Identity-related fraud cases are costing your business money, reputation, and customers, with no company being immune to these risks. Examples include onboarding fraudsters and fake bots onto your online platforms, or dealing with scammers conducting unwanted transactions. 

Traditional methods no longer work — but fortunately, there are AI solutions available to fix these issues. 

What Is Identity Fraud, and How Does It Affect Businesses?

Identity theft is a cybercrime where criminals steal the personal data of their victims, including their names, dates of birth, addresses, bank accounts, and other information. For businesses, identity fraud is typically executed in two ways:

  • By using the victim’s information to open up a fake user account
  • By impersonating a staff member, supplier, or customer for social engineering.

This article focuses on the first set of challenges. (We will cover social engineering in a future article)

Having an abundance of fake user accounts hurts the integrity of the brand. Hence, many companies are taking great lengths to resolve this problem. Even before Twitter’s acquisition, Elon Musk has made it a priority to remove fake online accounts on the platform. Governments are looking for ways to overcome fake online reviews. Even the recent Black Friday sale saw a rise in synthetic identity fraud

How Bad Is the Problem?

Since the Covid-19 pandemic, consumers have increasingly relied on the internet for shopping, browsing, and entertainment. The online space was not safe to begin with, but the surge in traffic has made users more susceptible to cyber-related attacks. This is especially true for those who are not aware of their digital footprints and have many points of vulnerability.

1 in 3 Southeast Asians have experienced online fraud since the pandemic, according to a 2021 report. 71% of fraud comes from identity theft, two-thirds comes from phishing, while 63% comes from account fraud. This has resulted in companies placing online fraud and higher debt threats as critical enterprise risks, with fraudsters able to take advantage of the benefits of opening a fake online account. 

On a global scale, the UK’s Office for National Statistics reported that overall crime increased by 14% in the year to September 2021. Fraud and computer abuse spiked during the lockdown and increased by 47%.

Consumers are also constantly worried about fraud. The 2022 GBG report states that almost one in ten (9%) people fell victim to fraud, and another 18% weren’t sure if they had been defrauded. Consumers in the UK and Germany were most likely to fall prey to fraud (both 9%), and the percentage was 8% in Spain and 7% in France.

Monetary Effects of ID Fraud

Fake customers are still customers, right? Not exactly. Fake accounts indirectly result in platform abuse, such as spam, phishing, info scrapping and more. More dangerous examples include deposit fraud, where fraudsters use stolen credit card numbers to purchase prepaid SIMs, alternate currencies, as a way to launder money.. 

Losses are estimated to reach US$635 billion globally, stemming from misdirected marketing dollars, account recoveries, damage control and more. FIVerty states that half of new accounts in the US were fraudulent in 2021. Arkose Labs also found out that fake account creation has jumped over 70% between 2020 and 2021 alone. 

Social Effects of ID Fraud

Brand reputation is a company’s most delicate asset — which takes a lot of effort to build, but easy to crumble. It establishes the standard of your interactions with consumers, business partners, and creditors. 

A company that willingly onboards fraudsters, scammers, and fake bots will significantly alter how your firm is viewed by the public and destroy whatever trust you may have established with clients. A good example would be legitimate companies operating within the cryptocurrency space, causing consumers to lose trust in crypto projects, exchanges, and tokens, thus losing trust in the system as a whole. 

Digital businesses are supposed to make commerce easier, smoother and safer for consumers. Online fraud is driving consumers back to physical brick and mortar businesses, which are more expensive to maintain. 

Business aside, did you know children are one of the most targeted victims of identity fraud? About 1.3 million children’s records are stolen every year, with foster children posting a greater risk compared to other children. Identity fraud goes beyond just profits and losses, especially when our future generation is involved. 

Why Traditional Methods No Longer Work

When it comes to user authentication, here are the traditional methods:

  • Username
  • Passwords
  • Email Verification
  • SMS OTPs

Unfortunately, these four methods can be easily bypassed. About 4,800 websites are compromised monthly, with usernames and passwords being leaked onto the dark web. Many countries also do not have breach notification laws, so users are not informed even after their passwords are leaked. What’s more, many accounts suffer from weak passwords that can be easily guessed or brute forced. 

Email verification and SMS OTPs also suffer from spoofing techniques. Users today can easily create a disposable email account and password for free online. Fraudsters can also compel victims to install 3d party software that can read SMS messages and use them to steal OTP codes. We have gone into this topic in-depth in another article, which can be found here.

How To Fight Identity Theft

Businesses need to implement new authentication and security measures to combat the ever evolving landscape of identity fraud. Electronic Know Your Customers (eKYC) is a great start to prevent fraudsters and bots from opening fake accounts. 

Through eKYC, customers first perform a live selfie and capture a live photo of their identity document (driving licenses, passports, ID, etc.) AI solution then performs facial matching, liveness detection and document authentication to ensure that the submitted information is genuine and legitimate. Such eKYC measures are currently in-use by financial institutions and telecommunications companies, as required by regulation. 

Instead of SMS OTPs, businesses today can also implement hardware or software tokens instead, which are more secure. The latest development within this space would be push notification, or password-less authentication, which provides a seamless user experience while being relatively cheap to implement. 

There are also low-hanging fruits that companies can implement — such as having a risk-scoring system, implementing cooling-off period when onboarding new devices or account transactions, or implementing a robust breach notification policy. 

 


 

Innov8tif is the market leader within the ID Assurance space across the ASEAN region. Our solutions are currently in use by banks, telecommunication companies, the financial sector, as well as local governments. We service companies both large and small, giving companies confidence that the users onboarded are genuine and legitimate. 

 

Subscribe to Innov8if’s newsletter below to keep up to date on the latest ID Fraud prevention methods today!