Identity document validation (and detecting fraudulent identity documents) is a major part of a robust Know Your Customer (KYC) process. Authenticating and verifying government-issued identity documents is becoming more complex and costly due to the innovative ways in which money launderers, fraudsters, and identity theirs are using even the most rudimentary tools to try to spoof identities and create false identity documents.
ID protection and fraud prevention are continually innovating as regulators and law enforcement authorities continuously face threats including:
- falsification by overprint
- adding a laser-engraved personalization
- simulating optical variable devices (OVD)
- grinding to access the core of a document
- high quality “intaglio printing” look-alike in fake passports
There are many different forms of identity spoofing and tampering that exist. Organizations need to be on the lookout and develop strict identity document validation processes.
Onboarding with Geolocation Intelligence
Cybercrime is borderless, location-independent, and most organizations just don’t have the capacity to identify it in time.
One form of protection against this form of cybercrime during customer onboarding is IP-based geolocation intelligence. A bad actor attempting to successfully spoof or assume a stolen identity may use IP-masking techniques such as routing through several virtual private networks (VPNs) whose servers and signal may be located thousands of miles away. Several services now employ methods to block these sorts of tools despite their largely benign use by the general public.
Major forms of cyberattacks which may be thwarted using geolocation intelligence include:
- Email and internet fraud.
- Identity fraud (where personal information is stolen and used).
- Theft of financial or card payment data.
- Theft and sale of corporate data.
- Cyberextortion (demanding money to prevent a threatened attack).
- Ransomware attacks
According to the Federal Bureau of Investigations, here is a list of methods you can use to protect your identity:
- Read your credit card and bank statements each month.
- Never give your credit card number over the phone, unless you made the call and trust the business or person.
- Report suspicious transactions to your credit card company or bank.
- Review a copy of your credit report at least once each year. Notify the credit bureau in writing of any questionable entries.
- Shred any documents with personal or financial information on them.
In addition to using geolocation intelligence, leveraging customer utility data as a form of address verification is extremely useful to identity validation services.
Address Verification Services To Fight Fraud
A potential customer (bad actor) can engage in address spoofing or building a synthetic identity through the use of actually valid pieces of an identity stitched together to achieve some sort of financial gain. Using identity verification services that integrate this type of address verification into their process can detect spoofed, invalid, or inaccurate addresses.
- Code Postal
- Latitude, Longitude
Countries across the world have specific address formats. In addition to criminals, there could be just a data input issue (by the customer themselves in the situation where a form isn’t style appropriately for the corresponding country or by inexperienced identity verification services themselves) that results in low match rates and costs your organization in the long run.
Identity verification services, and their systems, need to have a dedicated, experienced, team that is able to actually apply the rigorous ‘first pass’ review process and understand red flags that may hint at a geolocation issue, a spoofed or synthetic identity fraud attempt or just plain manual error. These types of attempted incursions follow patterns and criminals have specific typologies (a term often used by the Federal Bureau of Investigation and law enforcement personnel).
Synthetic Identity Fraud vs. Legacy Fraud
Synthetic identity fraud differs from traditional identity theft because the perpetrator creates a new composite identity rather than stealing an existing one. When synthetic ID fraud occurs, fraudsters take different personally identifiable information (PII) from real identities and piece it together with fake information. Some or all the identity information is correct, but the combination of various data creates a usable identity that represents a fake person. In many cases, real Social Security numbers (SSN) are taken and attached to fake information, but it can be any combination of real and fake PII. It is the combination of all these different pieces of information that create synthetic identities that are used for fraud.
Why Synthetic Fraud is a Problem
Synthetic fraud is the fastest-growing form of identity theft according to the US Federal Trade Commission. They state that it is one of the hardest forms of identity theft for businesses to detect. An Equifax study found that losses associated with this fraud amounted to around $25 million a year for communications and energy companies. Other business sectors are facing around $800 million in costs associated with synthetic fraud.
Synthetic fraud is bad for companies because they are the ones who are affected by it. Unlike other types of fraud like identity theft, there is no real consumer victim. This means the responsibility of dealing with synthetic identity fraud falls on the institutions that provide services to synthetic identities. Businesses can lose significant revenue dealing with the repercussions associated with synthetic identity fraud. Synthetic ID fraud is associated with 5% of uncollected debt and 20% in credit losses. Plus, businesses can lose more money by receiving fines for violating Know Your Customer (KYC) or Anti-Money Laundering (AML) regulations.
That is not the worst of it though. Reports state that synthetic ID theft is growing at a rate of 18% each year. This means companies must rally together to find solutions that stop synthetic fraud from happening.
Identity Document Spoofing, Synthetic Ids And Tampering
Identity document validation is a challenging task as bad actors and criminals are becoming more ingenious and often fly under the radar due to the simple nature of this crime.
Methods typically used in tampering are:
- opening using heat, solvents, and tools
- adding a foil on top of the card with the impostor’s data
Identity Theft & Synthetic Identity Crimes in 2020
According to the Insurance Information Institute, “There were 4.8 million identity theft and fraud reports received by the FTC in 2020, up 45 percent from 3.3 million in 2019,” Major identity theft & synthetic Identity crimes are rising at an unparalleled rate.
“The Consumer Sentinel Network, maintained by the Federal Trade Commission (FTC), tracks consumer fraud and identity theft complaints that have been filed with federal, state and local law enforcement agencies and private organizations. There were 4.8 million identity theft and fraud reports received by the FTC.”(Insurance Information Institute)
- Tax fraud
- Business/personal loan
- Miscellaneous identity theft
- Credit card fraud—new accounts
- Government benefits applied for/received
Insurance & Identity Fraud Among Crimes NC Woman Faces
North Carolina Insurance Commissioner Mike Causey announced that Angela K. Whidbee, 33, of Greenville was arrested and charged with identity theft and insurance fraud, both felonies. Whidbee is accused of giving false information to authorities. Specifically including another person’s name, date of birth, address and driver’s license number to avoid legal consequences of an automobile crash. Unsophisticated crimes like these are just the tip of the iceberg and a major reason why identity verification services are so important.
Twenty-Two Charged in Connection with a More than $11-Million Paycheck Protection Program Fraud Scheme
More than twenty individuals have been arrested and charged with attempting to obtain approximately $11.1 million in Paycheck Protection Program (PPP) loans and to use those funds to purchase luxury vehicles, jewelry and other personal items.
The Paycheck Protection Program (PPP) and its purpose are defined pretty well by the Small Business Administration: “Paycheck Protection Program loans provide a direct incentive for small businesses to keep their workers on the payroll and to maintain their operations. PPP loans are eligible to be forgiven provided certain requirements are met.”
Legitimate uses of the PPP loan program include: Payroll, mortgage interest, rent/lease, and utilities. It is important to underscore that these uses somehow have escaped the minds of modern fraudsters and criminals.
Past fraud cases include fraudsters using fraudulently obtained funds to purchase:
- Luxury cars
- exotic vacations
- Mansions, upscale condos
Defendant Purchased Lamborghini with COVID-19 Relief Funds
Recently, a PPP fraudster decided to purchase a Lamborghini with his fraudulently obtained COVID-19 relief funds. A Florida man was sentenced to six years in prison for fraudulently obtaining more than $8.9 million in Paycheck Protection Program (PPP) loans and using the funds to purchase an exotic $318,000 Lamborghini car.
Thieves Stole More Than $1 Million In ‘Synthetic Identity Fraud Scheme, New York District Attorney Claims
A complex scheme involving pieces of fraudulent identities stitched together by thieves that garnered them a profit of $1 million dollars is being unraveled by police in New York. According to Newsday the scheme involved 13 people “including at least 10 Long Island residents, and three corporations are facing charges in a 108-count indictment involving what Suffolk District Attorney Timothy Sini on Wednesday dubbed a “a massive, nationwide synthetic identity fraud scheme.”
Utility data and stringent document verification can help thwart these types of stolen identity and ‘Frankenstein fraud’ schemes before they occur.
Document Verification Using Utility Data
User-permissioned utility data can provide the wealth of information that your organization needs to onboard faster. Identity verification services use this data to cross-reference during the document variation phase of onboarding.
Typical data used by identity verification providers includes:
- Utility bill data
- Monthly bill amounts (average or current)
- Monthly usage data
- Customer’s biological information
This type of cross-referencing during onboarding is an advanced form of identity verification and can:
- Prevent forgery
- Detect & deter fraud
- Allow you to verify more customers, faster
- Create a seamless user experience
IDMconnect: User-Permissioned Utility Data For Identity & Address Verification
The IDMconnect Data Platform connects to 2300+ utility and telecom providers across 40 countries.
- Fully Customized, ResTful API Gets You Connected To Utility Data Fast
- Real-Time Access
- 24/7 Technical Support
- Become KYC & AML Compliant
- AML Experts Always Available
100% household coverage for:
Headquartered in San Diego, California, IDMERIT provides an ecosystem of identity verification solutions designed to help its customers prevent fraud, meet regulatory compliance and deliver frictionless user experiences. The company is committed to the ongoing development and delivery of offerings that are more cost-effective and comprehensive than other solution providers. IDMERIT was funded by experts who have been sourcing data on personal and business identities across the globe for over a decade. This access to official and trusted data throughout the world has become increasingly important as companies find themselves completing transactions across borders as a standard course of business. www.idmerit.com