CivilsWisdom.
Updated · Today
Science & Technology June 11, 2026 5 min read Daily brief · #18 of 50

Fraudsters creating deepfakes to bypass facial authentication: I4C

The Indian Cybercrime Coordination Centre (I4C), operating under the Ministry of Home Affairs (MHA), has issued an advisory warning individuals, banks, and f...

GS Paper 3 (Internal Security Cyber Security) and GS Paper 2 (Governance)

What Happened

  • The Indian Cybercrime Coordination Centre (I4C), operating under the Ministry of Home Affairs (MHA), has issued an advisory warning individuals, banks, and fintech firms about the escalating threat of AI-generated deepfakes being used to bypass biometric and facial authentication systems.
  • Cybercriminals obtain facial recordings through deceptive video calls, fake online job interviews, and social engineering — tricking victims into blinking, turning their head, or speaking specific phrases, which are then processed using AI-powered deepfake generation tools.
  • These synthetic facial replicas can bypass liveness detection, Video-KYC (Know Your Customer) procedures, and facial recognition authentication used by digital financial platforms.
  • I4C has advised consumers to lock biometric credentials, avoid sharing facial recordings with unknown parties, and monitor account activity closely.
  • Banks, NBFCs, and fintech companies are advised to incorporate deepfake and synthetic content detection into their customer onboarding and verification systems.

Static Topic Bridges

Indian Cybercrime Coordination Centre (I4C) — Structure and Mandate

The Indian Cybercrime Coordination Centre (I4C) was established in 2018 as a scheme under the Ministry of Home Affairs (MHA) to create a comprehensive, coordinated framework for prevention, detection, investigation, and prosecution of cybercrime. It was designated as an Attached Office of MHA with effect from 1 July 2024. I4C does not directly investigate crimes but provides the coordination architecture for law enforcement agencies across states.

  • Components of I4C: National Cybercrime Threat Analytics Unit (TAU), National Cybercrime Reporting Portal (cybercrime.gov.in), Platform for Joint Cybercrime Investigation Team, National Cybercrime Forensic Laboratory, National Cybercrime Training Centre, Cybercrime Ecosystem Management Unit, National Cyber Crime Research and Innovation Centre.
  • Helpline 1930: Citizen Financial Cyber Fraud Reporting and Management System — toll-free helpline to report financial cybercrimes (allows near-real-time blocking of fraudulent transactions).
  • CERT-In vs. I4C: CERT-In (Computer Emergency Response Team – India) is under the Ministry of Electronics and Information Technology (MeitY), established under IT Act Section 70B (2004), and focuses on cyber security incidents and vulnerability response. I4C is under MHA and focuses on cybercrime investigation and law enforcement coordination — distinct mandates.
  • I4C has been designated as an agency of MHA to notify unlawful activities under the IT Act framework.

Connection to this news: I4C's deepfake advisory is precisely within its mandate — it is the coordinating body for all financial cybercrime, and AI-driven authentication bypass directly threatens digital financial infrastructure.

A deepfake is AI-generated synthetic media — video, audio, or images — that realistically replicates a real person's appearance, voice, or behavior using techniques like Generative Adversarial Networks (GANs) and diffusion models. In authentication bypass, deepfakes are used to fool liveness detection algorithms (which check for blinking, head movement, lip sync) used in Video-KYC and facial recognition systems.

  • The primary legal provisions applicable to deepfake-based fraud in India:
  • IT Act, 2000 (amended 2008): Section 66C (identity theft), Section 66D (cheating by personation using computer resources) — both cognizable offences.
  • IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021: Require platforms to take down deepfake content within 24–72 hours of a complaint; users must not upload synthetic media that impersonates individuals.
  • MeitY AI Governance Framework (2024): Advisory requiring AI platforms to label AI-generated content; discussions on mandatory deepfake watermarking continue.
  • BNS (Bharatiya Nyaya Sanhita, 2023): Sections on cheating and fraud by impersonation provide IPC-equivalent criminal recourse.
  • Video-KYC (V-CIP): Reserve Bank of India (RBI) mandated Video-based Customer Identification Process for digital onboarding of bank accounts and financial products — now a target for deepfake attacks.
  • The National Cybercrime Reporting Portal (cybercrime.gov.in) and Helpline 1930 are the primary citizen-facing reporting channels.

Connection to this news: The I4C advisory specifically calls out deepfakes defeating liveness detection in Video-KYC — the exact intersection of IT Act provisions (66C/66D), RBI's V-CIP guidelines, and AI governance gaps.

Biometric Authentication and Liveness Detection Systems

Biometric authentication uses unique physiological or behavioral characteristics — fingerprints, iris patterns, facial geometry, voice — to verify identity. In digital KYC, liveness detection is a critical anti-spoofing layer that checks whether the biometric being presented is from a live person (not a photo, video replay, or deepfake). Modern liveness detection requires active challenges (blink, turn head, speak a phrase) — exactly the behaviors fraudsters are now harvesting through social engineering.

  • India's Aadhaar-based biometric authentication (managed by UIDAI) uses fingerprint and iris — less vulnerable to deepfake video attacks, but facial-recognition based systems (private sector) are directly targeted.
  • RBI's Video-KYC (V-CIP) guidelines require a live video interaction with a bank officer — deepfake injection attacks target the video feed in this interaction.
  • The Payments Vision 2025 (RBI) and Digital India initiative drive rapid expansion of digital onboarding — increasing the scale of potential exposure to authentication fraud.
  • The NCRB (National Crime Records Bureau) tracks cybercrime statistics annually; cybercrime cases have grown substantially year-on-year, with financial fraud being the dominant category.

Connection to this news: As deepfake quality improves, the gap between attack capability and liveness detection capability widens — the I4C advisory is a recognition that current biometric onboarding systems require urgent upgradation.

Key Facts & Data

  • I4C established: 2018 (as MHA scheme); Attached Office of MHA from 1 July 2024
  • I4C Helpline: 1930 (Citizen Financial Cyber Fraud Reporting)
  • Cybercrime portal: cybercrime.gov.in (National Cybercrime Reporting Portal)
  • CERT-In: Under MeitY; established 2004 under IT Act Section 70B; handles cyber security incidents
  • IT Act Section 66C: Identity theft (imprisonment up to 3 years + fine)
  • IT Act Section 66D: Cheating by personation using computer resources (imprisonment up to 3 years + fine up to ₹1 lakh)
  • IT Rules 2021 (Intermediary Guidelines): Deepfake/synthetic content takedown within 24–72 hours of complaint
  • Deepfake technology: GAN-based and diffusion-model-based synthetic media; capable of bypassing liveness detection checks
  • Attack vectors identified by I4C: Fake job interviews, deceptive video calls, social engineering to harvest facial recordings
  • Systems targeted: Video-KYC (V-CIP), facial authentication, account recovery mechanisms
  • RBI V-CIP: Video-based Customer Identification Process — mandatory for digital financial product onboarding
  • NCRB: National Crime Records Bureau — tracks cybercrime statistics; financial fraud is dominant subcategory
On this page
  1. What Happened
  2. Static Topic Bridges
  3. Indian Cybercrime Coordination Centre (I4C) — Structure and Mandate
  4. Deepfakes — Technology, Legal Framework, and Regulatory Response
  5. Biometric Authentication and Liveness Detection Systems
  6. Key Facts & Data
Display