The Veriff Identity Fraud Report draws conclusions about the current state of identity fraud. These are based on contemporary research and millions of data points gathered through our verification flows between January and June 2019.
Sarah Hamid, October 24th, 2019
Starting with an overview of the current state of fraud in a growing digital economy, the following report will shed light on the causes and forms of online identity fraud today, and close with industry-specific recommendations on how to put a stop to it.
Since the birth of the World Wide Web 30 years ago, it has become an inseparable aspect of day to day life. Within only a year, the number of users on the Internet increased by 9.1%, compared to a relatively small 1.1% increase in the total population.
Source: Data Reportal
Whether it is the sheer increase in the volume of online users, or that fraudsters are innovating at a faster rate than corporate security teams and anti-fraud technology, trust online is increasingly difficult to uphold. If you find this tough to swallow, take a look at the cost of identity fraud for people and businesses.
In 2018, a staggering $1.48 billion in losses resulting from online fraud complaints reported to the Internet Crime Complaint Center. That’s a 28% increase compared to their 2017 numbers. Businesses aren’t safe either. A 2018 survey published by EY revealed that 33% of surveyed business leaders saw fraud and corruption as one of their greatest risks.
Fintech companies and banks usually come to mind when you think about fraud, but other industries are just susceptible albeit in different ways. According to a study by ThreatMatrix, the fraudulent new-account trend makes global e-commerce transactions ten times riskier than they used to be.
Adding to that, our data gathered from millions of verifications a year detect that as much as 5% of all attempted verifications are fraudulent, with some industries like cryptocurrency and blocktech seeing rates as high 24.6%.
While identity fraud has a severe impact on private individuals and businesses, it also trickles into political and social issues. Without proper identity verification practices in place, corruption, social manipulation, and a pervasive sense of doubt become serious problems in the modern world.
Back in 2013, the European Commission found as much as 16% of online reviews were fake. A more recent study by the Washington Post in 2018 estimated 57.8% of reviews for selected products were suspicious.
Rather than bots, which are easy to detect, most fraudulent reviews are a result of multi-accounting. Entirely preventable with the right identity verification process in place, review fraud is particularly disturbing when noting that 84% of people trust online reviews as much as they trust their friends.
Trust in online reviews is just the tip of the iceberg. The increasing polarization in today’s social and political spheres is undeniable, and the rise in online adoption has also contributed to the volume of misinformative media channels and accounts online.
According to the 2019 Digital News Report, almost a third of surveyed participants claimed that they actively avoided the news. Moreover, trust in social media platforms like Facebook and YouTube is also flailing, both as a result of hate speech, fake accounts, and compromised user privacy as seen in the Cambridge Analytica Scandal.
What were once best practices for online safety have become easy to hack by even the most amateur fraudsters. Research by Amnesty International found that hackers were easily capable of breaking into thousands of Yahoo and Gmail accounts, even those with 2FA enabled.
Other forms of account takeover fraud are also making use of artificial intelligence, and in March 2019 the chief executive of a UK-based subsidiary was impersonated by an AI-based voice manipulation software. The attack resulted in a fraudulent transfer of $243,000, as well as concerns regarding the rise of innovation on the wrong side of the fight against identity fraud.
The future of fraud prevention will ultimately rely on advances in machine learning and AI-based solutions that are capable of countering such attacks, especially as they increase in volume.
Combating identity fraud and the many facets of its damage calls for changes in the current approach to user verification online. With the rise of internet adoption, fraud innovation and a growing reliance on online reviews and digital media are inevitable.
We expect to see more verification checks in online services like marketplaces and social media platforms, as well as a couple of other trends that will make more effective identity verification essential in 2020.
The Fintech industry is already on its way as far as regulatory pressure for higher security goes. On September 14, 2019, the European Union PSD2 directive went into effect, forcing all financial institutions to implement Strong Customer Authentication (SCA) practices.
The authentication options include a one-time passcode, push notification, and a login or transaction supported by public-key cryptography. And even with these SCA practices in place, our data shows that there is still room for fraud to take place, particularly when it comes to two-factor authentication methods.
It is expected that companies across all sectors will search for a more secure form of login that does not solely rely on the increasingly vulnerable device authentication. Identity verification software like Veriff will offer much-needed security across a range of services, offering a secure alternative that does not cost companies conversions.
Veriff is used to connect companies with honest customers. Millions of data points collected between January and July 2019 via Veriff’s end-user flow pinpoint the core causes of online identity fraud. However, different industries have varying levels of risk depending on the markets they serve, the nature of the product, and the incentive to commit fraud.
Here are the most common categories of fraud across all industries investigated:
Velocity Abuse: The same user verifies themselves multiple times after previously being approved.
When it comes to financial institutions such as peer-to-peer lending marketplaces and banking applications, the most prevalent form of fraud falls under the umbrella of suspicious behavior.
Suspicious behavior encompasses a range of actions monitored via live video feed that suggest the user is unaware of what is occurring, or that the person being verified is not even physically completing the verification process.
The most common form of suspicious behavior observed by is when customers appear to be guided through the process, unaware of what the verification taking place is for. This suggests coercion, alongside other common cases where a third party is holding the ID in front of the end-user, who is simultaneously being guided over the phone or via remote desktop software.
Other, less common cases of confirmed fraud include falsified documents, photos that are either printed out or not taken during the live session, slideshows used in the video feed, or previously detected fraud activity. Document tampering is also seen in the form of spotted irregularities in IDs and attempted impersonation as the verification process is attempted with another person’s ID.
With the majority of fraud cases identified through live video activity, the fintech industry must be particularly vigilant when it comes to preventing identity fraud.
Account takeover fraud, in particular, is a high risk, and less secure methods such as a one-time passcodes do not adequately prevent cases of coerced or suspicious logins. In short, the SCA practices enforced by the European Union PSD2 directive do not cut it.
Like the Fintech Industry, the most common form of identity fraud seen in our clients in the gaming industry result from suspicious behavior observed in live video feeds during the verification process.
However, our gaming industry clients, consisting primarily of esports platforms, see nearly six times more cases of suspicious behavior, which is possibly a result of the appeal of competitive esports to underage audiences.
Our Gaming clients experience suspicious behavior in 7.69% of all verifications, although not exactly in the same way as fintech clients. In addition to appearing unaware of what the verification process is for, and being guided by a third party, gaming clients also see cases where a third person is submitting a session while the customer is entirely unaware of the process.
Other industry-specific cases include attempted personation, with minors using their parents’ identification documents as the most common. Document tampering is also seen although not quite as much, and the least common form of identity fraud comes in the form of photos shown from another device which do not belong to the person completing the session.
The competitive gaming industry is booming, with esports in particular set to hit $1.1 billion in revenues in 2019. As the number of investments and interest grows, so will the incentive for identity fraud, both for the sake of accessing high-earning accounts and to bypass age restrictions. Staying vigilant as demand increases will be the key to managing higher volumes of users and fraud.
The mobility industry has some of the lowest identity fraud rates, with suspicious behavior and confirmed fraud nearly neck to neck as the top causes. The mobility sector is relatively new and developing fast, which may explain the significantly lower prevalence of identity fraud in comparison to established industries with higher levels of risk.
Of all forms of suspicious behavior, the most common was the customer being guided through the process while seemingly unaware of what the verification was for.
Confirmed fraud was often in the form of verification being performed from a compromised device or using an ID that was previously flagged for fraudulent activity. There were also cases where the photos shown during verification were from another device and did not belong to the person submitting the session.
As the mobility sector continues to shift focus away from production and moves towards more service-based business models, account security and anti-fraud practices will become increasingly important.
Continuously monitoring fraud cases and adapting security measures accordingly will play a huge role in maintaining these low rates in an industry that is growing fast.
Cryptocurrency and blockchain services experience the highest rates of fraud. The most likely cause for this is the nature of promotional activity in the sector, which usually involves “airdrops” or free money campaigns that give fraudsters a high incentive to cheat the system. This is why velocity abuse is seven times more likely to happen than suspicious behavior.
The most common form of velocity abuse is when a customer is attempting to verify themselves multiple times after being previously approved. This can be done with the same identification document or with different customers using the same device.
Our crypto industry clients also see forms of suspicious behavior unique to the sector, such as users appearing under the influence and sessions accessible from more than one country and device, suggesting scamming.
Farming is also uniquely prevalent, where the same user repeatedly submits sessions of other people in the same settings, usually with the portrait pictures taken by someone else. Known fraud in the form of printed photos is also common, as well as slideshows in the video.
Because cryptocurrency is built on the principles of anonymity and decentralization, introducing identity-based security measures might be faced with high resistance. However, Know Your Customer (KYC) compliance laws will soon apply to many forms of cryptocurrency services, particularly exchanges and wallet services that include the use of fiat currencies.
With the regulatory environment gaining momentum, it is recommended that cryptocurrency and blocktech companies implement identity verification as soon as possible to minimize the friction that will occur as a result of the transition.
Part 2 of this identity fraud report will be released in 2020, including data from the period of July to December 2019. Keep your eyes on our blog and social channels for more news in identity verification and fraud prevention tips.
Sarah helps people find the right match between words and ideas. As a copywriter and editor, she is responsible for unifying Veriff’s tone of voice across all channels.