Stopping Deepfake Fraud: Identity at the Exact Moment Money Moves

A familiar voice on Zoom. A “known” face on video. A routine request that moves millions. Today’s most dangerous attacks look like business as usual—until the funds are gone. With guest Peter Segerstrom (Traceless) and host Christopher Dryden, Esq., The Payments Experts Podcast tears into how AI has supercharged social engineering—and what payments teams can do about it right now.

Why this matters to payments & fintech

Fraud has shifted from stealing numbers to stealing people—their voice, face, and work patterns. Help desks, payment ops, treasury approvals, and VIP inboxes are the new perimeter. If you move money, change bank details, or provision access, your identity workflow is your risk model.

What we cover (built for operators)
• AI-enabled impersonation: Voice/video spoofs that pass a quick “does it sound like them?” test—and how to break the illusion in seconds
• The help desk as your identity perimeter: Password resets, SSO unlocks, and privileged access handoffs that attackers abuse first
• Ephemeral data, not permanent secrets: Why short-lived artifacts and least-retained data shrink both breach blast radius and audit pain
• Payments risk beyond PCI: Real controls where losses happen—supplier changes, wire approvals, card-on-file changes, and refund pivots
• POS/IoT exposure: The quiet attack surface growing with each new device and integration
• Wire-fraud playbooks: Out-of-band verification that actually works when time is tight
• Audit, insurance, and exit readiness: Controls that lower loss and premiums, and survive technical diligence

Field patterns you’ll recognize
• Friday-afternoon wires after weeks of mailbox surveillance
• “Urgent” VIP resets that turn into lateral movement and payout edits
• Deepfake calls that pressure teams to skip second-factor checks
• Vendor banking changes greenlit on trust instead of verification

The 12-control checklist (deploy this quarter)

1. Two-channel verification on money moves: Approver must touch a second, pre-registered channel before any bank-detail change or high-value transfer
2. Reset hardening at the help desk: No single-factor resets; require device signals + OTP + recent-activity challenge
3. Short-lived secrets: Replace static screenshots and passwords-in-tickets with ephemeral artifacts that expire after use
4. Privileged session guardrails: Time-boxed elevation and approvals logged to an immutable trail
5. Vendor change surgeries: Treat IBAN/routing edits like production releases (staging → review → two-person control → deploy)
6. Location/device reputation checks: Deny or step-up when posture is off (new device, TOR/VPN, geo anomalies)
7. Tiered approvals by risk: Amount, corridor, and beneficiary novelty drive extra checks automatically


**Matters discussed are all opinions and do not constitute legal advice. All events or likeness to real people and events is a coincidence.**

If you're playing to win, you hire Global.

We track markets, influence outcomes, and put the best people in the room.
We know the players. We know the playbook. We execute.
We don’t make noise. We move the needle.

Clients don’t come to us for effort. They come for outcomes.
For leverage, access, intelligence, and clarity when everything’s on the line.

Global isn’t the alternative. It’s the advantage.

Visit Global Legal Law Firm today: https://www.globallegallawfirm.com/

A payments podcast of Global Legal Law Firm