Understanding identity fraud to better defend your business

Link to the author's page
Francois Wyss
July 7, 2023
Link to the author's page
Understanding identity fraud to better defend your business

In a rapidly evolving world driven by remote work and digital connectivity, we’ve unlocked a range of services that revolutionize the way we operate. While this digital transformation has delivered remarkable benefits with digital transactions and remote services, it has also exposed businesses to a growing threat as more processes become digitalized: identity fraud.

A recent report from Transunion found that global growth in suspected digital fraud rose more than 52% between 2019 and 2021. And in financial services, digital fraud increased by more than 60% over the same period.

While these numbers are startling, they also point to how a quickly evolving digital landscape creates a growing knowledge gap between how modern identity fraud happens and how existing technologies defend against it.

To better understand how to spot and anticipate identity fraud, let’s take a closer look at what types of fraud financial institutions are up against today. Then, we’ll dive deeper into the critical role of identity verification and Know Your Customer (KYC) procedures and in defending your organization against identity fraud.

Understanding identity fraud

Labeled one of the top 15 cyber threats by the European Network and Information Security Agency in the ENISA report – identity theft has the potential to affect anyone and everyone. So, safeguarding against it within your organization requires more nuanced knowledge.

Understanding the mission of a bad actor can help to anticipate their attempts at fraud. Fraudsters typically have one of two goals: stealing the identity of an existing person or creating an identity from scratch. Some of them could also simply buy stolen or synthetic identities on the dark web. Creating an identity from scratch is technically not identity fraud, but rather considered counterfeiting or false identity.

When a would-be criminal tries to assume someone else’s identity, this is spoofing. Spoofing also includes identity fraud carried out on identity documents or by co-opting someone else’s face. For example, a fraudster could pose as a government worker and share phishing website links that look official to collect sensitive identity details.

Learn more: What is digital identity?

Identity document fraud

When discussing document fraud, it’s essential to distinguish the physical techniques from newer digital methods, which have emerged in the last few years with increased remote transactions. In the case of counterfeits or physical falsifications, the documents are reproduced or modified “by hand.”

  • Physical counterfeiting is the creation of an unauthorized copy or reproduction of an official document or template. The identity document itself is not authentic, it’s a reproduction.
  • Physical falsification is the modification of an authentic document. One of the most common cases arises during the theft of identity documents, where the fraudster changes key data such as a person’s name, date of birth or photo.  In this case, the base medium is authentic but the document data has been falsified.

New technologies assist digital falsification techniques, sometimes making them more challenging to detect.

  • Digital counterfeiting is the production of an identity document from scratch using the digital tools available to the attacker.
  • Digital forgery concerns modifying an authentic document using a digital filter on a record to alter the key data of a person’s identity.

Facial spoofing

Most of us are familiar with the idea that personal documents are vulnerable to fraudulent attacks. However, fraudsters are also now leveraging a person’s biometric data to commit identity theft in the form of “facial spoofing.”

“Facial spoofing” describes using a person’s face to impersonate them and leverage their personal data. It sounds like something from a spy movie, but fraudsters are increasingly using sophisticated artificial intelligence instead of donning prosthetics and a wig.

  • Masks are a static technique that uses either 2D or 3D technology. The less technical of the two, 2D, consists of superimposing a photo or mask onto a flat surface and is more easily detected by anti-fraud software. 3D masks, which involve printing a 3D mask with specialized equipment, are more challenging to detect. Though this process seems extensive, these masks are created based on a standard photograph.
  • Deepfakes are a method of inserting video or audio into either recorded or live video. These artificial intelligence videos are becoming increasingly publicized in the identity verification sector thanks to facial biometric data. One of the most infamous cases of a deepfake appeared in April 2018 on the face of Barack Obama. The video, seen by 3 million people in a few hours, shows Barack Obama insulting Donald Trump. While the video seems compelling, President Obama never made these comments – the entire video was produced digitally. Deepfake techniques are constantly evolving, and more sophisticated technology is required to recognize them as fraudulent.

Video-based identification and verification to fight against identity fraud

Modern businesses offering remote transactions need to be aware of the different emerging types of identity fraud. On the other side of the evolving identity fraud race is intelligent technology explicitly built to defend against these attacks. And, at the heart of a reliable anti-fraud plan is a secure identity verification procedure.

As part of this fight against fraud and criminal activity, governments have also implemented robust AML-CFT and KYC verification requirements.  Fintech, financial services, insurance companies and their customers are just some of the parties affected.

KYC and online identity verification are essential steps for users to access certain services online. And we built our Identity Verification solution to stay one step ahead of the ever-changing identity fraud landscape.

Since 2018, we’ve relied on an uncompromising security model to make sure our online identity verification provides an experience as reliable as a face-to-face encounter. Artificial intelligence and human operators support our video-streaming identification for remote identity verification. In real time, we mitigate fraud attacks via two core methods:

  1. Liveness detection” or “proof of life” ensures the person trying to access services is alive and filming themselves in real time. A critical component of proof of life is verifying the person's movements. To beat pre-recorded deepfakes, we deploy random challenges with our AI. For example, our AI can ask the user to move their head, which can detect facial artifacts, blurs, changes in skin color, and even facial expressions. And thanks to liveness, our operators can identify mask fraud and deepfake attempts. In live-video streaming, fraudsters can’t correct the imperfections of a deepfake.
  2. We also employ a doc-face match where our operators check key points between the photo on the identity document and the characteristics of the face on the livestream. Our team looks at the shape of the forehead and eyebrows, the distance between the eyes, the curve of the chin or nose, hairline, and more.

Our fraud experts also verify the consistency and integrity of incoming identity documents – specifically focusing on the document's printed background and shape or texture, among other dynamic security elements.

Protect your customers and your business

If you're ready to get ahead of fraudulent attacks, find out more Identity Verification by Checkout.com today.

Checkout.com's Identity Verification solution was originally developed by ubble, and is the first remote identity verification solution to receive the ANSSI Security Visa. ubble is now part of the Checkout.com company. To read more about Checkout.com’s acquisition of ubble, read here.

Stay up-to-date

Get Checkout.com news in your inbox.

Back to top button
July 7, 2023 6:50
July 11, 2023 4:22