Identity fraud isn’t going anywhere. Over the last few years fraud rates have climbed steadily, and by now over half of businesses have been hit by fraud at a cost of $42bn.
Thanks to Covid-19, that trend is only accelerating. And with so many digital transformation projects taking place this year, the market is likely to remain volatile. This poses more opportunities than usual for fraudsters - and businesses need to be prepared for 2021.
Below we examine some of the trends our Fraud Team is predicting for the year ahead, and how you can protect your business against them.
1. Fraudsters will continue to develop and innovate new forms of attack
The surge in users conducting business online is driving fraudsters online too.
Documents and biometric signals presented in 2D are harder to assess in digital environments. It becomes more difficult to tell the signs of manipulation, plus successful fraud is more scalable online. This creates opportunities for fraudsters.
And sophistication in document fraud is increasing. Fraudsters are honing techniques and sharing information online. Onfido expects to see increased document fraud as fake ID cards are printed and laminated.
So hard fraud is getting harder. But at the same time disruption caused by the pandemic means there are more first-time fraudsters out there - driven not only by opportunity but also genuine financial need.
With low volumes of complex, high-impact attacks, as well as higher volumes of unsophisticated attacks from everyone else, businesses face attacks from both fronts and need to keep on top of both. The good news is that identity verification solutions, like Onfido, evolve alongside the fraudulent attacks. Machine learning techniques, which are always learning, continue to improve with each check.
2. Biometric fraud will become more sophisticated
Most biometric fraud is rudimentary and easy for intelligent verification systems to spot. But some are more challenging, including deepfakes and replay attacks.
Deepfakes are digital media, like videos, in which a person’s existing image or video is replaced by someone else's likeness. They are mostly recognized as a form of entertainment used by amateur hobbyists, for instance on social media. But they can also be used for more malicious purposes, such as attempts to bypass identity verification systems. Sophisticated efforts like these are less common in real-world applications as it's complex, costly and time-consuming to produce them.
Replay attacks are also becoming more prominent. Fraudsters can a) circumvent the device camera to insert stolen or deepfake video b) infect the device with malware to interfere with the data being sent c) attempt to attack the API directly and send fraudulent signals there.
As deepfakes and replay attacks become more common, businesses will need more creative ways to cross-reference and verify identity signals. For example, comparing the amount of light in a selfie with time of day. Continued development of these signals will be a priority for businesses and providers.
3. Synthetic identity fraud will increase
Synthetic identity fraud combines real information (like a stolen social security number) with fake details (for example a made up name) to create a whole new identity. This identity is then used to apply for credit online. Find out more about synthetic identity fraud here.
We expect to see significant activity in this area over the coming year, given the availability of stolen data that’s now online. The recent hack of the US Census, for example, means that nearly every US adult’s personal information is available to buy online.
Because of the amount of stolen data available online, credit and database checks will no longer be sufficient methods of proving identity. So businesses should consider other methods of verification, such as biometrics.
4. Coercion attacks will pose a growing concern
Coercion requires no technical expertise, but poses a growing concern because it is difficult to detect. Instead of stealing an identity, fraudsters coerce victims into opening legitimate accounts and then use them for illegal activities.
To identify coercion you need to assess intent, which is difficult for humans to identify, let alone automated solutions. One sign of coercion could be someone else in shot when a biometric check is being completed. But this could just as easily be a friend or family member helping with the technology. Businesses and identity providers alike should be aware of this growing threat.
5. Cash incentives will continue to act as fraud honeypots
While not new, it’s surprising this is something we’ll continue to see in 2021. Fraudsters will continue to take advantage of marketing campaigns that promote cash incentives. They do so by targeting bonus promotions when opening a new account, referral bonuses, or extreme currency fluctuations. They open multiple new accounts with the same original identity document and different details, such as email addresses, and then reap the monetary benefits.
In one case we’ve seen, a vendor had 700 suspicious accounts opened. A quick analysis revealed that 90% of the new accounts were opened with one original ID. We suggest that all companies deduplicate new accounts based on personal information extracted from the user’s identity document.
6. The financial services industry remains the biggest target
According to our data, financial services was the hardest hit industry in 2020. This industry is always at risk of identity fraud, but suspicious behavior has become harder to catch because of changes to spending habits, even among legitimate users, resulting from the Covid-19 pandemic.
As a result, massive transformation is already occurring across the digital and mobile channels that financial institutions use to engage with their customers. The combination of machine learning with biometrics to provide new experiences, such as facial and fingerprint verification instead of passwords, is likely to become more popular as a mode of verification and authentication.
For more insights and tips on what identity fraud trends to prepare for in 2021, take a look at Onfido’s Identity Fraud Report 2020.