Organisations getting better at spotting identity fraud
The barriers to committing identity fraud are tumbling down, but organisations are proving that thanks to adoption of more advanced monitoring tools and software, assistance from artificial intelligence (AI) and automation, and improved links with external and third-party databases, they are more than capable of addressing the problem.
This is according to a newly published report on identity fraud produced by sector specialist Yoti, which is intended to be the first in an ongoing annual series.
In the report, Yoti explored how fraudsters continue to explore different tactics in search of a pay-off, including the use of deepfakes and tampered with documents, and how the quality of such documents, particularly fake national IDs and driving licences that can now be generated by AI, have become incredibly sophisticated and convincing, as well as cheap – they can be procured in some instances for about £12.
“We are pleased to publish the first edition of our identity fraud report, which explores the fraud trends we’ve seen over the past 24 months. We delve into why we believe a layered approach to fraud detection provides the best results – using a combination of technology and a team of verification experts to keep businesses and people safe,” wrote the report’s authors, Yoti global operations manager and fraud expert Mick Larkin, and fraud team lead Mykola Voloshyn.
“As an identity provider, we have a unique insight into the techniques fraudsters are using. We can see where they are focusing their efforts and how these are changing over time. We continue to develop our tools to ensure we stay at the forefront of detecting and preventing fraud.”
Is fraud increasing? It’s hard to tell
Organisations may be improving their ability to detect fraud and thus, higher volumes are being detected and notified, but in reality, this does not mean that fraud is necessarily going up or down, and it is a challenge to understand the true scale of what is going on.
Nevertheless, because low-level fraud is more easily accessible to more people now, it is likely that volumes are increasing as fraudsters take advantage of the low hanging fruit.
And as noted, advances in technology are definitely making it easier to produce convincing fake documents – although some jurisdictions are more at risk of this than others – according to Yoti’s data, the most fraudulent drivers’ licences seen in the past two years come from Sri Lanka, Thailand, Portugal, Lithuania and Nigeria, whereas more fraudulent national IDs appear to originate from Cyprus, Poland, Indonesia and Slovenia.
Optimal approach
There are a number of approaches to detecting identity fraud that together add up to a coherent, optimal strategy to ensure an organisation’s service users are who they claim to be.
The first step is to conduct standard document authenticity checks, ensuring that the material presented is indeed a government-issued ID, that it is valid, in date, has not been fiddled with or faked, and is not previously been reported as lost or stolen. The ability to detect fraudulent documents at this stage is important as it can help weed out the more crude attempts and prevent more fraud further down the chain.
Face matching is becoming more important, and Yoti uses a proprietary liveness technology, called MyFace, to verify that photos presented are of a real person and not a fake being used in what is known as a presentation attack. These attacks take several forms, some more advanced than others, and can include the use of paper images, masks, video imagery, or deepfakes.
Face matching is distinct from facial recognition in that at no stage does the technology recognise the identity of the person or check against other databases, it merely serves to stop presentation attacks. This can be done from a single selfie with no additional action required from the user. Yoti said that customers using MyFace have found that their users do not in general object to the process.
Fraudsters are, of course, attempting to bypass such systems all the time, so additional measures may also be needed. Yoti’s technology includes a second proprietary solution, Secure Image Capture or SICAP, designed to detect more sophisticated injection attacks using manipulated images or AI-generated content.
The use of live human verification experts, include people skilled in face matching, known as super recognisers – a documented phenomena – to step in where potential users have failed automated tests for some reason, is also recommended. Yoti itself maintains a team of such individuals trained in these skills, including the ability to spot morphed images, where photos of two individuals have been blended into a third.
Businesses may also wish to consider adopting some form of digital ID support. Such forms of ID have several benefits and real-world testing has found them to be highly effective in some cases. Among other things, they can cut down on the amount of personal data that a user needs to share – for example to pass an age check a digital ID can verify for the organisation that the user is over the required age so that they don’t need to share their entire date of birth.
Their use also means that people – particularly younger-looking people who may be more frequently challenged – do not need to carry around their driver’s licence or passport and risk having them stolen.
“Businesses have to deal with and be prepared for different types of fraud. Fraudsters are constantly evolving and using different tactics and approaches, including deepfakes, fake documents, impersonation attempts and account takeovers,” the report’s authors said.
“As fraudsters continue to innovate and evolve, we continue to develop our tools to ensure we stay at the forefront of detecting and preventing fraud. With a combination of leading AI technology and a highly skilled team of verification and fraud experts, we can help businesses and people to stay safe in an increasingly digital world.”
For any collaboration, feel free to email us at support@ichibanelectronic.com. Thanks
Source link