crime
I think Machine Readable Zone was the main reason it didn't go through not the photo. he needed an mrz that matches the name. forget the photo. you can use any photo.
i’m traveling Canada by ETa visa which is made through the same passport like you shown above and no any verification is made. is it possible to reach there please?
i wonder if wirex only failed the second time because it had already flagged that name, what about with a fresh name and even a fresh face? have someone else attempt to sign up and use their photo on the fake id?
I mean of course your going to fail verification when the picture on the passport isnt even the same person that is doing the "selfie" portion. Topping it off the phone number is registered to your name. A textnow or google number would circumvent that . These sites also use whats called "cookies" and "digital fingerprinting" meaning if youve used that pc as one person it recognizes that. Fresh Virtual Machine would be the way to do a test for that. and A drivers license or a government document would be much easier ways to go about fake as there isnt the number on the bottom to scan. Another thing is people that would do this would probably have already got their victim to send them stuff like this and edited their face to it instead so its a real doc everything scans just a different face to fool the selfie check.
I bet if you try your real passport, they'll block that as well. Your face, IP, phone number, address etc... must have gone into a blacklisted database on the first day.
You can just buy the photo of a genuine document and a video of the person moving their head online usually paypal scammers and any other banking scammer sells them
@@Sumsubcom But if the recording is 3D, can't you output a video as a fake web camera? See how they did fake online meetings with filmed clips of the same guy.
Shouldn't he change up address? Like also ips have fraud score. Also I don't know if he used the same phone number, probably the get into blacklist one they are rejected one time
Oh my goodness, where do I even start... First off, do a printout of the edited passport and then take another picture of the printout. It will require some fiddeling, however it will remove the tracepixels you leave when photoshopping the damn thing. Second Deepfake the videopart and show a screen to the camera. Third, VPN, VPN and yet another VPN. If your IP doesn't match the country you're supposedly in, that's the first red flag to any provider. Fourth, use a real persons picture. Fake people are being detected relatively fast by AI, as they're most of the times to perfect. And that's the primitive way to do it. Not even talking about running the phones OS in a Sandbox and simulating the whole input. Feel free to contact me, if you have further questions.
Hey Joe, I get you. When I filmed this video, I really didn't know what I was doing. I was just playing around. We might do this at a later stage with some really thought-out fakes. Thanks so much for taking the time to write to us, I hope your comment will help others! Or do I hope so? I don't know who our target audience even is anymore lol.
@Martin The hell if I know. That totally depends on the laws of the country you're in. Also, maybe not the smartest move admitting something like that on a plattform like this. But then I'm no lawyer so, #nolegaladvice It can be anything from computerfraud to identity theft up to forgery. Like I said, completely depending on the country you're in. Also, why would you do such a thing and not consider the possible consequences and outcomes up front?
It is worth reading up on the standard of the machine readable code as if you put in certain data the reader believes it is a testing document used to test their system and it can trick a lot of systems into not checking everything
you really should have made a new email address for this. with your name in your email not matching the name on your docs getting verified is highly unlikely. also a vpn in the nation of your fake doc would be a good call.
I actually believe that all these identity requirements show that the business that wirex us in is not legitimate, like a security camera they are useless to stop a pro who has a good plan to use their service for unallowed purposes. The standards are higher than just Photoshop but are not that high if you know hacking. It is all about how much you want to surrender to these financial services in hopes of the offered pie in the sky.
Does a fake also work on RUclips for the age verification? Or do they just close your google account? I’m way over the age limit but no way I’m feeding them my data
Would be interesting to use a photo of someone you know and have them do the live’ness verification with your name and details and see what happens. Pretty sure it might work. I think I’ll try it 👌 Thx!
Not so fast! That's where anti-fraud comes in. At Sumsub, we use five different algorithmic maps to determine a document's authenticity. If you try that, the least you'll get is a final rejection notice on the basis of photoshop. Nevertheless, if you do give it a go, let us know! -Brad
Is there really a point in doing something like this though? The only advantage that you would get is the service not knowing what your real face looks like, which is quiet unimportant (imo).
@@eggibot what one would get is a mis-match in identity, and avoid all kinds of inconveniences. That account could be considered void, in the meanwhile you could move plenty thru it. This option might be useless to you but you don’t speak for everyone.
@@curiousmind6472 yea, but you are still using your own REAL name and details, so it wouldn't be too complicated for other parties to identify the (suspected) account owner. the reason to use fake ID after all is to not have identifying information associated with your account
@@eggibot Certainly when a bank account is open with conflicting information it’s considered void/fraudulent, and so would be the case in this situation. No regulator could tax the account legitimately, especially with all parties denying the accounts existence. Trust me, it’s been done before - many times.. You could simply use one friends ID and someone else’s picture, opposed to your own. No rocket science there.
The IP address wouldn't necessarily cause a problem because of VPNs 🤓 However, I'm sure my face is being stored on a number of different internal blacklists now...
The text verification isn't actually to verify your phone number, it checks your cellphone providers account info with the info you provided to the website to help verify your identity
my dad tried to sign up to gemini back in early may of 2021, we put in all the correct data and it is november 24th and we are still waiting to get confirmed :skull:
Could you try something like this but instead with valid passport data and attempting to bypass the liveness check with a deepfake video? Also would be interesting to see if a valid passport with some minor discrepancies like date of birth changed would pass their tests
![BLACK BAG - Official Trailer [HD] - Only in Theaters March 14](http://i.ytimg.com/vi/Du0Xp8WX_7I/mqdefault.jpg)
You needed to go a lot farther with your techniques. Things like the metadata of your photos clearly stated they were saved in photoshop and not a mobile device you needed to modify the meta data. The IP address of your computer was logged on the first attempt so you weren’t getting away with the second attempt. Also the MAC address of your phone was recorded on the first attempt. There were so many simple red flags you missed that any mid level scam artist would bypass
You're right. Looking back on this video, there are so many different things I could've done. We'll be doing another video in the future, I'm sure. Thanks for your comment!
Ok the metadata thing might account for the times he had to actually upload the passport as a file (jpg or whatever) but not for the times he had to SCAN the passport. Correct me if I'm wrong .
@@Sumsubcom Also when you took the picture using your phone of your machine, you can clearly see the other tabs that were open, exposing the fact that you were taking a picture of the passport using your computer.
And use an email address in the name of the ID - not “Bradley” something g when it’s Paul applying
I’d also presume deep faking might play a little part too, I’d love to see fooling the AI with a deep fake.
i found your channel from seytonic's channel
and ever since it feels like a gold mine
i literally love all your content
That's really great to hear and it's fantastic to have you onboard. Looking forward to the future! Brad
I thought all hope was last on getting a job not until I was recommended to *driphack20* on Instagram, who helped I was able to got an ID and drivers license at affordable prices..
I thought all hope was last on getting a job not until I was recommended to *driphack20* on Instagram, who helped I was able to got an ID and drivers license at affordable prices..
@@richjack3703 scam
Have to be careful... Some of this brokers have common databases, about emails, cellphones, names, when they tag ONE red flag... can be that you'll be always tagged as a red flag IP, NAME, DOB... It's not THAT easy once your IP gets tagged.
Yes, you are right.
@@Sumsubcom Ip but more importantly fingerprinting and your specific device settings. If you really want to get this done just use a vm and make sure you have a vpn
two things you don’t want in life
a) be on the FBI terrorist flight ban list
b) be blacklisted by Banks
so don't play, the consequences can be painful and long lasting
@@adammaxi VPN be blacklisted or at least flagged
@@adammaxi, that's why use a cookie cleaner, socks 5 proxy server, and an anti detect software to bypass any security instrument.
All of that will give you a better chance.
Is nobody gonna talk about how he recorded a selfie video of himself even tho he doesn't look anywhere the same as the guy in the passport? 😅
I wanted to see if they would let me through, or what kind of error message there would be. :)
my drivers license looks nothing like me now, so Id say its possible to get the photo past in some cases
Are you gonna watch the rest of the video?
After you screwed something up with one service, you cannot expect to go back in to same service with same name, email, phone, mac address and I.P.
Good point, they are supposed to use internal blacklists. We're just checking that they actually do ;)
Your opinion is meaningless as websites can't get your Mac address
@@iainkay3630 do you have more information about using singed JavaScript to get Mac address? Also when is the last time someone used active X or internet explorer?
@@duckmeat4674 Give people half credit for being half right. Being wrong about a single detail isn't equivalent to being entirely wrong.
@@iainkay3630 I'm pretty sure he's using Mac OS?
I was wondering, if using a deep fake on the selfie verification may work. Pre-record the steps taking by moving your head side to side
but saying the numbers out loud would be a problem
@@taco4121 I get what you're saying, although I think with deep fake can also change the voice of the person. Unfortunately there are and always will be ways around scammers will find
@@SkullCreationsStudio yeah they could chainge the voice but the numbers that you have to say out loud are randomly chosen in the app. So pre recording would be really difficult
@@taco4121 Nah, not difficult. The number are from 1 to 9. Just have the separate sounds ready.
@@nickn2794 ah yeah true
You talked at the end of the video about analysis of pixels and advanced security features. However, the most basic check to automate for some time has been the reading of the MRZ; if this isn't in the standard format, it isn't a valid document. You admitted at the outset of the video that you're not sure about the proper format for the MRZ for the a passport of the identity that you were creating, and a single character being off has long enabled passport scanners to identify problems.
Indeed, in fact, the scan at the end of the video reveals that there are some problems with the MRZ.
Bruhh, It can already be faked.
yes
Do you offer a course for your video/photo editing? 😂 Your skill is excellente
I have the team to thank for that; there are some truly talented guys behind the curtain. Thank you for your comment! - Bradley
He's not even a real person... CGI
its easy
When's the currency counterfeit bolt on?
I doubt this is cgi
Can’t wait to see the re-do of this experiment! Love your content… I’m so hooked!
Your channel deserves a million subs! It's so informative, thanks for making these videos for us
Thank you so much!
Dear mr Young ;-)
Should the biggest take away of this not be : DONT EVER UPLOAD YOUR PASSPORT, ID OR FACE !
If the system you are trying to sign up on will ever get breached, your whole identity is out in the open and potentially in the wrong hands.
"But the website needs it so they can offer their services" I hear people say..... May I suggest you find another website that does have his ducks in a row :-)
And what's more: In a number of countries it is even illegal to upload such documents. In my country, The Netherlands, you are not even allowed to share your social security number with anyone exept goverment organisations. Since that number is on the passport, drivers license etc... you can't share those either unless you blatanly take out a marker and make everything black. And this will lead to yet another ban because you 'messed around' with your document.
Cheeeeeeeeeeeers,
Jecepede
SSN is essential for banking institutions tho, because they have to verify the identity of the person that's opening a banking account. Since multiple people can share the same name, the same date of birth and could also potentially share very similar appearance to each other (it is rare, but it may happen), and live in the same city, it's actually very hard for banks to verify your identity using only those informations. SSN however is unique to you and you only, which means that they can verify it is indeed you who is using their banking services. They can't of course share your personal informations with advertisers or literally anyone, they can only use them internally for processing to address you individually, and potentially offer you their own products and services which you might like. Do you want to tell me that banking institutions in Netherlands are not allowed to use SSNs for their internal purposes because they're not government institutions? And why am I talking about banking institutions? All of those services shown in the video are banking institutions that handle your money.
Earned a sub! I'm glad i found you guys before you got big!
Thanks! Great to have you here. :))
How you only have 18k subs and 10k views? This is so well made and is very interesting. Keep it up, you just got brand new subscriber!
I discovered this channel early in the morning now I find myself watching all the videos one at a time.
Glad to have you onboard, Parth!
The quality of content from this new of channel is amazing, almost as if it’s being used for money laundering…
Paul your face is now in a Al
database of known fradsters..
Yeah, I told the producers about that... Hopefully they don't nab me on the border lol
I wonder if we'll see phishing attacks aimed at getting people to rotate their heads & show id lol
Very good point. I hadn't thought about that. 🤔
@@KahruSuomiPerkele your can create live deepfakes of just a face with an etc card. But not yet on a weak laptop
@sumsub There’s probably at least a checksum at the bottom. Also, be careful in the USA we are a surveillance state whose leadership has been compromised by the CCP and trying that could put you on a no-fly list even though the spying and lack of due process are flagrantly unconstitutional. Not sure about 🇬🇧 hopefully the Queen does not have to answer to Marxists also .
@@pteppig what do you mean etc card ? Can further explain pls ?
Never felt so safe while seeing somebody fail repeatedly 😂
Why would you zoom in and edit out the identity verificaiton service comany's name? You can clearly see at 12:51 that there is something blurred in the middle. It's almost as if you are trying to hide that this video is secretly an ad to show the public that online identity verification works (which it doesn't, I tested it with just half an hour of work you just have to know what to to).
It is so conventient that the provider who detects the scams are Sumsub (the identity verificatior) and the others are just not working (no otp or page hanging). Not to mention that this channel is called Sumsub literally the company who's business is to identify people and has benefit from it to show that it works.
At 13:50 is it only me who got blurred bars on his face and sometimes background?
If you look at your results at 16:55, you’ll see that the MRZ is wrong. You could have easily looked it up before doing all this...
I went into this as a real amateur... Next time we'll get it right :)
I have wondered if someone could use a fake driver's license at a bitcoin ATM, and if fake money would be accepted at the atm. Seems like that would be a crazy scam
1:13 what the name of the website?
*It didn't work because you didn't remove the metadata of the passport image, the websites detect the image was generated by Photoshop.*
Interesting point, but I think you'll find that most services use a variety of algorithmic maps to detect forgery. It's not as simple as detecting the metadata.
At Sumsub, we use five. 😎
@@Sumsubcom What are they? What apps were you using to detect forgeries?
The face recognition check could be circumvented by an external video source input, going through a pc with a facial masking programme that emulates the photo on the document onto your face.
Which program does this for gnu/linux?
@@matteavana2384 did you find out if you did can you tell me
@@maryagyemang9870 didn't, actually
the color scheme for this video is superb. like the black hoodie ...the white background and the grey deco ....
I wanted to wear a suit, so you've got the team to thank for that!
4:45 most of the times the verification code arrives instantly after I single click on the power button of my cell phone. Otherwise it kinda remains in a somewhat 'idle mode'.
what forensic software did you use to verify ID scans?
It sucks those places even require camera validation. It makes sense if they're lending you money or allowing for you to use leverage, but if you're just adding funds and trading covered (like a cash account) some of those businesses should allow plain simple KYC validation (or does the law require thorough validation like that?). Just a couple of years ago (maybe longer) you could open an account on Coinbase without even adding an ID. 😟
This is where AML comes in. Transactions that pass certain thresholds need to be verified. This is especially important when it comes to crypto wallet checks.
My problem with KYC is that accountability doesn't go both ways. I understand banks and governments wanting to hold me accountable for my actions. They need to be equally accountable for how they use and distribute my personal information and their records of my activities as well as the times they impede legitimate activity, but they aren't.
@@MatthewStinar Amen! In the end they want to know how much money we have at any given moment to tax the hell out of us. There's no other reasonable explanation (plus knowing where our assets are make it easier for them to garnish / freeze what we have).
When it come to Coinbase there are level at the 3 level it ask you for live selfie verification so it's not that joke the way people think
This is 100% because regulations (MLR 2017, with 5MLD updates) require regulated crypto currency exchanges to be verifying details of customers. Even for one off transactions, this is still mostly required (as the thresholds are very low).
this channel is underrated
what is the name of the website at 1:12?
Any idea?
KYC can also reject legitimate documents and people when data is not accurate in their online databases. Also liveness checks can reject people when the documents are older.
Hello. What is the software at 16:40 called. Nice video btw
Trying to find it as well. Did you ever figure it out?
If you wanted to change your passport details, you at least need to check your MRZ check sum and secure image. It’s a pretty easy to be detected by the system since it doesn’t matched with the document itself. Btw, it’s pretty interesting video.
Thanks Thomas for the comment. Good advice too. I might try and make bulletproof documents and try again to actually fool some of these systems. Must be possible one way or another.
Yeah I noticed that too. I know little about the exact sequencing of passport except the basic stuff you can tell from looking the passport. The last digit has to be a checksum and I would assume the part after the Passport Number and birthday would also be a checksum. Checking with my own passport that seems to be the case.
And having the same checksum on the real and fake document would be a pretty big coincidence. Typing in the stuff provided into a checksum calculator it seems the last part should be a 9 instead of a 2. The passport number would be 9 instead of 7, Birthday checksum 3 instead of 6. (ofc the last part changes again after you fix the mistakes with the checksums for the other parts). Failing a single should put it into manual review in even the most basic system (checking if maybe the OCR has made a mistake), failing multiple of the check digits, I don't even think you need a human to look over that. Would've probably been more fruitful with a correct MRZ to see if the whole face thing even does a thing. A good amount of work put into making a 20 minute video but falling at the first hurdle.
Also sidenote I love how he blurred the expiration date on the real passport, yet the MRZ for the expiration is still there.
@@KiinaSu The expiration date isn't really a private information, as well as the document creation. Date of birth however is. And if someone else has your SSN (which may vary in format in every country, my country for example uses YYMMDD/XXXX format, where YYMMDD is a date of birth in two digit year, month and day format - so let's say you were born May 5th 1998, then date of birth would be 980505 - except for females, the most significant digit of a month changes, simply to a month a number 50 is added, so if you are female, then it's 985505, and XXXX is a four digit random identified assigned to you - multiple people can have the same identifier, but then they cannot have the same date of birth - as for non-binary genders, Czechia doesn't really have a system for that, your SSN is assigned to you at the day of birth most of the time, and even if you transition to another gender, where surgery is a requirement, then you can have a new SSN being provided to you, because it reflects your date of birth and your gender - but non-binary people don't have a mechanism, which is why I believe the government wants to change it to be more like a US SSN), it's game over if they do. They can impersonate you and take loans on your name and not pay for them, and get you in trouble. If they have your full name, your SSN, and your full address, you're screwed.
Anyway MRZ would be interesting to explore, learn how it is calculated, and try many different techniques to fool the MRZ validator. But I must stress that MRZ validator isn't the only check here. And pretty much all of those services have proceeded further into selfie check, which means that there might not even be an MRZ check in the first place, because validator only checks if the format is valid, not the informations, and if the format isn't valid, it may not proceed further and straight out refuse to continue. But the fact that even the checksums were all wrong, the app continued further, which means that there must have been some other issue preventing them to continue.
Not sure about the uk. But a RUclipsr did something similar in the EU and got jailed because the crime was real, even if he did it for educational purposes.
Can you name the video or the chanel
I'll be alright, Dunar.
How can you faking your passport not get you in trouble? Are the companies not gonna report it as document forgery?
@@superchdk I assume because he works for the company behind this channel and they would defend him. Also the laws in the UK could be different.
“I’ve tried, honestly… I gave it 6 minutes. I’m giving up”
Same bro
Thats why NFC verification + liveliness check is the way to do it. You can always pass the optical only checks.
What's up with the blur for a large part of the video at the b-Sharpe chapter?
I was also thinking about that
Okay, so here's what you pass the face check.
First download OSC.
Then, download an AI package called the thin spline model. It's an avatar based deepfake.
Take some video of yourself doing the head check. Make sure the video seamlessly loops before you process it.
The way you make a loop is by playing the whole video forward, then backward.
Now that you've got your driver video, apply either your fake person or the photo of your choice to the driver video.
At this point, provided you didn't open your mouth, you should have a nice low resolution video. Cool.
Drop that video into the frame extractor of choice. Blender's the easier for me, but you might prefer davinci or after effects. It does not matter. The important thing is that you have all the frames.
Take your raw frames and process them through one of the sharp upscalers in Stable Diffusion. You're shooting for something 1020x1020.
Re-assemble your video. Ideally, with innocuous room noise.
Now, set up OBS, enabling the internal camera.
Within your OBS scene, drop your looping video, and tell OBS to play it on loop. Make sure your canvas matches the image resolution of your upscaled images.
Set OBS camera feed to your default camera within windows or mac, or whatever you're doing.
And that's how you do that one.
I don't know enough to help with any of the other stuff, but you get the idea
Very interesting. I’ve been having issues with this exact thing. Do you have a discord or anything where I can ask you some questions? Cheers :)
The truth is that these ID verification companies are doing a lot more then using state of the art camera technology .. what I am saying is that these companies are running a (Background check/credit check) on you as well… to what extent I don’t know.
But what I do know is that it’s not legal for companies to run a background check on you with out your consent. In America
Avatarify - AI Face Animator & talking photos - for the live face videos - Boom sorted.
Great channel btw - quirky and off the beaten YT path.
Noted!
You need to walk into Social Security & tell them you just had a kid under 1 year ago & the kid and mother are out of country and you need a social security number for the kid that was born at home with a mid wife. Then open credit cards
matt cox!
@@KYLE-zo4bm I see you appreciate some good ole' RUclips. Screw colledge. I can build everything from a rocketship to a non existent human being from watching RUclips!... Americka!
@@AlphaBravo860damn right based
@@xabhax it worked for matt cox he did dozens of times idk if it would work today but it did in the mid 2000s
@@xabhax yeah i know matt cox faked the birth certificate too and all the docs needed to get them to issue an SSN and then went to the dmv and got IDs with that SSN just look him up its pretty insane what he pulled off
Great video as usual !
idk if this counts as verifying with a false identity but i got through the airbnb verification system when i was 17 (it’s 18+ only) by just changing the birth year on my passport with photoshop lmao, i think it worked because i didn’t change my name or photo? not sure though
Never imagined I would get a great job from you man thanks again
Just wondering when 'your' passport says Paul Young Peak, where Peak is clearly the last name, why the hell are you typing in your name as Paul Young without the Peak?
Even without further investigation there can't be a match.
But interesting to see anyway.
Also wondering isn't it illegal in the UK to even try to do something like this?
Is it possible that those companies have saved your live face video and added to their blacklist?
This is all dystopian in a very whimsical way.
I am a bit baffled by the concept here. I must have missed something because it seems like Bradley was mixing real information with fake information rather than creating a whole new fake persona where the photo would match your face as someone woudl do when trying to actually get past this. The coding on the passport seems to be the only variable but not an unsurmountable one.
Hey Will. The goal of this experiment was to see if I could pass the online identity verification systems with a blatantly fake ID, just to see what would happen. That's why in some instances, I'm using my real address, or my own email address etc. We were ultimately looking to get some responses from these guys. Would I get through? Would they temporarily reject me? Would I end up on some sort of blacklist? We should re-do the experiment with some anti-tank dark-web ordered passports. That would be a cool experiment. Cheers for the support!
@@Sumsubcom It jsut seemed like most if not all attemtps were setup for failure rather than real attempts to get through.
I am new to the channel though and do appreciate what you do.
So Bradley I think you forgot Smth… 2:54 on the pale passport the passport number isn’t reflected, on the bottom of the page it still shows 5***31970…assuming it’s your actual passport number…
Uhm.. Hypothetized scenario:
Take a selfie.
Upload selfie to one of the hundered "search by image" site.
Chose a guy that actually looks like you.
Redo what you just did.
Delete all Files and done commit a crime
I think Machine Readable Zone was the main reason it didn't go through not the photo. he needed an mrz that matches the name. forget the photo. you can use any photo.
new subscriber from nepal ❤
Great to have you onboard!
Your passport number doesn’t match the punch out passport number on the right side of your passport at 2:53
This episode is a real thriller! For a moment I felt like I myself am submitting fake ID. 5*
i’m traveling Canada by ETa visa which is made through the same passport like you shown above and no any verification is made. is it possible to reach there please?
i wonder if wirex only failed the second time because it had already flagged that name, what about with a fresh name and even a fresh face? have someone else attempt to sign up and use their photo on the fake id?
Whats the name of the apps used to scan, analyse and verify the ID documents?
I mean of course your going to fail verification when the picture on the passport isnt even the same person that is doing the "selfie" portion. Topping it off the phone number is registered to your name. A textnow or google number would circumvent that . These sites also use whats called "cookies" and "digital fingerprinting" meaning if youve used that pc as one person it recognizes that. Fresh Virtual Machine would be the way to do a test for that. and A drivers license or a government document would be much easier ways to go about fake as there isnt the number on the bottom to scan. Another thing is people that would do this would probably have already got their victim to send them stuff like this and edited their face to it instead so its a real doc everything scans just a different face to fool the selfie check.
I bet if you try your real passport, they'll block that as well. Your face, IP, phone number, address etc... must have gone into a blacklisted database on the first day.
Hi there, can you tell me what's the name of the website that you used to create a fake ID? Thanks!
You can just buy the photo of a genuine document and a video of the person moving their head online usually paypal scammers and any other banking scammer sells them
Nope! Depth detection means that faces need to be 3D. :)
@@Sumsubcom there is a trick to bypass that ;) you can research it
@@Sumsubcom But if the recording is 3D, can't you output a video as a fake web camera? See how they did fake online meetings with filmed clips of the same guy.
Shouldn't he change up address? Like also ips have fraud score. Also I don't know if he used the same phone number, probably the get into blacklist one they are rejected one time
I'll likely only get registered on their internal blacklists, so it's improbable that I'll get stopped on any borders. Good point though!
Oh my goodness, where do I even start...
First off, do a printout of the edited passport and then take another picture of the printout. It will require some fiddeling, however it will remove the tracepixels you leave when photoshopping the damn thing.
Second Deepfake the videopart and show a screen to the camera.
Third, VPN, VPN and yet another VPN. If your IP doesn't match the country you're supposedly in, that's the first red flag to any provider.
Fourth, use a real persons picture. Fake people are being detected relatively fast by AI, as they're most of the times to perfect.
And that's the primitive way to do it. Not even talking about running the phones OS in a Sandbox and simulating the whole input.
Feel free to contact me, if you have further questions.
Hey Joe, I get you. When I filmed this video, I really didn't know what I was doing. I was just playing around. We might do this at a later stage with some really thought-out fakes.
Thanks so much for taking the time to write to us, I hope your comment will help others! Or do I hope so? I don't know who our target audience even is anymore lol.
I want to know the method u say about simulating android os on sandbox
@Manu C I wouldn't do that if I were you. And I also wouldn't call that "safe".
@Martin The hell if I know. That totally depends on the laws of the country you're in. Also, maybe not the smartest move admitting something like that on a plattform like this. But then I'm no lawyer so, #nolegaladvice
It can be anything from computerfraud to identity theft up to forgery. Like I said, completely depending on the country you're in. Also, why would you do such a thing and not consider the possible consequences and outcomes up front?
How can I contact you?
Great video…didn’t know security had come so far…
It is worth reading up on the standard of the machine readable code as if you put in certain data the reader believes it is a testing document used to test their system and it can trick a lot of systems into not checking everything
The MRZ code of the fake passport can not be identified by an MRZ scanner. What an awkward technique.
you really should have made a new email address for this. with your name in your email not matching the name on your docs getting verified is highly unlikely. also a vpn in the nation of your fake doc would be a good call.
I actually believe that all these identity requirements show that the business that wirex us in is not legitimate, like a security camera they are useless to stop a pro who has a good plan to use their service for unallowed purposes.
The standards are higher than just Photoshop but are not that high if you know hacking. It is all about how much you want to surrender to these financial services in hopes of the offered pie in the sky.
that's because you take photos from a computer screen, it's different if you print them. trust me
Duddde... my life is like this episode.
Could you tell me the application using for ID scanning at the end of the video?
Let's hope that the real Paul Young Peak never tries those sites as he will now be flagged forever.
Does a fake also work on RUclips for the age verification? Or do they just close your google account?
I’m way over the age limit but no way I’m feeding them my data
You'd have to be a real genius to scam this kinda stuff... We'll try it again in a future video.
@@Sumsubcom that would be cool to see, I've tried searching if someone has tried this in private but seems like nobody did!
Careful they don't log your details with CIFAS that will screw you credit report
Please which website did you use in creating this?
Would be interesting to use a photo of someone you know and have them do the live’ness verification with your name and details and see what happens. Pretty sure it might work. I think I’ll try it 👌 Thx!
Not so fast! That's where anti-fraud comes in. At Sumsub, we use five different algorithmic maps to determine a document's authenticity. If you try that, the least you'll get is a final rejection notice on the basis of photoshop.
Nevertheless, if you do give it a go, let us know! -Brad
Is there really a point in doing something like this though? The only advantage that you would get is the service not knowing what your real face looks like, which is quiet unimportant (imo).
@@eggibot what one would get is a mis-match in identity, and avoid all kinds of inconveniences. That account could be considered void, in the meanwhile you could move plenty thru it.
This option might be useless to you but you don’t speak for everyone.
@@curiousmind6472 yea, but you are still using your own REAL name and details, so it wouldn't be too complicated for other parties to identify the (suspected) account owner. the reason to use fake ID after all is to not have identifying information associated with your account
@@eggibot Certainly when a bank account is open with conflicting information it’s considered void/fraudulent, and so would be the case in this situation. No regulator could tax the account legitimately, especially with all parties denying the accounts existence. Trust me, it’s been done before - many times.. You could simply use one friends ID and someone else’s picture, opposed to your own. No rocket science there.
Hi all! Has anyone any idea what happens when someone has beard but the ID photo is without!? (Actually the photo is with a minimal beard!)
Should have used your own photo from the start. Now those websites had your IP address and what not from your first go around.
The IP address wouldn't necessarily cause a problem because of VPNs 🤓
However, I'm sure my face is being stored on a number of different internal blacklists now...
@@Sumsubcom oh for sure. RIP your privacy. Time to get an actual new identity lol
You did not bother to change email adress... Paul young for sure has an email adress bradley.... What is your viewer avg age?
What if you submit affidavit of name change on the support.
Interesting
Well it's more obvious way to pass it: use your real face and photo, but fake passport data (name, address, document numbers and so on)
Taking a picture of a printout of probably be better than the screen
This my new fav channel
you could use some sort of realtime deepfake for the video verification, or redirect your camera to a prerecorded video
Do you really need to show the same verification procedure for the providers twice in the same video? The videos are way too long
Ho usato i miei documenti originali e nulla. Non viene superata la verifica. Direi di occuparvi anche dei falsi negativi oltre che dei falsi positivi.
Its interesting to note that OTPs via SMS are broken the world over.
Which website was that for id generation
Find the ML model used in lots of KYC toolkits -> gradient ascent on the image -> profit
I have been using verification which scans the biometric chip on my passport, so you cannot change the details on your passport.
The text verification isn't actually to verify your phone number, it checks your cellphone providers account info with the info you provided to the website to help verify your identity
I think you don't know what you are speaking about, this is bullshit.
What's the website shown at the first section?
Here because of D.A.N.
Nice to have you on board!
my dad tried to sign up to gemini back in early may of 2021, we put in all the correct data and it is november 24th and we are still waiting to get confirmed :skull:
Plot twist:
He actually tried to open up a fake account and had to come up with a cover story.
Your using an email address with the name Bradley in it, yet the passport name is Paul Young Peak... Anyone would flag that difference.
Do you have other chanel?would love to hear you talking about other related stuff to me
couldn't you just left your own Picture in the fake passport and just change the name and Adresse etc?
Could you try something like this but instead with valid passport data and attempting to bypass the liveness check with a deepfake video? Also would be interesting to see if a valid passport with some minor discrepancies like date of birth changed would pass their tests