In this blog, we look at our document specialist’s top five predictions for identity fraud in 2020. Our document specialist team are our frontline against fraud, and are best placed to know what threats you and your business will come up against next year.
For a more in-depth look at what they expect to see more and less of, and to find out how you can protect yourself and your business, listen to the full webinar recording.
Data breaches will continue to increase
News of data breaches seem to hit us more often than not. Just this year Bulgaria was hit by the country’s biggest ever cyber breach. Hackers accessed the country’s tax agency, and compromised the personal data and financial records of nearly every working adult in the country.
A data hack can compromise anything from data, to biometrics, to images of a customer’s ID document. If this sort of personal information gets into the hands of a fraudster, it can have terrible consequences for the hacking victim. But it’s not only bad for customers. It can also be disastrous for a business’ reputation.
The problem is, data breaches are only becoming more frequent, bigger in scale, and more sophisticated. For the first six months of 2019, the number of breaches increased by 54% compared to the same time last year1. And this trend looks set to continue into 2020. Businesses need to work harder than ever to keep their customer’s personally identifiable information secure.
SIM swaps will become more prevalent
You may be wondering what a SIM swap is. For anyone who doesn’t know, SIM swap fraud is a relatively new form of attack that involves account takeover. It’s used to target two-factor authentication or verification, where the second step is an SMS message, or even a call or email.
Many of us will have experienced two-factor identity authentication in our day-to-day lives. For example, say you’re trying to log into an online account from a different device. You log in with an email address and password, but the device you’re logging in from isn’t recognised. So you get sent an SMS message to your phone, which contains a passcode. You can then use this to log in.
That’s all very well, unless you become a victim of a SIM swap. If a bad actor takes over your phone number, they can take over any account associated with that number. Fraudsters implement a SIM swap either through hacking, or even by bribing employees at mobile phone network providers.
This type of identity fraud often targets high net worth (HNW) individuals . It’s exactly what happened to US blockchain investor, Michael Terpin, who lost $24million worth of cryptocurrency to hackers. SIM swapping is something your business should keep in mind, especially if your client base is made up of HNW individuals.
Cash incentives will continue to act as fraud honeypots
Such incentives can include bonus promotions when opening a new account, referral bonuses, or extreme currency fluctuations.
There are obvious benefits to marketing campaigns which promote cash incentives. Bonus offerings are a great way to incentivize new account openings. They get new customers on board, create more business, and can contribute to overall revenue.
But these sorts of promotions are also very attractive to fraudsters. Often when running a new onboarding campaign, your business will focus on acquiring new customers. The focus isn’t going to be centred around protection. This leaves your business open to bonus abusers—those who attempt to open multiple accounts to take advantage of a promotional bonus—or fraudsters who will try to set up fake accounts.
At the end of the day, it comes down to simple math. If your business sees a spike in the volume of account openings, there’s also going to be a spike in the amount of fraud you see. If you don’t place enough emphasis on security, one successful identity fraud attack could wipe out profit from the marketing campaign.
There will be more experiments to move physical IDs to the digital world
At its current pace, society is moving far quicker than the traditional methods of ID verification. Currently, most physical identity documents are issued from a centralised location, like the government. They have a high level of security because of printing techniques, the way the document is constructed, and other in-built features.
But in our digital age, there are an increasing number of experiments to move away from this traditional model. Physical methods of ID verification are not scalable for businesses. And in some countries, getting access to a form of ID can be extremely difficult. Specialists are giving more consideration to the idea of easily accessible identity documents.
Some of these experiments have included ‘print-at-home’ IDs, or fully digital IDs which are stored on an app. While both of these options improve the questions of access, they also create other problems.
A print-at-home ID has no verifiable security features, no quality control, and is easy to counterfeit or forge. It wipes out all the benefits of a traditional ID document. And fully digital IDs could be temperamental. What if the app or the server crashes, you don’t have access to the internet, or your phone dies? Suddenly your digital ID is useless.
There is currently no perfect solution which achieves the right balance between access and security. But that doesn’t mean it isn’t possible. Part of our mission at Onfido is to look at the next stage of identity, focusing on security, convenience and access.
Deep fakes will complicate biometric proofing
Until recently, video was thought to be a fairly robust way to digitally verify identity through biometrics. But increasingly sophisticated fraud attacks like deep fakes are bringing this into question.
Deep fakes depict people in videos that they have not actually appeared in. To make one, the body or facial movements of one person are transposed onto a static image of another person.
Amateur hobbyists often use them as a form of entertainment, but deep fakes also present severe threats to methods of identity verification. Fraudsters can use them in attempts to dupe identity verification solutions.
As they become more prevalent, it’s something your business should be aware of going forward. Is it time to consider more sophisticated methods of identity verification as a way to combat more sophisticated attacks?
To find out how your business can protect itself from deep fakes and other identity fraud threats, listen to our webinar recording.