5 Signs of a Deepfake on a Live Video Call
Five telltale signs a video caller is AI-generated, and why deepfake detection rPPG reading real blood flow is the most reliable test for fraud teams.
Real-time face-swap technology has moved from research demos to the standard toolkit of organized fraud, and the most expensive lessons are now arriving over routine video conferences. The central problem for any fraud team is that the human eye was never built to audit pixels at 30 frames per second. Visual cues still matter, but the only consistently reliable test for whether a face on a screen belongs to a living person is physiological. This is where deepfake detection rPPG, short for remote photoplethysmography, has become the reference method for separating synthetic video from genuine human presence. Below are five signs a live caller may be AI-generated, ranked from the easily faked to the nearly impossible to fake.
In early 2024 a finance employee at the engineering firm Arup was deceived into authorizing 15 transfers totaling roughly 25 million USD after joining a video call populated entirely by deepfaked colleagues, including a synthetic chief financial officer. The company confirmed its systems were never breached; the attack was social engineering wrapped in synthetic video., reported by The Guardian, May 2024
Why deepfake detection rPPG outperforms visual inspection
Visual artifacts are a moving target. Every generation of synthetic media closes the gaps that the previous generation left open, which means a checklist of "look for blurry teeth" ages badly. Deepfake detection rPPG takes a different route. A real human face flushes and pales in an invisible rhythm as the heart pushes blood through the capillaries just beneath the skin. A camera can recover this signal from tiny periodic color shifts across the cheeks and forehead. A rendered or face-swapped image has no cardiovascular system driving it, so the spatial pattern of that pulse is either absent, inconsistent across facial regions, or statistically wrong even when a global heartbeat appears present.
The five signs below combine what a trained reviewer can sometimes catch by eye with the physiological test that does not depend on how good the generator is.
Sign 1: Edge and boundary instability
Watch the seam where the face meets hair, ears, glasses, and the background. Face-swap pipelines composite a generated face onto an underlying head, and that boundary is the hardest region to keep stable under motion. Warping, flickering, or a faint halo when the subject turns quickly is a classic warning sign. The weakness: high-end models and good lighting hide this well.
Sign 2: Lighting and reflection that do not match
Synthetic faces frequently fail to respond correctly to the room. Look for specular highlights in the eyes that stay fixed while the head moves, shadows that fall in the wrong direction, or skin tone that does not shift when the subject leans toward a window or lamp. Reflections in glasses are a particularly useful tell because generators rarely model them consistently.
Sign 3: Unnatural blink and micro-expression timing
Early deepfakes barely blinked. Newer ones blink, but the cadence and the coupling between blinks, gaze, and small mouth movements often drift out of sync. Pauses that feel slightly mechanical, or emotion that arrives a beat late, are behavioral signs. These are subjective and tiring to monitor across a long call.
Sign 4: Audio-visual desynchronization
Even when the face is convincing, lip movements and phonemes can fall fractionally out of alignment, especially on plosive and sibilant sounds. Latency in real-time generation tends to push audio and video apart under network jitter. Useful, but easily blamed on a bad connection.
Sign 5: Absent or incoherent blood-flow signal
This is the decisive one. A genuine face carries a pulse signal that is spatially coherent: the timing of the color change is consistent with how blood actually propagates through facial tissue. Synthetic video either lacks this signal or carries a version that does not hold up to spatial analysis. Because the fraudster cannot easily add a physically correct, region-consistent cardiovascular signature to a rendered face, this sign degrades far more slowly than the visual ones.
Comparison: how reliable is each sign
| Warning sign | What you check | Detectable by eye | Survives high-quality deepfakes | Automatable |
|---|---|---|---|---|
| Edge and boundary instability | Face-to-hair and glasses seams | Sometimes | Low | Yes |
| Lighting and reflection mismatch | Highlights, shadows, eye glints | Sometimes | Low to medium | Partial |
| Blink and micro-expression timing | Cadence, gaze coupling | Rarely | Medium | Partial |
| Audio-visual desync | Lip and phoneme alignment | Rarely | Medium | Yes |
| Blood-flow (rPPG) signal | Spatial pulse coherence | No | High | Yes |
The pattern is clear. The signs a person can catch unaided are exactly the signs that improve fastest in each new model release. The sign that holds up is the one no human can see at all.
A practical reviewer takeaway:
- Treat visual artifacts as supporting evidence, never as a final verdict.
- Assume that any single visual tell can be defeated by a better generator or better lighting.
- Weight physiological evidence highest, because it tests for life rather than for rendering quality.
- Combine signals; a layered score is far harder to defeat than any one check.
Industry applications
Fintech and banking fraud teams
For account opening and high-value transaction approval, the Arup case is the template threat: a believable executive on a live call driving an urgent payment. rPPG-based liveness gives fraud teams a server-side test that runs passively on the video stream, flagging streams that carry no coherent pulse before money moves. It fits alongside existing step-up authentication without adding a challenge that frustrates legitimate users.
KYC and identity verification vendors
Verification providers face injection attacks where a synthetic stream is fed directly into the camera pipeline, bypassing the lens entirely. A blood-flow check is valuable here because it asks a question the attacker cannot answer with a rendered asset: is there a living circulatory system behind this face. Vendors increasingly layer this with injection-attack detection on the capture path.
Enterprise collaboration security
Beyond onboarding, the meeting itself is now an attack surface. Security teams protecting executives and finance functions can apply passive liveness analysis to conferencing platforms so that a deepfaked participant is scored in real time rather than discovered after a wire has cleared.
Current research and evidence
The research community has converged on rPPG as a strong physiological signal, while also documenting that it is not magic. A 2025 comprehensive review by Kavya Sree Kammari and Ganesh R. Naik, spanning Torrens University Australia and Amrita Vishwa Vidyapeetham, catalogued how rPPG-based methods exploit the absence or inconsistency of pulse signals in manipulated video, and noted that performance depends heavily on video quality, compression, and lighting.
Importantly, researchers have also shown the arms race is real. In a 2025 study published in Frontiers in Imaging, a team associated with Peter Eisert at Humboldt University of Berlin and Fraunhofer HHI demonstrated that high-quality deepfakes can inherit a globally plausible heartbeat from the source video, meaning a naive "is there any pulse" test is no longer sufficient. Their conclusion points the field toward spatial analysis: examining whether the pulse is coherent across different facial regions the way real blood flow is, rather than simply checking for its presence.
Forensic institutions are testing these limits directly. A 2025 project involving the Netherlands Forensic Institute (NFI) and the University of Amsterdam is evaluating rPPG-based heart-rate estimation under forensically relevant conditions, a sign that the method is maturing from laboratory curiosity toward operational evidence standards.
The future of deepfake detection rPPG
Three shifts are likely over the next development cycle. First, detection will move from global pulse presence to fine-grained spatial and temporal coherence, directly answering the heartbeat-mimicry finding above. Second, liveness will become multi-signal by default, fusing blood-flow analysis with injection-attack detection and behavioral cues into a single confidence score, because no single tell is durable on its own. Third, the test will shift left into live communication, running continuously during a call rather than only at an onboarding checkpoint, so that a synthetic participant is flagged in the moment money or access is requested.
The strategic point for fraud leaders is that visual deepfake quality will keep improving, and the gap a human reviewer can spot will keep shrinking. Anchoring detection to a physiological property of being alive is the rare approach whose difficulty grows for the attacker rather than the defender.
Frequently asked questions
What is rPPG and why does it detect deepfakes? Remote photoplethysmography recovers the faint color changes a real face shows as the heart pumps blood through skin capillaries. Synthetic faces have no cardiovascular system, so they either lack this signal or carry a spatially inconsistent version of it, which makes rPPG a reliable liveness test.
Can a person spot a deepfake on a live video call by eye? Sometimes, by watching edges, lighting, blink timing, and lip sync. But these visual signs are exactly the ones each new generation of synthetic media improves, so visual inspection alone is unreliable for high-stakes decisions.
Can deepfakes fake a heartbeat now? Recent 2025 research showed high-quality deepfakes can inherit a globally plausible heartbeat from the source video. The defense is spatial analysis that checks whether the pulse is coherent across facial regions, which rendered faces still fail.
Is rPPG detection usable in real time during a call? Yes. It runs passively on the video stream without asking the user to perform a challenge, which makes it suitable for continuous monitoring during conferencing as well as one-time identity checks.
Circadify is building rPPG-based liveness and synthetic media detection aimed squarely at this problem, reading real blood flow to separate living callers from generated faces. Fraud and KYC teams who want to evaluate the approach against their own attack data can request an enterprise security demo.