It’s late on a weekend evening, and I know that now, online security is a little less monitored. It’s time for me to get to work to see if I can get round businesses' fraud detection defences.
Let me introduce myself: I’m Flip, the fictional fraudster. A lot has changed in the last couple of years — and for me and other online identity fraudsters, that’s a good thing. Digital transformation can mean more target opportunities since people are doing way more transacting online now. In fact, I read that more than half of people are more comfortable accessing services online now, than before the pandemic started, and a total of 90% of customers are comfortable accessing services online.
I used to do other small-fry criminal jobs on the side, but then I realized that lots of businesses couldn’t keep their online security on pace with the rise in digital activity. That activity has dramatically increased both from their customers, and also fraudsters like me and some of my buddies who tinker around trying to exploit identity theft opportunities. Now, it’s our main thing that we do all week, around the clock.
The amateur trying their luck
I’m kind of just starting out – a “noob,” you could say. Mostly, I try to create fraudulent accounts or gain access to accounts by using some simple creative techniques like forging identity documents. I can find cheap or free templates for passports and ID cards with a simple Google image search, and swap out names and photos trying to make it look like the real thing. I try to bypass fraud detection systems late at night, when automated systems are left without human fraud analysts monitoring.
The thing is, some companies have strong identity fraud detection systems in place, and my counterfeit Photoshop work won’t fly. And I think I know why: I read a survey that said increasing fraud prevention is one of the top three priorities for more than half US bank executives.
My biggest obstacles are identity verification systems that use strong fraud prevention methods, such as trained algorithms combined with a human in the loop approach. They’ll catch the little things like if I was sloppy and used the wrong security feature on a document, or if the photo is clearly tampered with.
Even worse for fraudsters is when companies employ biometric identity verification techniques. Get through with my fake doc and a real selfie? Not going to happen. Those are the companies that are hardest to bypass.
Maybe I’ll increase volume
Working alone with forged or counterfeit documents doesn’t get me that far, since businesses are stepping up their fraud protection lately. I might be able to open an account here or there, but I’m looking for some bigger bucks.
That’s why I’m talking to some fraudster buddies about how we can get organized and launch some identity fraud schemes that will work if we have a large volume of attempts. We’re planning to find companies promoting new joiner or bonus offers (like a lot of crypto exchanges do), and pool our resources of forged documents to send in a lot of new account applications at once, to get that big payout.
Don’t get me wrong – some companies are ahead of this kind of fraud because they employ de-duplication processes as one kind of fraud prevention tool. They hire identity verification services that not only train their models to recognize data, but to flag faces and personal information used in fraudulent attempts. At these companies, attempts to get sign-on bonuses by using the same face on dozens or hundreds of documents with the personal information slightly changed, just won’t work.
I’ll just keep trying tonight, hoping to find those companies that are lagging in their identity verification processes, so I can get through.
Flip is just one type of fraudster. We outline the behavior and profiles of different types of fraudsters in our Identity Fraud Report.