Written by Dmitri Laush, CEO of identity verification solution GetID
Modern digitalization and a global pandemic have forced many businesses to shift their services into the online space. This, in turn, has led to a spike in various types of identity fraud. Identity theft and other fraudulent activities have increased, and in this article we will examine the types of identity fraud and how to prevent it.
What is identity fraud and how dangerous is it?
Identity theft is when someone steals your personal credentials and pretends to be you, and identity fraud occurs when someone uses the stolen credentials to perform illegal actions, e.g. illicit purchases, money laundering, etc.
The fraud numbers are staggering. In 2019 alone, of the more than 3.2 million fraud cases reported to the FTC, nearly 20% were reports accounted for identity theft.
In 2020 (Q1-Q3), identity theft made up 68% of all fraud reports. Total financial loss related to different types of fraud in 2020 (Q1-Q3) totaled $1.5 billion.
There are different types of identity fraud, causing different problems to the victims. Let’s take a look at some of them to find out how to prevent them.
Account takeover happens when the fraudster receives control over your account or different accounts on different websites. If it is the account in some payment system it can cause the loss of money attached to that account (for example, PayPal). If this account is the account holding sensitive data (for example, the account of the patient in some clinic, containing the result of the laboratory tests and medical history), the fraudster can gain access to this confidential information.
How do criminals execute an account takeover? There are several ways.
- Hacking into the system – This happens when the service’s cybersecurity is weak and is easy to manipulate. How can you prevent this? Choose only trustworthy services, preferably large ones, with a firm reputation toward strong cybersecurity.
- Stealing passwords and other data – How can you prevent this? Do not open phishing emails, do not leave personal information, such as birthday, mother’s maiden name, etc., publicly available. That information might become the key to breaking into your account.
Debit or credit card fraud
Credit card fraud is by far the most common type of identity fraud, representing 29.1% of the total cases. It happens when fraudsters know the card details and try to purchase something online without using a CVV2 code. How can you prevent this? Install multi-factor authentication before any purchase (for example, verification of the transaction by the code sent to your phone number).
There can also be fraudulent actions with an online bank account itself, but in this case it depends on the bank and how good it is at verifying the identity of the client before giving access to the online transactions. That is why it’s crucial to have an account only in respectable, trustworthy banks, no matter how long or annoying the identity verification process seems at first.
SIM card fraud
SIM card fraud occurs when a criminal gains access to the victim’s phone number. One of the most popular methods is SIM swapping; a transferring of one’s personal contacts to the SIM of a thief through digital hacking. Not only does this expose the user’s contacts to misuse, but it poses a much larger threat: these hackers can gain access to any information linked to the SIM card ranging from passwords to email access or even banking details.
Why is this dangerous? Using the phone-number confirmation, the fraudster can steal the money from a bank account, etc. How to prevent it? Do not trust telecom companies that do not require identity verification when purchasing prepaid SIM cards online. And pay attention to the SMS-messages from your mobile provider, as it can contain information about unusual operations with the SIM.
Biometric and synthetic ID theft
Biometric fraud has been on the rise as well. Although we can see the same tendency as with ID fraud – the most straightforward techniques are the ones most commonly used. Modern identity verification service providers can recognize and catch these.
Among other types of biometric fraud are the usage of deepfakes, 2D & 3D masks, coercion, and spoofing.
Spoofing means taking a picture, not of the actual document or face but the other picture or the screen. Many KYC providers ask people to take a photo of the document and then a selfie, to match those two pictures. But sometimes, fraudsters take the picture not of the actual document or their face, but another picture or the screen. However, advanced KYC providers can easily recognize this type of fraud.
What is using 2D and 3D masks? A 2D mask can be a simple printed portrait with holes for the eyes, which a fraudster would wear; a 3D mask is a real makeup mask. 3D masks can appear very real and sometimes be hard to detect for any identity verification solution.
Coercion is when fraudsters convince legitimate users to open an account for fraudulent activities or use their existing account for it. It can be a friend asking the victim to perform an illegal action, an abusive partner who uses the person with no criminal records, etc.
Deepfake is using a deepfaked video instead of an authentic video of the person to trick the system. Deepfakes are videos made by an AI algorithm that has analyzed the minute facial features of an existing person. This video can trick identity verification procedures that use liveness detection – ask the user to blink the eye, smile, etc.
What is synthetic ID theft? This is when fraudsters get access to the real pieces of the personal information and combine them: real address of one person, phone number of the other. Real information also can be combined with a fake identity. That is how they get a fake identity. One example: immigrants, which already obtained some documents of the country they moved into, faking the other to receive some type of public service.
How to prevent becoming a victim of synthetic fraud? Do not publish your personal details online, especially on social media!
Identity document fraud
Here are some general types of identity document fraud:
- Forged documents are documents with illegal changes made in the document. For example, photoshopping the expiration date on the copy of the passport.
- Counterfeit documents are a complete reproduction of an ID document. This is the creation of a genuinely new document that has not been issued by the authorities.
- Blank, real stolen documents. This is when the person changes some information in the real but stolen document.
- Fraudulently obtained genuine documents are genuine government-issued based on fraudulent documents. This type of fraud happens when the person provides fake documents to receive a real one from the authorities.
- Fantasy or camouflage documents. This type of document is created to make a statement to the authorities and everyone is aware that it is not legal. For example, a World Passport is sold by the World Service Authority. However, you cannot cross any border with it.
- Impostor or lookalike documents. This is the type of fraud when an impostor uses documents very similar to real person’s documents while mimicking his or her personality.
To summarize, it can be said that it is important to use strong passwords (never your date of birth or your first name!), trust only respectable services, never open suspicious emails or links, and to never share your sensitive data publically.
Identity fraud costs real money to businesses, and it’s not only about not being AML-compliant and paying penalties. It’s also about the loss of reputation and customers’ trust.
That’s why it’s crucial to ensure that your business has proper ID verification and KYC procedures along with advanced cybersecurity.