When the CFO on the Call Wasn't Real: Wire Fraud Controls That Survive Deepfakes

After Hong Kong, the industry split: buy deepfake detection, or ask why a video call counted as authorization. Wire fraud after AI is an authorization design problem — dual control, out-of-band verification, step-up at the action, and custodian holds that hold when every channel is fake.

After the first widely reported deepfake wire fraud case — millions lost following a fabricated executive video conference in Hong Kong in early 2024 — the industry split into two reactions. One camp called for better detection: tools that flag synthetic faces and cloned voices before someone authorizes a payment. The other asked a harder question: why did a live call count as authorization at all?

That second question is the one that matters. The wrong takeaway from Hong Kong was that firms need to win an arms race against deepfake quality. The right takeaway is simpler and harder to fix: the meeting was the approval. There was no separate control that would have held if every participant had been synthetic. The failure was not an employee who could not spot a fake. It was an organization that never built a process where spotting a fake was required for the money to move.

This post is about that design problem. Not another threat survey — I covered the broader landscape in The Quiet War on Asset Managers. Here the focus is narrow: how asset managers and registered investment advisers should authorize money movement when email, phone, and video can no longer be treated as proof of identity.

Wire fraud controls — deepfake video call on one side, dual authorization, audit trail, and out-of-band verification on the other
Untrusted channels versus architectural controls — authorization must not depend on any single signal being authentic

The wrong problem and the right one

Most firms still classify wire fraud as a phishing problem, an awareness problem, or an AI problem waiting for a detection product. It is none of those, primarily. It is an authorization design problem: who is allowed to change where client money goes, through which systems, with what evidence, and who else must agree — independent of any message or call.

Business email compromise has never required sophisticated malware. Someone impersonates a client, executive, or vendor. A person authorizes the change. Funds move. The SEC has brought enforcement actions against registered investment advisers for exactly this pattern — not because technology failed, but because the process to catch it did not exist or was not enforced.

AI changed the quality of the lure, not the mechanics of the failure. Large language models personalize wire-fraud email at scale: portfolio context, communication style, plausible urgency. Deepfake audio and video put a recognizable face on the instruction. But the control failure is the same as it has always been: one person, one channel, no independent verification in the system of record.

Channel, identity, and authorization are three different things

Firms routinely collapse these layers. An email arrives from a domain that looks right — that is treated as the client. A voice on the phone sounds like the CFO — that is treated as authorization. A video call shows familiar faces — that is treated as a signed approval.

Each step is a category error:

  • Channel integrity — Was this message sent through a path the firm controls? Email spoofing, SIM swap, and compromised inboxes break this constantly.
  • Identity — Is the person on the other end who they claim to be? Deepfakes and AI-cloned voices break visual and auditory identity signals. Login MFA at the front door does not answer this question mid-workflow.
  • Authorization — Is this person permitted to direct this action, in this amount, to this destination, right now? That is a policy and system question. No channel provides it by itself.

Wire-grade actions — changing standing instructions, adding a beneficiary, releasing a large transfer — need a higher assurance class than login. Step-up authentication at the action. Separation of duties enforced in systems, not on paper. Audit trails that record who approved what, when, and through which application — not who was on a call.

Why the usual controls do not save you

Login MFA protects the session. It does not protect a treasury employee from authorizing a fraudulent instruction after they have already authenticated. Most wire fraud paths do not require the attacker to log in as the victim. They require the victim to trust a message.

“We confirm by phone” was never sufficient if the callback uses a number supplied in the same email thread as the fraudulent instruction. The policy almost every firm has on paper — verify using a number on file, not the number in the request — is the control. The gap is enforcement under urgency. Attackers manufacture urgency precisely because firms skip the control when pressure is high.

Video and voice are presentation signals. They are not cryptographic proof of identity. The Hong Kong case did not fail because the deepfakes were flawless. It failed because the workflow treated a live conference as equivalent to dual authorization in a custodian system.

Email security gateways reduce volume. They do not replace process. A personalized BEC that passes SPF/DKIM from a compromised vendor mailbox, or a instruction that arrives through a legitimate but taken-over client portal session, is not a filtering problem.

Deepfake detection is an arms race. Useful as a signal. Not a strategy. The firms that will lose least are not the ones with the best detector. They are the ones whose payment process does not require detecting fakes at all.

Architectural trust: controls that hold when every signal is fake

The replacement model is what I called architectural trust in the prior post: controls that do not depend on any single communication being authentic. For wire fraud, that means building a wire-grade authorization stack with these properties:

  1. Authorization happens in defined systems with immutable audit logs.
  2. No single person can request, approve, and execute a material change.
  3. Out-of-band verification uses endpoints established before the instruction arrives.
  4. Thresholds and cooling periods apply to new destinations and large amounts.
  5. The custodian is treated as part of the control plane, not a passive pipe.

These are old ideas. The industry has understood them in principle for years. What deepfakes changed is that informal shortcuts — “I saw him on Zoom, we’re good” — are no longer tolerable gaps. They are the primary attack path.

Five controls that actually hold

1. Separation of duties: request, approve, execute

Wire instruction changes should require at least three distinct roles. One person initiates the request. A different person approves it. A third executes or releases it in the custodian or treasury platform — or the system enforces that the same identity cannot hold more than one role for the same transaction.

Separation of duties on a policy PDF is worthless if the Salesforce admin, custodian portal admin, and finance lead can each complete the chain alone. IAM must mirror the process: group membership, role assignments, and integration service accounts scoped so that no single credential path can change payout instructions end to end. This is where identity architecture and fraud prevention intersect directly.

2. Out-of-band verification done correctly

Callback verification works when the number dialed comes from the CRM, custodian record, or client onboarding file — never from the email, text, or call that contained the instruction. For high-value or first-time destinations, escalate: second approver, documented client contact, or in-person verification where the relationship supports it.

Treat urgency as a red flag, not a reason to bypass controls. Every wire fraud playbook uses time pressure. A policy that says “except when urgent” is a policy that will fail on the first serious attempt.

3. Thresholds, velocity limits, and cooling periods

Dollar thresholds should trigger mandatory second approval regardless of channel. New beneficiaries and new account numbers should enter a holding period — 24 to 72 hours is common in banking; the exact window matters less than having one that operations cannot override without a second key.

Velocity rules catch patterns humans miss: multiple instruction changes in a week, a destination country inconsistent with client history, a transfer size that exceeds baseline behavior. These are supporting controls. They do not replace dual authorization, but they buy time when something slips past the first line.

4. Step-up at the action, not just at login

Client portals that allow servicing requests should re-challenge the session before wire-related actions complete — push MFA, TOTP, WebAuthn — even if the user logged in hours ago. Workforce users with access to payment execution should sit behind privileged access management: shorter session lifetimes, stronger factors, session recording where appropriate.

The design pattern is a risk gate at the sensitive action: evaluate context, require step-up if the action class demands it, issue a short-lived elevation token scoped to that action only, log the outcome. Fail closed if step-up is unavailable for wire-grade operations. A portal that lets a session ride through to a beneficiary change without re-authentication is a portal waiting for account takeover.

This is the layer I spend most of my engineering time on, and it is the same problem in different costumes. In identity platform work — an IdP foundation where device and session signals feed risk decisions, plus an agentic layer that can propose privileged actions — high-risk operations follow the same shape: evaluate at the action boundary, step up before execution, scope any elevation to that operation alone, and fail closed when step-up cannot complete. Login assurance and wire-grade authorization are related, but they are not the same gate. Conflating them is how you get a session that authenticated cleanly at 9 a.m. and moved money at 2 p.m. because someone sounded right on a call. The channel changes; the design requirement does not.

5. Use the custodian as a control, not only a conduit

Asset managers rarely move money through systems they fully own. The custodian portal, standing instruction file, and dual-authorization settings on the custodian side are part of your architecture. Configure dual approval on the custodian. Understand hold policies for new payees. Know which changes your firm can make unilaterally and which require custodian callback.

When an employee can update a wire instruction in an internal CRM but the custodian releases funds on a single authenticated session, the weakest link defines the control. Map the full path from instruction change to settlement and close gaps at the handoffs.

Why firms still lose despite knowing better

The painful pattern in enforcement cases and internal reviews is not ignorance. It is drift.

  • Policy exists; enforcement does not. Callback rules are in the handbook. Under deadline pressure, someone calls the number in the email.
  • SoD exists on paper; systems allow override. The CFO can approve their own request because roles were never mapped to permissions.
  • Training substitutes for design. Employees are told to be suspicious. They are not given a workflow that makes compliance the path of least resistance.
  • Client experience wins over control. Friction is removed from portal flows to improve NPS. Wire-grade actions get login-grade treatment.
  • Custodian settings were configured once and never reviewed. M&A, team turnover, and new products outpace access reviews.

Deepfakes did not create these gaps. They made the cost of gaps visible in a way a spoofed email never could. The industry’s next failure will look like Hong Kong again if the response is to buy detection tools without fixing authorization architecture.

Detection still matters — as a second line

None of this argues against DMARC, impersonation-aware email gateways, UEBA on finance accounts, or fraud scoring on anomalous instruction patterns. Use them. They reduce attempt volume and surface insider abuse. They do not substitute for dual control.

Run tabletops that include deepfake video approval scenarios, not just ransomware and portal breach. Regulation S-P (effective for large advisers December 2025) adds a thirty-day customer notification clock when sensitive client information is involved in a breach. Wire fraud that exposes client data or triggers a firm-level incident response is simultaneously a financial loss, a client trust crisis, and a regulatory event. The IR plan should assume process failure, not only external intrusion.

What to do next

If you are deciding where to invest the next cycle, start with one question: can any single person, on any channel, change where client money goes without a second party and a system audit trail? If the honest answer is yes, deepfake detection will not fix it.

Wire fraud after synthetic media is not a technology arms race. It is a design problem. The firms that will survive this phase are the ones where authorization lives in systems and roles — not in whoever sounded most convincing on a call.

The core argument

  • Deepfakes exposed a design flaw — treating conversation as authorization, not a new attack class that detection alone can solve.
  • Channel ≠ identity ≠ authorization — wire-grade actions need a higher assurance class than login MFA.
  • Process is the control — dual control, correct out-of-band verification, and custodian holds hold even when every signal is fake.
  • SoD must live in IAM and custodian permissions — paper policies without system enforcement are theater.
  • Detection is second line — email gateways and UEBA reduce volume; they do not replace separation of duties.
  • The failure mode is drift — firms know the policy; they skip it under urgency. Attackers depend on that.

Further reading

#WireFraud #Deepfakes #BEC #AssetManagement #CyberSecurity #IAM #FinancialServices #SeparationOfDuties #InfoSec