The DNA of modern fraudsters

What’s one thing that modern fraudsters have in common? Anonymity.

Anyone can be behind the screen. There’s a new wave of digital fraudsters who are taking full advantage of the online world and any uncertainty surrounding identity. So what does this mean for fraud prevention strategies?

The threat of fraud

It’s no secret that fraud continues to pose a huge threat to businesses around the world. Newly released Federal Trade Commission data found that consumers lost more than $5.8 billion to fraud in 2021, 70% more than the previous year. Plus, a study from Juniper Research "found that merchant losses to online payment fraud will exceed $206 billion cumulatively for the period between 2021 and 2025."

The ongoing threat and rising cost of fraud highlight the need for robust identity solutions—things that can pierce the veil of anonymity that fraudsters exploit. This includes document and biometric checks for high-risk industries and measures to help reduce the uncertainty surrounding identity online. That’s what we do at Onfido, and recently we’ve seen some changes in fraudsters’ behavior.

Weekend fraud attacks are on the rise

The Covid-19 pandemic had a long-term effect on fraudsters’ behavior. In 2019, most fraud happened during business hours, Monday through Friday. In 2020 fraud levels were more or less the same across weekdays and weekends. But in 2021, fraudulent activity peaked on weekends. There has been a 50% increase in weekend fraud attacks when compared with 2019.

So why the change? First, the tools available to create fake documents and commit fraud are becoming cheaper and more accessible. This has led to a rise in novice "part-timers" who have joined the professionals, adopting fraud as a weekend side hustle. Second (and more likely a bigger factor), the more seasoned fraudsters believe that companies’ defenses are weaker on the weekend when there is less staff on hand to escalate or analyze potential issues.

Fraudsters are all about efficiency

Another trait of fraudster DNA is that they favor a minimum effort for maximum reward approach. Essentially, fraudsters are simply maximizing their ROI.

One example of ROI optimization is the increasing usage of passports. Last year, six out of the top 10 most frequently attacked IDs we saw at Onfido were passports. In 2020, that list was dominated by national ID cards, and only one passport was featured.

But in the space of a year, fraudsters have found that during remote document verification, they only need to submit one image of a passport—the photo page and overleaf. In comparison, they must submit two images of a national ID card which, like other two-sided documents, has a front and back.

National identity cards are also limited in their usage, but passports are usable in multiple different countries. So the return on investment is much higher with passports, as fraudsters are able to open accounts in multiple countries.

Repeat information could be a sign of fraud

Fraudsters tend to attack en masse, hoping that one attempt will get through the cracks. Once they find a loophole, they will continue to exploit it until that loophole closes. This is called a "brute force attack," and the tools that allow them to do this are becoming cheaper and more widely available. ​​

One brute force technique is duplication. Fraudsters reuse the same or similar information across identity documents—for example, submitting hundreds of the same type of document, reusing the same (or similar) names, faces or document numbers. In terms of effort versus reward, it’s easier for fraudsters to reuse information versus creating new attributes for each fraudulent ID.

Overall, a higher volume of attempts means a higher chance of success for the fraudsters, especially if a business doesn’t have the right safeguards in place. As fraudsters add more tools to their repertoire, businesses need to match them with equally more sophisticated prevention tools.

Fraud prevention relies on technology, education and innovation

But it’s not all bad news. There are many things you can do as a business to protect your bottom line and your customers. Keeping on top of emerging tactics and techniques is just the first step.

For more ways to detect and prevent fraud, take a look at our blog: Detecting fraud — three steps to success.

Leverage biometrics

Biometrics are proven as a superb fraud deterrent. They are much harder to defraud than an ID. It requires a lot more skill, time and resources to effectively replicate someone’s face than an identity document, particularly with modern biometric solutions that check for “liveness” to ensure that the person is physically present. From an effort versus reward perspective, biometrics are a very unattractive avenue for fraudsters, and in an ROI-maximizing fraud universe that makes it a good area to add to your defenses.

Biometrics also offer minimal friction for genuine customers. Advances in technology mean we’re all used to unlocking our phones with our face. Perhaps that’s why biometrics as an identity solution are growing in popularity. FactMR predicts the market will quintuple in the next decade, from $17.1 billion in 2022 to $78.6 billion in 2032.

Adopt de-duplication techniques

As we know, fraudsters often favor high-volume attacks using repeat information. You can work with identity partners who offer attribute reuse tools to keep track of duplicate information. Some organizations, like Onfido, check for both reused faces and reused attributes like ID numbers.

Educate, educate, educate

Not all fraudsters will attack your business directly. Some will adopt coercion and social engineering scams and go after customers and employees instead. On average, each successful social engineering attack costs roughly $130,000 in stolen funds or destroyed data.

Unfortunately, these types of tactics are some of the most difficult to prevent. But the more you can educate your customers and employees, the better protected you’ll be.

Fraud is a game of cat and mouse. Businesses are developing better and more accurate fraud detection and prevention technology every day. But so are the fraudsters. Their methods don’t stay the same—they’re innovative and persistent. Your fraud prevention needs to match that.

Now more than ever, it’s crucial for businesses and fraud specialists to work together to understand and adapt to the threat we face.