We're proud to present our Identity Fraud Report covering all of 2020, looking at the trends and changes we've observed throughout the last 12 months. We'll look at the effect of Covid-19, how the major industries we support were affected, and make our recommendations for 2021.
Patrick Johnson, December 15th, 2020
ShareLove this blog? Why not share it with the world?
When discussing identity fraud it’s easy to assume that its origins lie in the information age, when software first enabled fraudsters to commit digital theft – but that’s not the case. Identity theft dates way back to the pre-digital age and can be categorized as any record of someone stealing personal information with the aim of committing fraud. Take for example US election fraud during the 1800s, when the paper ballot system replaced voice votes and enabled cooping.
Today, personal data is everywhere and the sheer volume of user-generated Internet data grows exponentially each day. Despite the enormous levels of risk at play, we use the Internet more than ever before; we do everything online, from taxes to investing to health care. Over the past two years alone, we’ve generated 90% of the world’s online data. As engagement climbs and digital footprints grow, the increasingly valuable concept of one’s digital identity, and the wealth of aforementioned precious information, become more and more available and prized to bad actors.
Fraudsters use the identities of others to violate the law by stealing money, obtaining loans and trading data in a way that their typical victim doesn't notice until the damage is already done. Criminals can use various techniques to obtain personal data such as phishing, malware, social engineering and other tactics you can read about in our blog.
Last year, 20.3% of all FTC complaints were reports of identity theft. Of the 3.2 million reports received by the Consumer Sentinel Network, 1.7 million were fraud related and over 650,000 were identity theft complaints with a reported loss of $1.9 billion––an increase of $293 million from 2018. Additionally, according to Statista, the risk of identity theft has increased significantly since the coronavirus outbreak began and is expected to increase even more in the coming months.
2020 was an unpredictable year, and equally as wild for our personal lives as it was for digital fraud rates and fintech adoption. For some companies, and even industries, identity verification went from a ‘nice to have’ to a ‘need to have’ in a matter of days. At Veriff we protect companies from a wide range of attacks using some of the most robust tech in the industry, and here are some unique insights we found in the three industries we work with the most: crypto, fintech and mobility.
As a leader in eKYC and digital ID verification, Veriff analyzed millions of verification sessions and data points from across the globe to ascertain the most prominent trends of 2020. Fraud is on the rise – which isn’t surprising, considering that the majority of businesses have moved online due to the Coronavirus pandemic. Thus, it’s more crucial than ever to be sure your customers are who they’re claiming to be.
Online fraud is the use of web services to defraud people or otherwise take advantage of them. Some of the most common types of online fraud specifically include new account fraud and account takeover. In cases of new account fraud, many times bad actors will create “synthetic identities” (fake identities created using real information, like social security numbers) to start using online services. These identities can incorporate a mix of real and fake information, data stolen from honest people, falsified documents, modified real data and/or fully fraudulent identities purchased on the dark web. In cases of account takeover, criminals get access to people’s existing accounts and start doing online transactions on their behalf.
A growing phenomena in online fraud is deepfakes: synthetic media whereby an image or video of a person is replaced with the likeness of someone else. Veriff encounters deepfakes on a daily basis as fraudsters try to fool the system and get through our verification flow while pretending to be someone they are not. Luckily the technology we use at Veriff is much more sophisticated and does not rely solely on biometrics; we combine many different data points when detecting fraud.
The 2020 Coronavirus pandemic led to a huge rise in the adoption of digital solutions, changing the way that many industries operate – and the ensuing lockdowns led to a massive increase in online activity, with fraud rates following suit. Arkose Labs’ Q4 2020 Fraud and Abuse Report reveals that attack volumes doubled (as compared to H2 2019, leading to a 25% attack rate increase across all transactions).
Veriff saw fintech fraud more than triple in spring ‘20 during the initial COVID outbreak, reaching over 5% at times as people moved their banking online (see Graph 1).
Graph 1 - Fintech Fraud Rate in 2020
Mobility fraud exhibited a sharp increase, starting in September (see Graph 2) as more mobility service providers launched and people began relying on safer alternatives to public transportation such as scooters, mopeds and cars.
Graph 2 - Mobility Fraud Rate in 2020
Crypto fraud rates are the highest of these three sectors numerically (see Graph 3), but Veriff did not witness any extraordinary jumps during the year such as with fintech and mobility.
Graph 3 - Crypto Fraud Rate in 2020
Veriff can verify identities from almost anywhere in the world, covering more than 190 countries and territories. When looking at where we see the most online identity fraud attempts globally, the United States (see Graph 4) is the leading country with close to a 10% fraud rate (meaning 10% of all verifications submitted were fraudulent).
Graph 4 - Top 5 Most Fraudulent Countries in 2020
Here’s a real fraud story from the US that we came across at Veriff:
“We noticed abnormal traffic associated with a car dealership located in the US. In addition to the store’s employees opening crypto accounts and verifying themselves at the spot in the shop, it seemed like shop’s customers were also asked to pose with their documents as a part of the ‘store procedure'. Some of the sessions were guided by what we think was an employee of the shop, some were carried out independently by customers sitting in cars. Unfortunately, this didn't lead anyone to getting a good discount at the car dealership, but a free crypto account was created on their behalf without their knowledge.”
Illustration by Miina Vilo
People use different types of documents when verifying themselves and Veriff supports close to 9,000 different government issued IDs. When looking at the document types that fraudsters use most often in attempts to commit fraud, we see that over half of them opt for an ID card (see Graph 5).
Graph 5 - Document Types Fraud in 2020
One reason for this trend is standardization. Passports, for example, exhibit similar quality and security standards globally whereas the appearance and nature of ID cards differs widely by region. In other words, creating a fake Estonian passport for online identity verification purposes would be around the same level of difficulty as creating a Venezuelan passport. However, when looking at ID cards, a Venezuelan ID card is much easier to fake than an Estonian ID card.
Globally, the documents that we decline most often due to suspected tampering are Vietnamese ID cards (13% fraud rate) followed by the U.K. drivers license with 8% (see Graph 6).
Graph 6 - Top 5 Documents Declined as Suspected of Fraud in 2020
When analyzing American fraud trends, the most common document type presented by fraudsters is the US passport (see Graph 7). Thus it is also the most declined document type (due to suspected tampering).
Graph 7 - Top 5 US Documents Used by Fraudsters in 2020
In autumn, Veriff launched a barcode scanning feature that enables businesses to extract document data automatically, leading to a higher rate of more accurate data extraction. PDF417 barcodes are a standard feature on the back side of all United States and Canadian driver's licenses, making Veriff’s scanner a secure and reliable way to catch instances of document tampering.
The identity fraud that Veriff tackles on a daily basis can be divided into four types.
Table 1. Main Fraud Types
Fraud types vary dramatically by industry. Let's take a look at each of our core markets in more detail.
As mentioned in our Crypto Fraud Report, the cryptocurrency market exhibits the highest fraud rates when compared to the other industries that Veriff works with. In fact, this trend has remained stable since 2019 when we wrote our first fraud report.
“The biggest value that Veriff brings us is the KYC and compliance, where we’re removing a lot of the bad actors and stolen IDs. With velocity abuse, where when someone has stolen loads of IDs and they’re trying to sign up, Veriff helps us detect where they’re coming from and recognizes the repeat use of a device. The benefits of the combination of these tools allows us to reduce the fraud rate and meet our compliance regulations as well.” – Chris Adjei-Ampofo, CIO, Uphold
This year, recurring fraud accounted for over 50% of fraud attempts in crypto – making it by far the most prevalent type.
Recurring fraud breaks down into two types, one of which is basic ‘recurring’ fraud, where a fraudster has been successful and comes back to try again. The other is velocity abuse, where after getting approved once fraudsters try to abuse the system and get approved as many times as possible, normally verifying different real users without telling them what they’re being verified for. Fraudsters tend to go as far as creating synthetic identities, where they try to create a new identity by combining their real information in conjunction with fake data.
Graph 8 - Fraud Types in Crypto in 2020
Identity fraud is the second most prevalent type of fraud in crypto. This is more familiar to a wide audience, seeing attackers attempt to impersonate legitimate users with the assistance of fake data.
Here’s a true fraud story we came across from Italy.
Forging a photo on the document is one thing, but forging the person presenting this document is a whole other story! A guy from Italy has printed out the document with a nicely crafted face on it, and in addition to it he designed a life-like mask matching the identity on the document he was showing. If only he knew we were able to see him ‘changing faces', he probably wouldn’t have gone this far.
Illustration by Miina Vilo
Compared to H12020, we’ve seen an 11% increase in fraud rates in H2 (see Graph 9).
Graph 9 - Identity Fraud Rate in Crypto 2020
Since crypto technology is fast-moving and more and more businesses accept crypto payments, the increase in fraud rates is not surprising. Fraudsters look to leverage uncertainty and new procedures enabled by the pandemic, as many people are forced to move more of their lives online and some of them discover online services for the first time. For example, as many lost economic stability when the pandemic hit they are now more exposed to so-called 'investment scams' in which criminals convince people to invest into a 'new and developing' cryptocurrency by promising huge returns. There were also cases of scammers posing as trusted e-commerce sites and luring customers into buying COVID-19 treatments via crypto payments. People unknowingly exposed their identities, which fraudsters then re-used for illicit purposes.
As for the countries with the highest fraud rates in crypto, the US leads the way with over 10% followed closely by Vietnam and Nigeria (see Graph 10).
Graph 10 - Top 5 Fraudulent Countries in Crypto in 2020
Fintech has become an essential part of everyday life for customers and institutions. As more and more services are digitized and clients don’t have to physically meet a financial representative to open accounts or perform transactions, fraudsters' appetites grow alongside demand.
"With the help of Veriff’s technology, TransferGo is able to verify a customer's identity fast but also in a most secure manner. We are able to prevent any attempts by fraudulent individuals looking to register or use our service. Our partnership with Veriff also supports Know Your Customer (KYC) and Anti-Money Laundering (AML) checks during the initial sign-up process." – Baran Ozkan, Director of Product at TransferGo
The most prevalent type of fraud in fintech is identity fraud (see Graph 11).
Graph 11 - Fraud Types in Fintech 2020
In order to detect whether a verification has been unlawfully initiated with someone else’s document, we compare the extracted faces from a selfie and a document photo. If the confidence of similarity is too low, we decline the session. If we’re not sure, we highlight the appropriate risks and leave the decision for a specialist. If they match, the session is algorithmically approved using our ML stack. If the same user submits a verification attempt in future, we can crosslink the incoming session with previous sessions through face embedding and present risk labels suggesting previous attempts of impersonation.
Compared to H1 2020 we’ve seen a 7% identity fraud rate increase in H2 (see Graph 12).
Graph 12 - Identity Fraud Rate in Fintech 2020
The highest fraud rates in the fintech sector are seen in Europe. With close to 5%, Romania takes the lead (see Graph 13) followed by the United Kingdom and Spain.
Graph 13 - Top 5 Fraudulent Countries in Fintech in 2020
Identity verification is critical to most businesses – but when talking about mobility, a high value asset is being handed over to a stranger. Knowing that person’s identity and predicting the behavior of bad actors is absolutely critical to a healthy, compliant and secure mobility company.
“On top of the strong time-saving automation component, we consider Veriff’s category extraction feature a game changer, as it fully enables the car-sharing use case. In particular, fraud and damages are an increasing concern in the mobility industry – so of course high cost assets such as a car, or a luxury car for that matter, need to be safeguarded: precise license identification strongly contributes to this.” – Nicholas Kirk, Head of Business Development, goUrban
In the mobility sector the most prevalent fraud types are identity fraud and recurring fraud, which are almost equally as common (see Graph 14).
Graph 14 - Fraud Types in Mobility
If fraudsters do manage to abuse the system, they will come back and try again; if they fail, they will still come back – and try twice as hard. Luckily, recurring fraud is where Veriff’s crosslinks shine the brightest. If we’re confident that the end-user has committed fraud before, we’ll automatically decline all the recurring attempts associated with the same person, device, or document.
If the same person, device, or document, have been found approved in the historically submitted sessions, all the recurring attempts will be declined with Velocity/Abuse – a feature that ensures that no end user abuses your service via multi-accounting.
Compared to H1 2020, in H2 we’ve seen a 16% increase in recurring fraud rates (See Graph 15), which pushed identity fraud down to the second most prevalent type of fraud in mobility.
Graph 15 - Recurring Fraud Rate in Mobility in 2020
As the use of scooters skyrocketed in many cities because of the pandemic, the increase in fraud is expected. We’ve seen many cases of underage users attempting to get illegal access to vehicles with another person’s legal ID, or attempt to fool our system by showing images from their mobile device.
When it comes to regional mobility fraud rates, the Netherlands takes first place with a fraud rate of over 10% (See Graph 16).
Graph 16 - Top 5 Fraudulent Countries in Mobility
Fraud detection is much more than just making sure that two pictures match – one needs an intelligent, configurable decision engine in order to reliably detect fraud. You can’t even trust your own eyes – people are subjective by nature and make mistakes when handling large amounts of data. To escape that, Veriff built an intelligent fraud prevention engine (see Image 1) that leads with automation and calls on human intuition for specific data points only when absolutely necessary . We leverage device, network, document, video, biometric and behavioral information concurrently to properly balance speed, accuracy and fraud prevention in the verification process.
Image 1 - Veriff’s Decision Engine
The fraud prevention engine can be broken into smaller pieces (see Image 2) but all of them revolve around our proprietary device and network fingerprinting solution.
Crosslinking allows Veriff to group together sessions that share similar data points. Examples can include sessions submitted by the same person, on the same network, with the same device and/or using the same document. Based on previous knowledge, fraudsters don’t tend to limit themselves to one try...they’ll try to get verified today, tomorrow and in the upcoming months – and they won’t stop as long as identities are available to them. All the information from crosslinks is taken into account by our automatic decision engine, and is forwarded to our clients.
Velocity/Abuse ensures that no end user compromises your service via multi-accounting. Taking into account all of the information we see through crosslinks, we can automatically shut down users if they, their document or their device have been approved before. We have three velocity checks that can be activated altogether or independently from each other:
Image 2 - Veriff’s Fraud Prevention Engine
Risk labels verbalize signs of fraudulent behavior in verification sessions. These labels are used by our specialists in more detailed security reviews in addition to being supplied to our clients. They provide insight about the final decision and help in post-verification analysis.
Ultimately, in all industries, fighting fraud is the area where a digital identity verification provider like Veriff comes into its own, and here are 5 reasons why your company needs Veriff.
Keep your eyes on our blog and social channels for more news in identity verification and fraud prevention tips.
If you’d like to learn more about Veriff’s fraud prevention technology, you can visit our website or contact us via firstname.lastname@example.org.