Identity fraud is on the rise. Some 79% of global organisations surveyed by the Association of Certified Fraud Examiners said they’d seen an increase in levels of fraud since the start of the Covid-19 pandemic. This includes everything from credit card fraud and phishing to synthetic identity fraud, where someone creates an identity to defraud a business.
We spoke with security experts across Europe about why identity fraud is getting worse, what this means for startups and how businesses can protect themselves.
Digital identity fraud is only getting worse
“Covid-19 has afforded fraudsters an endless array of opportunities,” Adam Desmond, country manager for the UK and Ireland at digital identification company Mitek, told Sifted. With the global population relying on technology now more than ever before, there are more opportunities to exploit consumers — from creating fake accounts under stolen identities to stealing online accounts already in use.
“When we all started working from home the fraudsters did as well,” says Carlo Restelli, VP of risk and data at consumer electronics rental company Grover. Experts like Restelli predict that scammers have likely taken advantage of the Covid-19 chaos to create more fake online accounts, thinking it would lead to a higher success rate — and they’re not wrong.
When we all started working from home the fraudsters did as well.
According to PWC’s Global Economic Crime and Fraud Survey for 2020, 47% of companies experienced a fraud incident in the past 24 months. Each company reported an average of six fraud cases, and customer fraud was the leading incident, representing 35% of all fraud crimes.
Identity fraud already costs the global economy $5tn annually. And in 2020, financial losses due to digital identity fraud increased by 15%. But what does this mean for individual businesses?
Identity fraud can cost your startup money — and your reputation
Fraud costs retailers money when customers create fake identities in order to get their hands on goods or loans that they have no intention of paying for. And if companies are found to be in breach of anti-money-laundering regulations, they can face huge fines. In 2019, global financial authorities fined businesses a record $8.14bn for failing to crack down on money laundering.
But for startups, by far the bigger worry is reputational damage, which often comes in the form of customer database leaks and stolen identities.
“As we are a very young company our reputation is really important, even more than the money loss,” Sergey Federov, head of customer support performance and onboarding at UK mobile fintech ANNA Money, told Sifted.
Founders need to become aware of increasingly sneaky methods scammers are employing, and adapt their security measures accordingly.
When you consider that 44% of consumers said they feel unsafe when transacting with ‘international businesses’, and as much as a third believe their personal data is already available to buy online, standing out as trustworthy and safe is crucial for new businesses.
Founders need to become aware of increasingly sneaky methods scammers are employing, and adapt their security measures accordingly by employing technologies like digital ID verification.
Attacks are becoming more sophisticated
“We are seeing an increase in the sophistication of fakes. It’s really cheap to buy a stolen ID online,” says Federov. Attackers can either buy a stolen identity or create a ‘synthetic identity’ by mixing up real and made-up data.
“Data alone is not enough to verify people — so much data is available on the dark web now, it’s all about layering your documents and your face,” Desmond told Sifted. An example of this layering is when fraudsters layer their own face with a deceased person’s data and documents.
The security challenge for many startups is to ensure their onboarding process for new customers is thorough, but doesn’t put them off by being too time-consuming. ANNA money, for example, does its customer onboarding via a chatbot that makes the conversation flow naturally, like a chat with a friend.
This means identity checks are also becoming more subtle, allowing for a frictionless customer experience. Mitek’s facial verification system will check for blinking or smiling in the selfies taken by customers when registering for a new account — a static picture cannot blink, so it’s a good way to tell if you are taking the picture of a live human, rather than a stolen photo, without requiring extra work from the customer.
Data alone is not enough to verify people — so much data is available on the dark web now, it’s all about layering your documents and your face.
Tech is rising to meet the challenge
Startups and businesses have been trying to combat the rising frauds with digital identification tech, which relies on AI and machine learning to analyse images. “Covid-19 has increased the sophistication of fraud,” Desmond told Sifted. “But you can get a 10-15% of improvement just from using better image capture technology.”
Algorithmic bias is also a concern, which most often affects women, youth and BIPOC. This is a huge liability for businesses who want to maintain customer trust. Businesses have a responsibility to make sure they’re using digital identity verification tech in an ethical way by retraining and updating machine learning and algorithms to minimise AI bias.
Grover, for example, excludes data such as gender and postcodes from the data fed into its algorithm in order to avoid discrimination. Mitek released an executive brief on how businesses can minimise demographic bias when using biometrics for onboarding new customers, including advice on how to test, train and securely store data.
Mitek’s verification tech also uses near-field communication (NFC) authentication, which relies on an NFC chip — it’s used in your phone for apps like Apple Pay or Google Pay — to improve identity verification, as it contains the owner’s biometric data.
Rather than having to compare a customer’s selfie with a blurry picture of the passport photo page, the NFC chip shortens the registration process by taking all the correct details directly from the ID.
But NFC chips only form part of the solution — and technology will have to keep adapting to match the ever-evolving tactics of identity scammers. Founders should continue to assess and evolve their onboarding process and security measures, and use digital identity verification tech to protect not only their business, but also their customers.
To learn more about how digital identity verification can protect your business, download Mitek’s ‘Biometrics, fairness and inclusion’ whitepaper here.
Register now for our next Sifted Talk "What to expect from the future of digital identification?" during which we'll discuss the future of biometric data fraud. (It's free!)