The results are in from our annual Identity Fraud Report 2022, and it’s bad news for business: not only is there more fraud out there, it’s also getting harder to catch.
At Onfido, we’re document and biometric identity fraud specialists. Our expert tech and team verify millions of identities every year. That gives us a unique perspective on the latest trends being developed by fraudsters as they attempt to defraud businesses by whatever means necessary.
In this blog, we examine three key insights we’ve uncovered as to why identity fraud is getting harder to catch.
Fraudsters continue to invent new methods of attack
Fraudsters aren’t stupid, and they aren’t lazy. They continually work to find flaws in systems and the most scalable ways to exploit them.
They’re creative, too. Findings from our report showed that as the pandemic closed some doors, it opened others. Fraudsters weren’t deterred by the disruption, but used it to their advantage. New methods of recruiting money mules and attacking systems emerged and will continue to evolve with the changing market landscape. In fact, our data shows that fraud rates held steady for the first few months of the year, then rose sharply from April 2020 onwards.
In short, fraudsters care about improving their ROI just as much as you do. They think strategically and work hard; they test, iterate and scale.
Types of identity fraud:
When we assess the identities we’ve flagged as fraudulent, we split them into three categories: easy, medium and hard.
Easy: Where document elements are clearly wrong—for example an obviously wrong font, or where the photo has been clearly attacked.
Medium: Less obvious errors, such as using fonts that are less visibly incorrect, a photo printed using the wrong technique, or imitated security features.
Hard: Cases which would only be detectable with enhanced knowledge of document manufacturing, security features, printing, and deliberate mistakes.
This year, the proportion of ‘easy’ fraud rose from 57% to 70%. You might be thinking that means that the development of new fraud techniques has slowed, that fraudsters are getting careless and that you can afford to take your eye off the ball. But you’d be wrong.
‘Hard’ fraud is getting harder
One reason there’s more fraud in our ‘easy’ bucket is because we’ve adjusted our categorization to meet with customer expectations.
Because so many new and sophisticated techniques are being developed, we’ve moved some types of fraud down a grade. Some of the ‘hard’ techniques from last year would now only be a ‘medium’ challenge for our systems.
Though the naming conventions have stayed the same, the fraud within them is getting harder all the time. What’s now in the ‘hard’ bucket is really hard – the kind of sophisticated attacks that only leading-edge AI and Machine Learning tools and very experienced experts would be able to identify.
We can expect that as the game of cat-and-mouse continues, as new defenses are put up and new attacks are made against them, that bar will get even higher next year.
What’s next? Businesses need to be prepared
To prepare for the year ahead, and effectively protect your business, you need to know what to expect.
On the document fraud side, one of the big trends we expect to gain pace over the next year is synthetic identity fraud. On the biometrics side, replay attacks are gaining prominence, and are particularly challenging to protect against.
It’s essentially an arms race - and for businesses, the stakes are high. Many have already faced enormous reputational and financial losses thanks to hacks and data breaches over the last few years. During the pandemic, fraudsters increased activity and financial services were among the hardest hit. What was already a hard job is getting harder.
That’s why businesses need to be proactive. Now’s the time to assess your tech stack and ensure it’s properly calibrated for an evolved risk landscape. We can predict the direction fraudsters are headed in and we’re already building the tools and techniques to protect against them.