AI Fraud and Deepfake Glossary: The Complete Guide

Let’s suppose the two people in the vendor call both hear the word “liveness”. One imagines a “blink test” and the other imagines “passive background analysis.” They both nod in agreement, and each agrees to two totally different products.

This is a critical problem with the language used around AI-related fraud. For example, a company reportedly lost $25.6 million due to a deepfake video conference call.

To help clear up any confusion, this AI fraud deepfake glossary 2026 provides straightforward explanations for about 35 important AI fraud and deepfake detection terms. 

It contains common vocabulary, real-world examples, and associated terms. Once you’ve read it, your team will know the same threats and be on the same page!


Key Takeaways

  • The fraud types, such as deepfakes, voice clones, and face swaps, are the attacks. Defenses are detection methods (liveness, biometric analysis, metadata). You should draw a distinction between the two columns in your mind.

  • Liveness detection vs. presentation attack is the first pair to get straightened out. One is the check. The other is the attack that it attempts to intercept. These can be confused with each other.

  • Synthetic media tech (GANs, diffusion models, deep learning) explains why fakes look like real photos and where your detector looks for ‘tells’!

  • What it means to be “verified” is defined by standards and rules such as FIDO, NIST, ISO/IEC 30107, the EU AI Act, and C2PA. If there is no named standard, it’s just a claim. 


Why Your Security Team Needs This Glossary

AI Fraud language can sometimes be a bit confusing when vendors, researchers, and regulators refer to things differently based on their specific goals.

And when the terminology doesn’t align, it can slow onboarding and can cause delays in risk reviews as people would be discussing definitions rather than the actual threats. 

That’s why it’s helpful to have a shared glossary to get new hires up to speed and to make calls with vendors much more productive.

AI Detection AI Detection

Never Worry About AI Fraud Again. TruthScan Can Help You:

  • Detect AI generated images, text, voice, and video.
  • Avoid major AI driven fraud.
  • Protect your most sensitive enterprise assets.
Try for FREE

How We Built This Glossary

I started with specific security terms that security workers actually search for on Google. Then looked up each term in industry reports and in ISO and NIST guidelines. 

I also made sure to provide examples that are relevant to real-life events from incidents that made the news, so that every entry was from publicly available information/data that has been sanitized (but never customer data)

35 Essential AI Fraud & Deepfake Terms (Organized by Category)

Fraud Types (Deepfakes, Voice Cloning, Face Swaps, and More)

Deepfake

  • Definition: Media created synthetically by using AI to manipulate or combine a real person’s face, video, or voice to make them say or do something that they actually didn’t say or do.
  • Real Example: In 2024, a Hong Kong employee was fooled into joining a video call with other participants, including the company’s CFO, who were all AI-generated, multi-person faces.
  • Face Swap, Voice Cloning, and Cheapfake are all related terms

Voice Cloning

  • Definition: When an audio sample of a human voice is used to train an AI model that uses text-to-speech to read any script in the same voice and with the same tone and accent.
  • Real Example: In 2019, scammers were able to clone the voice of a UK energy subsidiary’s CEO using AI voice cloning software to wire $243,000 to a fake supplier.
  • Related Terms: Deepfake, Vishing, Audio Forensics.

Face Swap

  • Definition: The overlay of one person’s face over another in an image or video. (real-time during live video feeds)
  • Real Example: In November 2023, Bollywood and South Indian actress Rashmika Mandanna went viral when someone face-swapped her with a stranger in an elevator.
Asian young womans portrait on dark wall
  • Related Terms: Deepfake, Deepfake KYC Bypass, Liveness Detection.

Synthetic Identity Fraud

  • Definition: A high-tech and sophisticated identity theft in which fraudsters use AI to build an entirely new identity persona, for instance, using a legitimate Social Security number, ID number, or other information.
  • Example: A recent case is a 20-year-old Israeli man who allegedly exploited AI to create synthetic digital identities by using stolen ID images and bypassing banks to open accounts and credit cards in victims’ names. The scheme affected approximately 120 victims, and losses were in the hundreds of thousands of shekels. 
  • Related Terms: Biometric Spoofing, Deepfake KYC Bypass, KYC.

Presentation Attack

  • Definition: A method of fooling a biometric authentication system (voice verification, fingerprint scanner, facial recognition) by presenting fake or replicated samples such as silicone fingerprints, printed photos, or deepfake audio.
  • Real Example: In India, a cybercrime gang was found stealing money from various bank accounts at Palwal using silicone rubber fingerprints by the Aadhaar-Enabled Payment System (AePS). 

Authentication by facial recognition concept
  • Related Terms:  Biometric Spoofing, Presentation Attack Detection (PAD), Liveness Detection. ISO/IEC 30107.

Deepfake KYC Bypass

  • Definition: Use of generative AI tools to create fake IDs for KYC (Know Your Customer) and a cloned voice for customer support calling for authentication of calls during a company’s automated onboarding or verification process.
  • Real Example: The ABN AMRO Bank fraud in Amsterdam, in which a 34-year-old fraudster opened dozens of fake bank accounts using AI and phony identity documents to bypass automated selfie-to-document checks.
  • Related Terms: Synthetic Identity Fraud, Liveness Detection, Document Verification.

    Vishing (Voice Phishing)

    • Definition: A social engineering fraud that uses a phone call to trick the person into providing their personal information or finances. Now happening more frequently because of AI voice cloning.
    • Real Example: In 2025, fraudsters managed to trick a wealthy businessman into sending nearly €1 million to a Middle Eastern country, using the voice of Italy’s defense minister to call him as if he were in a crisis for funds to free kidnapped journalists.
    • Related Terms: Voice Cloning, Executive Impersonation, Audio Forensics.

    Executive Impersonation

    • Definition: What is traditionally called a “CEO Fraud” or “Business Email Compromise (BEC)” attack is a cyberattack in which a bad actor impersonates a high-ranking business officer to request a quick financial payment or the release of information. 
    • Real Example: The most famous incident of Business Email Compromise (BEC) and executive impersonation fraud is the 2016 FACC incident, which cost the Austrian aerospace manufacturer $50 million. 
    • Related Terms: Deepfake, Vishing, Voice Cloning.

    Cheapfakes

    • Definition: Also known as Shallowfakes, this refers to deceptive audiovisual media produced using basic, easy-to-use editing tools. These manipulations are performed using common methods to modify the context, rather than using advanced AI technology to produce fake content. 
    • Real Example: The iconic cheapfake incident of the former U.S House Speaker, where the actual video was just slowed to 75%, and the pitch of her voice was changed to make it seem as if she was slurring and intoxicated.
    • Related Terms: Deepfake, Synthetic Media, Metadata Analysis.

    Detection Methods (Liveness, Biometric Analysis, Metadata, and More)

    Liveness Detection

    It is effective in detecting replay attacks, including a video of a person on a tablet, printed photos, basic 3D masks, and 3D models used for deception.

    It may overlook more sophisticated methods, such as real-time digital injection, camera feed bypass, and a deepfake or live face swap directly streamed into the software camera feed.

    For instance, an onboarding app asks users for a selfie and verifies the image shows a person’s face, with a sense of perspective, skin texture, and movement.

    Passive Liveness Check

    It identifies typical presentation attacks while maintaining a good user experience and prompt recognition of flat screens or cutout images.

    However, the system may fail to detect more sophisticated generative AI deepfakes embedded in the video stream with realistic lighting and textures.

    The system automatically analyzes the texture of the user’s face in a split second when the user logs in to the bank, without disrupting anything, and checks whether it is a real 3D face.

    Challenge-Response (Active Liveness)

    It can detect pre-recorded deepfakes, static spoofing, and limited automated bots.

    But it might be unable to defeat higher-level generative models that can alter a fraudster’s face and/or voice to mimic provided prompts with low latency.

    A very secure portal prompts users to say the numbers 8, 3, and 1 so that they meet the requirement that their voice and lip movements be exactly parallel to a random real-time request.

    Presentation Attack Detection (PAD)

    An umbrella term that detects a variety of physical spoofing techniques, including paper cutouts (Level 1), sophisticated 3D silicone masks, and high-def video displays (Level 2/3).

    It might miss purely digital attacks such as data tampering or camera hijacking, since they do not create a physical artifact for the sensors to detect.

    A certified Level 2 PAD software is used in Practice when an enterprise biometric gate that instantly denies entry to any bad actor attempting to gain access using a high-fidelity 3D-sculpted mask of an executive.

    Biometric Analysis

    Abstract glowing finger scanning hologram

    It identifies identity mismatches when a fraudster tries to log in to a victim’s account using their own live face or voice. But it does not verify the authenticity of the person created using deepfake, but only matches the biometric markers of a high-quality deepfake that would pass the test.

    Behavioral Biometrics

    It helps detect account takeovers when a person enters the correct password but uses a different device than the account owner. But it may not be able to detect automated scripts that mimic human behavior or when someone is required to take action themselves.

    In practice, picture a banking site that flags a session as high-risk if, all of a sudden, the user begins copying and pasting data into the fields and typing something entirely different from what they’ve been used to over the years.

    Metadata Analysis

    This can identify if someone took a selfie using a live smartphone device, but then exported the image from Adobe Photoshop or generated it with an AI image-creation tool.

    If a threat actor has carefully deleted or altered the metadata from an edited file, it might go undetected.

    Imagine you have an insurance claim in which you took a photo of a car accident that appears to have been taken at the time of the accident, but the metadata on the photo says that it was actually taken 2 years before the accident.

    Audio Forensics

    It can easily pick up on artificial flat tones, odd pacing, missing natural breathing noises, or small background sounds that may be overlooked by AI voice cloning software.

    But it has limitations, particularly when the audio is highly compressed, low quality or noisy from a cell phone transmission, which can potentially disguise the digital signatures of AI audio.

    For instance, a corporate call centre system could be used to identify a wire request that comes in as extremely high-value when the voice of the ‘executive’ sounds like text-to-speech software due to its rhythm and artificial tone.

    Document Verification

    This can help identify fake, tampered, and AI-generated ID documents that are used across the digital onboarding process.

    It may not be able to recognize a completely legitimate, intact stolen hard copy document offered by a “man-in-the-middle” fraudster who appears to be the victim.

    For example, a verification engine on the Web could detect a fake driver’s license if the font and microprint features do not match the official driver’s license templates of the state’s Department of Motor Vehicles.

    Deepfake Detection

    Screenshot of Deepfake Detector for Video & images

    The ability to detect AI-generated media, such as unnatural eye movements, lighting, blurred lips, etc. But it has a false positive rate and can pass a “cheapfake” or “shallow fake,” where a real video is just slowed down, cropped, or otherwise edited.

    Synthetic Media Tech (Deep Learning, GANs, Diffusion Models)

    It is necessary to know which tech leaves which fingerprint, since it is the fingerprint your detector will look for. Older detectors relied on many “tells” in diffusion, which is why a tool that was effective 2 years ago can easily become oblivious to new diffusion 2 years later. 

    Here are the terms related to synthetic media that you should know, and let’s start with synthetic media itself: 

    Synthetic Media. Any content made or altered by AI, whether it’s text, image, or audio. Deepfakes and cheapfakes are both examples of it, which we learned earlier.

    Deep Learning. Sort of AI that learns patterns layer-by-layer from massive amounts of examples. It is the basis for most deepfakes and most detectors. Like a face generator trained with thousands of real faces learns to fake one; another learns to catch the fake face.

    Synthetic Data. Synthetic but believable data that is created by AI and utilized for model training. It has both positive and negative applications. For example, a fraud team trains a detector on synthetic faces, enabling it to detect attacks it hasn’t seen before, as well as fakes.

    Generative Adversarial Network (GAN). It has two AI parts: one that creates fakes and the other that attempts to find them. Meanwhile, the fakes get improved. For instance, many of the “this person does not exist” faces were from GANs. 

    Diffusion Model. Newer AI that progressively filters out noise to create an image, resulting in extremely clean fakes. AI image tools, for example, simply use diffusion. 

    Autoencoder. A.I. that compresses a face to its main features and then reconstructs it. It is the simplest of swaps for faces. An easy example is to imagine it knows Person A and Person B, and then it maps Person A onto Person B. 

    Generative AI. AI that generates new content (text, image, audio, video) instead of just categorizing it, and not just one type in response to a prompt, but several types of content through a simple prompt. 

    If you want the plain-English version, see what generative AI is

    Verification & Authentication Standards

    The term “ISO 30107” (Biometric Presentation Attack Detection) is more of a marketing term than a true security signal. The only way to really determine its performance is to understand who actually performed the tests (the lab), the difficulty of the tests (the level), and when it was most recently tested (the date).

    The same goes for every standard below. Each one only helps once you know what it actually does for your fraud prevention program:

    Identity Verification (IDV/ eKYC) is the process of confirming an individual’s identity using an ID and a live selfie. Imagine that it’s your front door; attackers may use deepfake selfies and fake IDs. But it only holds up when you use a liveness check with it (scanning the document isn’t enough)

    KYC (Know Your Customer) is a regulations that demand businesses to validate the identity of their customers prior to account opening. 

    Remember that KYC isn’t the “last step” in fighting fraud, so it may be a good idea to add extra security measures.

    Multi-Factor Authentication (MFA) is the process of logging in with two or more pieces of information, such as a password or code, or facial recognition. 

    It prevents access with stolen passwords, but it does not prevent a user from being deceived or a face swap from happening at sign-up. Use as many security measures for your account as possible! 

    FIDO (Fast Identity Online) is a set of open standards for strong, frequent logins without passwords using device keys or biometrics like passkeys or fingerprints. Since it defends the login procedure rather than the sign up procedure, ensuring in-person verification will still be crucial during the sign-up phase.

    ISO/IEC 30107 is the international standard used to assess the system’s effectiveness against presentation attacks worldwide. Ask your vendor about their passing level. testing lab and the date of testing before spending money. When a certification appears on the website without a level, you should assume that it’s only a claim.

    NIST (National Institute of Standards and Technology) is the United States’ standard-setting body that evaluates biometric and detection systems. One tip for practicing: if a vendor provides their accuracy statistics, use NIST’s unbiased results instead.

    EU AI Act (Article 50) will require the labelling of AI-generated or AI-altered content such as deepfakes, starting August 2, 2026, and will hold a penalty of up to 15 million euros or 3% of the global turnover. For EU customers, AI labelling is an excellent time to incorporate it into your processes.

    The C2PA (Content Provenance) is an open standard and a cryptographic solution based on a tamper-proof “nutrition label” embedded in digital files (photos, videos, and audio). It is backed by leading technology companies, such as Adobe, Microsoft, and Intel, and changes the way you approach fraud from a reactive (catching the bad guys) to a proactive (ensuring it is original) approach.

    Most-Confused Term Pairs (And Why They’re Different)

    Liveness Detection vs. Presentation Attack

    A presentation attack is the fake sample that an attacker presents to the system: a photo, a mask, a replay, or a deepfake. The defense that attempts to identify it is called liveness detection and is part of the larger problem of presentation attack detection.

    If you ever hear “we have liveness,” then you know that someone was attempting to block presentation attacks. 

    Deepfake vs. Face Swap vs. Voice Clone

    Face swap changes a face typically in live video, while voice cloning replicates a voice usually over a call. And a deepfake is the umbrella term that uses both and much more. 

    A video face detector will not help you catch a cloning-voice phone scam. This is important because many “we stop deepfakes” statements actually only address one of the three. You need a detector that does all three.

    Biometric Spoofing vs. Synthetic Identity Fraud

    Biometric spoofing is the presentation of a fake sample (a mask or photo) as genuine, while synthetic identity fraud creates a new “fake” identity. The most expensive error is reporting a synthetic identity case as “spoofing,” as this alerts the team that cannot solve the case. 

    How to Use This Glossary on Your Team

    If you’re putting this glossary to use with your team, this is a quick way of doing that: 

    • Use it during onboarding for new employees when teaching them about fraud prevention.
    • Consistently use the terms with the team so everyone is speaking the same language on each call.
    • Compare fraud detection vendors by using these terms to cross-reference.
    • Make updates every few months as new threats and rules are discovered.

    Frequently Asked Questions

    What’s the difference between deepfake detection and synthetic media detection?

    Deepfake Detection identifies AI-generated fakes of a real person, such as duplicated faces or voices.

    Synthetic media detection is more inclusive and identifies any AI-generated or manipulated content, whether it is text or image, even if it’s not of any specific individual. A deepfake is one of the pieces of synthetic media.

    What does ‘liveness detection’ mean in security?

    It does not check a photo, a mask, a screen, or a recording; it checks the real person. It fights against presentation attacks, sometimes by requesting a small live action (active), and other times by reading the natural background signals (passive).

    What is a presentation attack, and how does it differ from spoofing?

    A presentation attack happens when a fake sample is presented to a biometric system. Spoofing is the umbrella term for any method used to gain unauthorized access through a fake identity.

    What is synthetic identity fraud, and how do you detect it?

    It occurs when criminals combine real and fabricated information to create a fictitious persona.

    It’s done by integrating identity verification, document verification, liveness detection, and behavioral biometrics, and because there is no single human victim to report the crime, these “Frankenstein IDs” can bypass traditional security measures.

    What’s the difference between GANs and diffusion models in terms of fraud risk?

    The core difference is how they operate: early deepfakes were powered by GANs and tended to have small artifacts that could be easily detected.

    On the other hand, diffusion models yield purer, photorealistic results, making it easier to trace their origin through digital watermarks.

    Do security teams need to know all these terms?

    Not all terms are necessary for everyone. But risk and fraud verification teams should share the same meaning for the core ones (deepfake, liveness, presentation attack, synthetic identity, KYC), as a single mismatched word can trigger an alert to the wrong place.

    Final Thoughts

    The quicker your team can all agree on the meaning of every word, the quicker it can detect a threat and react. 

    When all alerts are in the same language, there is one picture to review, which helps prevent a fake from costing any money. 

    Use this Glossary and refer to it from time to time as the attacks and rules continue to evolve, and if you want to see how these fakes get caught in real life, you can try out TruthScan’s deepfake detector.

    Copyright © 2025 TruthScan. All Rights Reserved