How identity fraud is costing fintechs millions each year

Written by Jacob Sever, co-founder and CPO, Sumsub
15th September 2021

There is no denying that the internet is steadily growing more intelligent with each passing year.

Tools such as deepfake technology are making identity fraud tougher to spot

While this sounds great on the surface – who doesn’t want access to more sophisticated knowledge, after all? – it presents serious challenges as well. One of these challenges comes in the form of identity verification.

Public access to media known as “deepfakes” has grown alongside the availability of more sophisticated internet tools.

Deepfakes are an interesting and convincing form of manipulated and fabricated media. However, the truth is that deepfakes are costing fintechs massive amounts of money every year, and the problem is only getting worse.

In 2020, 47% of all global companies felt the impact of scammers and identity fraud. Preliminary data for the 2021 fiscal year shows that fraud rates are accelerating, and the tools that scammers are using are constantly becoming more complex.

Because these tools are also rapidly becoming widely available, it’s critical for businesses to take cybersecurity seriously.

The world of fake identities is complex and may seem like something out of a dystopian sci-fi novel. Still, it’s a real challenge that companies are facing, and it needs tangible, actionable solutions.

The verification challenge

In the past, selfies used to be an accepted form of proof when it came to document ownership. Online document verification first began in the early 2000s, and it was common practice to send a standard selfie or a document-holding selfie as proof of identity. Today, this is nowhere near enough to prove someone’s identity.

Now, the better way to affirm identity is with a solution called “facial biometrics identification”, which is essentially just a technical way to describe liveness detection and whether the person on the other end of the camera is real.

This is an easier and more effective way for companies to prevent fraud. When you consider the statistics regarding the levels of fraudulent activity around the world, it’s easy to see why companies are looking for more sophisticated and streamlined ways to verify identities.

According to the most recent PwC survey, in 2020 alone, the United States lost $42 billion to fraud.

The survey noted that the levels of fraudulent activity for selfie checks have tripled in the US, and the rates have doubled over liveness verification. In Asia and Africa, those numbers are much higher. The situation in Europe is slightly less severe, but overall, this is a significant problem affecting the global market.

Why the old verification models aren’t enough

Liveness verification has wholly overtaken the simple selfie method when it comes to identity checks, but there are still problems that businesses need to account for.

Confident liveness verification is critical now more than ever because fraudsters are constantly looking for new ways to improve their “synthetic identities” and deepfakes.

Many people are surprised by just how alarmingly easy it is for fraudsters to get convincing fake documents and identities. For example, here are four common ways that someone can quickly obtain a fake ID, passport or other identifying documents:

Buying fake documents from leaked databases. The Darknet has a seemingly endless supply of these documents, and in many cases, the packages cost as little as $1.
Manually creating forgeries and supplementing them with deepfake technology.
Using the Darknet to purchase accounts that are already verified. This takes most of the work out of the fraud, and it only costs around $300.
Intercepting identifying information transmitted over unsecured Wi-Fi connections.

This isn’t even a comprehensive list, but it shows just how many loopholes there are for people who seek them out. By now, it’s obvious why better security is needed to minimise the risks of spoofing.

Newer methods have their own challenges

Companies often ask for custom verifications to get around the most common spoofing tactics, such as a selfie with a specific inscription. There are two big problems with this.

First, these types of requests can still be faked through social engineering. However, the second problem is actually the most serious one. These types of complicated requests can be confusing and off-putting to users.

Some may not understand the instructions, while others may feel like it’s too much of a hassle to finish the process. This results in verification failures due to innocent errors and much lower conversion rates of users who got through the KYC stage.

Ideally, the best approach to identity verification combines a number of anti-spoofing mechanisms in a streamlined process that centers around liveness as the primary tool.

The best way for businesses to address the numerous challenges that come with identity verification is to rely on cutting-edge tools that improve the ease and security of the verification process.

Choosing the right tools can not only improve safety protocols but automate and streamline the parts of the verification process that waste the most time and resources.

Three important steps businesses can take to protect against fraud

Verify users through liveness detection technology

According to estimates, a system that uses selfie verification alone typically allows for 300% more fraud compared to tools that utilise liveness checks.

Identity verification systems with liveness detection capabilities are not fooled by spoof attacks such as 3D masks and fingerprint moulds.

With liveness checks, data is constantly collected from biometric scanners and readers in order to refine the system’s ability to verify if the input is coming from a live person present in real time or from a replica.

For online platforms, these liveness checks may then be used to compare biometric data against the photos attached to a user’s documents, which significantly increases the likelihood that the proper document holders are the ones being granted verification.

Analyse users’ “device fingerprints”

An easy check during the onboarding process is whether or not the photo was created by the same device it was submitted from.

While a discrepancy here isn’t enough to signal fraud, it’s a red flag that is used in conjunction with other suspicious activity markers to make a final decision.

Create and monitor blacklists

In general, it’s recommended that businesses maintain an up-to-date blacklist that details important information about fraudulent activity. This makes it easier to flag new users who may ping any of the data fields in the blacklist.

Blacklists are sometimes seen as controversial, but they don’t have to be. In many cases, a blacklist is an important and useful tool that can help companies make decisions about whether or not to verify potentially controversial users.

They also serve as an added layer of protection against potential fraudulent behaviour.

Why secure, streamlined identity verification solutions are critical

Online identity verification is held to strict regulations and standards. In many cases, companies prefer to use processes that are slow and onerous because they feel confident in the technology.

However, in today’s market, this simply is not enough. Users are accustomed to quick and easy technologies, regardless of what industry they are in. Forcing customers to complete a frustrating, multi-step verification can result in fintechs losing their interest and their business.

Electronic KYC tools have become more sophisticated than ever in response to global and legal demands for better security protocols.

Some of these eKYC tools even allow users to be verified across multiple partner platforms, which drastically cuts down the time and effort that both businesses and users must spend on identity verification.

In the wake of the COVID-19 pandemic, many businesses were forced to shift their operations into digital and remote spaces, and in some cases, this meant adopting new or different KYC practices. Unfortunately, this pivot into digital-only operations made it more difficult to protect against scammers and identity theft.

The good news is that the initial adjustment phase of digital migration has largely passed. Companies are now more comfortable with securely conducting business remotely, and security tools are now running on pace with or ahead of fraudsters.

There is still a lot to be done in the field of facial recognition and AI-based security protocols in order to make the technology faster, sharper, safer and more precise.

This includes constant training and refinement of the AI algorithms to minimise potential problems like false positives, which can be costly mistakes. Improving these algorithms will also help to reduce instances of money laundering, spoofing, insider threats and phishing scams.

Ultimately, the industry should be striving toward making better use of the enormous amounts of data that is accumulated through these security processes in order to gain smarter, sharper insights into criminal activity before it leads to any tangible losses or breaches in security.

About the author