AI-Passport Scares Are Pushing For Digital IDs
Posts are claiming that a ChatGPT generated AI Passport passed KYC Checks at notable cryptocurrency exchanges. That's not true, the posts author tells The Rage.
Over the past weeks, a post has been circulating on social media claiming that a Polish researcher had managed to pass KYC checks with a Passport created by ChatGPT.
According to the story, which originated with The Times of India in April of this year, the researcher "used ChatGPT-4o to create a realistic fake passport in just five minutes" that was "so convincing that it bypassed basic KYC checks used by major fintech platforms such as Revolut and Binance."
But the story appears to not be true. Borys Musielak, who generated the passport, tells The Rage: "They [the Times of India] made it up." Musielak "never tested this passport against any KYC system," adding that "I'm sure that it would not pass any proper KYC."
Instead, Musielak, who is an investor in the eID solution Authlogic, wrote in his original post that it took him five minutes "to create a replica of my own passport that most automated KYC systems would likely accept without blinking."
"If someone is a pro, they could definitely produce something much better and maybe passable," Musielak tells The Rage. "The only viable path forward is digitally verified identity, like eID wallets mandated by the EU," Musielak originally posted. The Times of India could not be reached for a request for comment.
There have however been other instances where AI-generated passports have passed KYC checks in the past. According to 404Media, the online service OnlyFake successfully creates counterfeit driver's licenses and passports that the journalists used to bypass KYC checks on the cryptocurrency exchange OKX. Similarly, in 2022, researchers from the Chaos Computer Club bypassed the online verification solution Video-Ident to access sensitive health records.
L0la L33tz
Solving KYC Fraud with the Erosion of Privacy
The creation of a digital identity, which would consolidate real time available information on a person in a single place, was first brought to widespread public attention by the World Economic Forum through its "Disruptive Innovation in Financial Services work" in 2016.
According to researchers from MIT, OpenAI and Microsoft, we are facing "a 'digital imposter' problem, where it is getting harder to distinguish between sophisticated AI and humans," suggesting that "personhood credentials are one potential solution to that problem."
As the World Economic Forum writes, "digital identity wallets, combined with robust biometric verification, are an effective way to combat AI-driven fraud" by incorporating "advanced technologies such as 1:1 facial verification, duplicate face check and liveness detection, making them far more resistant to deepfake-driven impersonation attempts and scaled attacks."
Sam Altman's WorldCoin similarly markets itself as a solution to identity fraud with the "biometric Orb," in which the Orb scans your iris to verify that you are human, with the goal of providing a "universal proof of personhood." WorldCoin has since faced lawsuits in over a dozen countries for its data collection practices.
The US-based identity provider ID.me, which contracts with US Government agencies, such as the IRS, already collects people's phone location records and ulitizes Palantir to detect whether individuals are tied to organized crime. After a "torrid pandemic growth spurt," ID.me had come into critique for its lax data protection practices, with "information like passports and social security numbers [...] posted in internal Slack channels, and some employees were hired and given access to confidential data without completed background checks. Some chattered about how easy it would be to steal users' information."
It is unclear how Governments would ensure that a state-issued digital identity document could not be fraudulently obtained. For ID.me, "identification systems did not detect bogus accounts created around the same day that included fake driver’s licenses with photos of the suspect’s face in a curly wig," according to Business Insider.
To combat such issuance fraud, some Governments currently rely on in-person verification. As the German journalist James Jackson explained in a post on X, he "had to have three in person meetings at the citizen’s office, including one to set up the password," to obtain the German eID. It seems additionally unclear how Governments would stop the sale of digital IDs on the black market which could be used to trick verifiers in combination with AI-video software, as demonstrated by the CCC.
On Track to be Tracked
Through the COVID-19 pandemic, digital IDs first gained momentum to conjoin location tracking and vaccination status to "stop the spread," and have since grown to collect a range of sensitive data on a person that greatly exceeds any information obtainable from a physical identity document.
As the international think tank BBVA Research explains, a "dynamic verification" approach "uses multiple sources (including, for instance, the user’s mobile phone, his social media activity, geolocation, etc.)," noting that current trends are heading towards a mixture of both static and dynamic verification in digital IDs, focussing on "what the individual knows, what the individual has, what the individual looks like or how he behaves, and where the individual is."
In India, where Digital ID is already in place, the Adhaar system collects a person's fingerprints, iris scans, and photograph, paired with demographic information, such as names, addresses, email addresses, and phone numbers – a system currently being eyed by Prime Minister Keir Starmer as a model for a digital identity implementation in the UK.
In Kenya, the collection of DNA samples, as well as a person's voice waves and earlobe geometry is mandatory for the issuance of a digital ID, while the EU's digital identity wallet can additionally hold a person's employment, education, social security, and health records.
The US is currently laying out the path toward a digital identity with REAL ID, a 9/11 era program born out of the Real ID Act, established to "rapidly implement regulations for State driver's license and identification document security standards, to prevent terrorists from abusing the asylum laws of the United States, to unify terrorism-related grounds for inadmissibility and removal."
REAL ID was enforced in May 2025 by the Department of Homeland Security, and is meant to eventually evolve into a singular digital identity document via the mobile drivers license. As the American Association of Motor Vehicle Administrators (AAMVA) testified before the House of Representatives Committee on Homeland Security in 2023, "AAMVA anticipates the [mobile Drivers License] mDL will eventually be used as a singular identity credential."
In August, Treasury asked the public for comments on the implementation of digital IDs to combat illicit finance in non-custodial services, highlighting that the US Government is actively exploring the implementation of digital IDs.
Independent journalism does not finance itself. If you enjoyed this article, please consider making a donation. If you would like to note a correction to this article, please email corrections@therage.co
