Fraud has existed as old as mankind, but boiling down such a complex and nuanced topic into a single word isn’t doing it justice. If not seriously treated, fraud poses huge risks to both individuals and businesses alike.
Fraudsters apply a variety of tactics and scams, but a majority of them start with identity fraud. This is because assuming a fake identity, or worse, stealing one from an unaware victim, allows them to operate under a false cover. This offers an additional layer of protection even after their fraudulent activities were successfully traced back.
In this article, we explain why identity fraud concerns all parties involved – from the public and private sector and the average citizen’s point of view.
Gateway to criminal activities
To operate a fraud syndicate, criminals need to find a way to move large sums of money and establish secured communications amongst its members. It is no surprise that identity fraud serves as a bedrock for the criminal underworld, unlocking the ability to open up mule bank accounts and purchase burner SIM cards.
Identities could be stolen with or without the user’s knowledge, from leaked databases online or through regular phishing scams. The resulting information could be used for high value activities, such as applying fraudulent loans or blackmailing victims.
There are also synthetic identity frauds where a false profile is created using randomly generated information. The profiles may contain enough authentic information from actual victims for low-valued activities, such as registering for online services or even applying loans from loan sharks.
Regardless, identity fraud has far reaching implications – so much so that there are dedicated criminal groups with the sole purpose of procuring, processing and selling false identities. They may come in the form of information brokers. But more likely than not, they are cyber criminal groups digging through the wealth of stolen data through databases on the dark web.
News stories on fraud tend to surround individual victims, such as this Malaysian businessman losing over RM500,000 to a scam. However, few people realise that the biggest victims of frauds in terms of dollar amount are, in fact, government bodies.
Since the pandemic, trillions of dollars in stimulus funds have been channeled to struggling citizens and small businesses. With layers of bureaucracy and complex disbursement systems, there are plenty of opportunities for fraudsters to assume false identities and snatch a piece of the pie.
Prior to Covid-19, criminals made approximately US$16.9 billion from identity fraud – the highest in the last half decade. The figure has since skyrocketed to US$ 100 billion, more than 5 times its amount, in late 2021. To highlight the severity of the issue, the US Federal Trade Commission received four times the complaints of identify fraud in April 2020 when the stimulus package was announced over the previous three months combined.
In the US, criminals only need access to the victim’s social security numbers, home addresses and private information to pull off stimulus fraud. Hence, running Identity fraud scams are partly made easier due to the massive databases of personal information being leaked online.
There are currently no reports on stimulus fraud happening on Malaysian shores, making it difficult to discern the severity of the problem. However, journalist training centres such as Kiniacademy have been providing courses on Covid-19 stimulus investigative journalism over the past year, with a possibility of stimulus fraud being looked into in the near future.
Stolen money and data
It is not an information security breach nor is it consumer theft. Commercial identity theft is such a unique entity that it warrants a category on its own.
Commercial or corporate identity theft is where criminals will illegally impersonate a business employee for criminal gain. They could send invoices and secure additional funds from clients towards their mule bank accounts. They could social engineer their way into greater IT permissions and authorisation levels, or even steal large sums of data to escalate the security breach into a ransomware attack.
No business entity is immune to corporate identity theft, regardless of industry or size. But for smaller institutions where there tends to be less resources spent on securing network and IT infrastructures – this could be a major headache.
Reports on such topics are difficult to come by due to the lack of breach notification laws in Malaysia, but such cases have already surfaced within the Malaysian financial sector.
Loss of reputation and trust
Brands, although abstract, have a tangible value attached to it. For instance, Amazon’s brand costs US$683.9 billion, or 42% of its entire US$ 1.67 trillion market capitalization. A single corporate identity theft case will drag down the value of the brand substantially.
The loss of trust within the brand can come from all angles – from shareholders at the top, employees and clients alike, to even industry partners and vendors. The damage is further compounded by the fact that brands take months, years or even decades to build, refine and promote.
For instance, brand consultancy firm Infosys and Interbrand predicts that data breaches could have a brand value impact of up to US$223 billion. Sectors such as automotive, financial services and tech firms will suffer greater brand risks compared to luxury brands consumer goods, according to their report.
Outside of dollar value, the most hard-hit victims of identity fraud are perhaps the direct consumers themselves.
At best, the victim’s information is used to take out loans or open up bank accounts. Such cases would have a direct impact on the victim’s credit score and their ability to secure financial services in the short to medium term.
Still, once the scheme is uncovered, there are ways for the victims to restore their status through the proper channels, such as filing a police report or appealing through ombudsman services.
At worst, the victim’s information is utilized in major crimes that may involve multiple syndicate groups. Law enforcement may arrest innocent victims and have their records appear on employment background checks. Even without police involvement, the physical safety of the victim’s and their family members are also genuine concerns.
A 2021 ITRC report states that 29% of identity fraud victims are, in fact, repeat victims. This resulted in their inability to meet financial obligations, incur more debt and even find proper housing. Three out of four victims in 2020 still have their issues unresolved by April 2021, the report states.
Long term impact
By now, we have learnt that identity fraud cases are difficult to trace and resolve. Being a victim of identity fraud is one thing, but remaining a victim can be a nightmare.
Unfortunately, the internet never forgets. Stolen identities and data are endlessly duplicated and shared amongst criminal groups. While certain information can be made obsolete, such as changing phone numbers, email addresses and credit cards, core information such as NRIC numbers, full name and birthdays are almost impossible to expunge from the online world.
This is the reason why there are many common repeat victims of identity fraud. Such an event weighs heavily on the victim’s emotional toll in the long term. The same ITRC finds that half of the victims feel more stressed than usual, and feel violated that their identity is misused. Many of them felt powerless and even 8% of those surveyed had contemplated suicide.
Victim comments have ranged from “I’ve always been poor, but [Identity fraud] has made my life a living nightmare”, to “I am ready to give up all together”. Identity fraud victims may be figures on a report, but each tells a heart wrenching story with tangible impacts, of which they have to carry all their lives.
ID assurance solutions could be the answer to identity fraud and it is still a relatively new space. However, it is increasingly relevant now more than ever.
Almost everyone today has an online persona which leaves behind digital footprints at every step. This has yet to take into account the growth of applications reliant on location services and contact tracing solutions.
As a regional ID assurance provider in ASEAN, Innov8tif Solutions attempts to make the online world a safer place for everyone. Check out our solutions page to learn more!