Identity fraud (or ID theft) is the act of someone stealing your personal information and using it for their own financial gain.
According to data from the European Commission, 20% of Europeans have been a victim of identity fraud in the last two years. While the National Council of Identity Theft Protection found that 1 in 3 Americans have been a victim of identity fraud.
It's a serious problem for both businesses and consumers. And it's likely the problem will get worse as we enter a new era of generative AI technology. Onfido's Identity Fraud Report identified deepfakes are on the rise (they increased 3,000% between 2022 and 2023).
What qualifies as identity fraud?
Any act in which a fraudster uses an individual’s stolen personal information for financial gain, or to commit a crime, qualifies as identity fraud. Such activities include using stolen or fake PII to open a bank account, open a credit application, or apply for official documents. Often, the long-term intention is to launder money or purchase illicit goods.
What is the difference between identity theft and identity fraud?
Identity fraud and identity theft are two terms that are often used interchangeably, but there are some subtle differences between the two. Identity theft refers to the act of stealing someone’s personally identifiable information (PII). For example, via a data breach. This PII is then often sold on the dark web — fraudsters are able to purchase an individual’s information (including their name, date of birth, email address, Social Security number and more) for as little as $4 according to findings from Atlas VPN.
Identity fraud is when a fraudster goes on to use this stolen information for personal or financial gain, or to commit a crime. For example, creating synthetic identities to open bank accounts or obtain credit, performing phishing attacks, or using the information to take over an individual’s account and make illegal transactions.
What are 3 ways someone can steal your identity?
There are many different ways that someone can steal your identity, but cases of identity theft often happen due to:
Data breaches are still on the rise. A data breach is when a fraudster illegally accesses a database or system containing the stored personal information of customers. They can compromise anything from a customer’s address, to their date of birth, passport number or driving license number. This information is then often sold on the dark web.
Synthetic identity theft
Synthetic identity theft is one of the fastest-growing types of financial crime in the US. Fraudsters use a combination of real and fake personal information to create a new identity. They then go on to open bank accounts, apply for loans, credit cards, or commit other crimes — usually for financial gain.
Phishing is a type of social engineering fraud attack. It’s often used to steal user data, such as login details, passwords, credit card numbers and more. There are several ways fraudsters will ‘phish’ for such information. They might send an email, text or even call an individual. Often the fraudster will impersonate someone else (for example the individual’s bank) and ask them to click on a link. This bad link could then download malware onto that person’s computer, or direct them to a fake website. All with the goal of tricking the person to disclose their personal details.
Which industries are most at risk from identity fraud? What documents do fraudsters target? How are deepfakes affecting the fraud landscape?
Get the answers to these questions and more in Onfido's Identity Fraud Report.
What are the 5 most common types of identity fraud?
Some of the common types of identity fraud include:
- Debit and credit card fraud. Probably one of the most common types of fraud — fraudsters use it to make unauthorized purchases. They might steal personal information from a debit or credit card, steal the card itself, or even clone the card by skimming the data held on the chip or magnetic strip. They can also use someone else’s stolen personal information to apply for new credit or debit cards.
- Account takeover fraud. Account takeover fraud is when criminals gain access to an individual’s online account via fraudulent means. Fraudsters withdraw money, make purchases or extract information they can sell or use to access other accounts. The types of accounts that are vulnerable include: bank accounts, social media accounts, government and state benefits, and ecommerce accounts.
- Healthcare fraud. Healthcare fraud is when a company or individual defrauds an insurer or government healthcare program, such as Medicare, to profit illegally.
- Benefit fraud. Benefit fraud is when someone deliberately claims government or state benefits they aren’t entitled to. They might do so by providing fake information.
- False loan applications. Fraudulent loan applications occur when individuals knowingly provide false information on an application. This false information includes knowingly submitting the wrong details, using fake details, or using fake documents.
What are the first signs of identity fraud?
Below are some of the warning signs that you might be a victim of fraud:
- Unexplained bank account withdrawals
- Purchases for goods or services that you don’t recognize
- New credit cards that you didn’t apply for
- Changes to your credit reporting or errors on your credit report
- Sudden changes to your credit score, or an unexpected refusal for new credit
- Collection notices for unpaid accounts or unexplained debts
- Changes to your contact details on important or financial accounts
How can you protect yourself from identity theft?
You can help protect yourself from identity theft and reduce the risk of fraud by:
- Keeping personal information and documents secure, whether that's physical paperwork or online.
- Check for errors on your bank statements, credit reports, medical reports, and credit statements, and report any suspicious activity straight away.
- Ask questions and double-check who you are in contact with before sharing personal information. Especially if someone emails or phones you out of the blue. Calling the business directly or going directly to their website (not via a link) is a better way to guarantee who you’re talking to.
- Stay alert and educate yourself about phishing and spoofing attacks. If something doesn't feel right, it's probably a scam.
- Use strong passwords and authentication steps.
How to report identity theft
Reporting identity fraud is one of the best ways to stop identity thieves. The process for reporting identity theft might differ based on geography. But generally, if you are a victim of identity theft, you should file a police report with the local police.
In the UK, you can contact Action Fraud (the UK's national reporting center for fraud) to submit an identity theft report.
In the US, individuals can report identity theft to the Federal Trade Commission (FTC). This is the United State’s one-stop resource to help people report and recover from identity theft.
How to stop SSN fraud
It’s hard to calculate exactly how much Social Security number (SSN) fraud costs the US economy. But it’s estimated to cost Americans millions (possibly billions) of dollars each year.
If you think you’re a victim of SSN fraud, the first thing to do is to report the identity theft to the FTC. Next, you can request a credit freeze. This restricts access to your credit report and helps prevent fraudsters from using your credit.
You can also set up fraud alerts with the credit bureau. A fraud alert asks businesses checking your credit to verify your identity before offering credit in your name. Finally, if someone used your information to create fraudulent accounts, you’ll need to contact each company involved.
How can businesses prevent identity fraud?
Identity fraud isn’t just something that affects consumers and individuals. It can also affect businesses.
One step businesses can take to prevent identity fraud is to conduct identity verification at onboarding. This can be achieved in a number of ways. By verifying customer data against a variety of trusted data sources, checking identity documents, and verifying biometrics.
At Onfido, we recommend adopting a layered approach to fraud detection, including:
- Data validation: Verifying customer identities against a range of trusted data sources such as SSN, credit bureaus, sanctions and PEPs lists, and proof of address.
- Document verification: Check that identity documents are genuine. Users simply take a photo of their ID using their mobile phone or device, and our AI checks for fraud.
- Biometric verification: Ensure that the biometric matches what is on a submitted ID.
- Fraud detection signals: Leverage passive fraud signals such as device, network and behavioral data.
For more prevention tactics, watch our on-demand webinar, Fraud predictions for 2024: The rise of digital deception and deepfakes.