Security Experts:

Identity Fraud: A Major Growth Area for Criminals

The lockdowns of 2020 led to an increase in online activity. This in turn led to an increase in online identity theft and fraud. The question asked for 2021 is whether 2020 was a temporary spike, or an ongoing change in fraudulent activity.

This is the question discussed by Onfido in its Identity Fraud Report 2022, and answered quite simply, “The jump in fraud that was a direct result of COVID-19 appears to be here to stay.” The reason is simple. People may have been forced into more online shopping and remote working, but have liked what they found. That behavior will continue, and so will fraud.

Along with the growth in fraud, the practice of fraud has also evolved. Firstly, there has been a notable shift towards weekend activity. This could be because more ‘amateurs’ have been attracted by the opportunities (working during their own weekend), or it could be a growth in more professional fraudsters launching attacks when IT staff are known be sparser (just as ransomware attackers take advantage of weekends and holidays). Or it could be both.

Secondly, the most frequently attacked ID document has changed. In 2020, it was the ID card. Now it is the passport. This could be because passports are easier to copy (one-sided) than ID cards (two-sided), but also because passports are still considered to be the most authoritative ID.

The single most common fraudulent document detected by Onfido in 2021 was the Belgium passport. This cannot be viewed in global absolute terms because the figures (as with all such surveys) come from the vendor’s own telemetry. They will be high where the vendor has good market penetration and lower elsewhere – and Onfido has strong market coverage in the Benelux countries (along with many other global regions).

Nevertheless, the Belgium passport holds clues to fraudsters’ preferences and practices: highest value targets with lowest possible impediments. “Belgium has had very few changes in the design of the data page of the passport since 2008 and this has given fraudsters ample time to learn how to emulate the security elements on this document,” Onfido’s Dimitrie Dorgan, senior fraud risk manager, told SecurityWeek.

The biggest growth area in fraudulent documentation is that classified by Onfido as ‘medium’ fraud. “This year, 46.82% of all document fraud we saw was classed as ‘medium’. Compared to last year’s figure, that’s a 57% increase,” notes the report (PDF download). ‘Medium’ fraud is described as documents with ‘less obvious errors, such as less visibly incorrect fonts, the wrong photo printing technique, or imitated security features.’

This, says Onfido, is indicative of a growth of fraud rings, where organized groups attempt to create ‘verified’ accounts with fake documents before using them to embark on other types of fraud. The rewards are high. According to an Aite-Novarica report, identity theft losses in the U.S. alone grew from $502.5 billion in 2019 to $712.4 billion in 2020.

“Large-scale operations often undertaken by criminal fraud rings have the resources to conduct sophisticated fraud such as deepfakes, 2D and 3D masks. They might also resort to techniques like coercion. Businesses will see fewer of these types of attacks, but they can cause the most damage in the shortest space of time,” said Michael Van Gestel, head of global document fraud at Onfido. “By incorporating biometric authentication and other sophisticated identity verification methods, businesses can ensure that no matter how fraudsters try to capitalize on the changing situation, they can significantly lower the risk of fraud to their organization and customers.”

Biometric MFA seems particularly successful at preventing ID fraud. Comparatively, the average document fraud rate for 2021 was 5.9%, compared to 1.53% for selfies and 0.17% for videos. “Biometric verification provides more protection against fraud than document verification alone — and a video selfie check provides superior protection over a photo selfie check,” explains Sarah Munro, director of biometrics. “The video user experience in itself acts as a natural deterrent against fraud because it’s a highly randomized active experience. Given that video spoofs accounted for a fraction of all our video checks, this makes it an excellent security measure for businesses focused on making fraud prevention a priority.”

However, it is worth noting that Onfido is beginning to see the use of deepfake AI to generate fake videos and fake audios. There is an arms race between attackers generating better deepfakes, and defenders being better able to detect them.

Another development has been the growth of retail fraud – likely caused by the pandemic-inspired growth in online purchasing. The two traditional primary targets, financial services and professional services, have been displaced by retail fraud. While the former have long been targeted and have evolved sophisticated fraud prevention processes, retail found itself in new territory. “Employees were working remotely, call centers moved from office to living room, processes had to quickly adapt and change. All this created weakness for fraudsters to exploit,” explains Onfido.

Overall, identity fraud has expanded from a business concern into a national concern. Interpol, with whom Onfido works, commented, “Fraudulent documents open up avenues for serious organized crime, including money laundering and terrorist financing. Consequently, failure to identify fraudulent documents in both real-world and online scenarios poses a threat to the global economy, countries, and their citizens. Increasingly, we have to adapt to the digital use of identity documents, as well as physical. Businesses and governments alike are facing challenges when identifying fraud in this environment.”

San Francisco, CA- and London, UK-based identification verification firm Onfido announced a funding round of $100 million in April 2020, bringing the total raised to close to $200 million. Onfido was founded in London in 2012 by Eamon Jubbawy (now with Sequence), Husayn Kassai (CEO), and Ruhul Amin.

Related: Equifax Buys Fraud Prevention Firm Kount in $640 Million Deal

Related: TransUnion Acquires Identity Security Company Sontiq for $638 Million

Related: Mastercard Acquires Digital Identity Verification Firm Ekata for $850 Million

Related: Identity Verification Firm Incode Raises $220 Million at $1.25 Billion Valuation

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.