Original Article on Smile Identity Blog.
As technology advances, so do the techniques used by fraudsters. Passwords and authentication codes are becoming less popular as more providers shift to more secure biometrics solutions. Fraudsters, on the other hand, aren’t far behind, and they have a few tricks up their sleeves to fool security systems. During the pandemic in early 2020, we saw a shift toward remote onboarding, which, while faster, initially lacked the same checks as physical onboarding. Cybercriminals and fraudsters took advantage of this shift, bolstered by the perceived “anonymity of the online space.”
Depending on our clients’ activity, size, location, and industry, we see varying degrees of fraud attempts. According to our data, the following are some of the fraud attacks we have seen.
1. Stolen ID Information
We saw users try to sign up to services using ID numbers or documents that are not their own. In fact, 48% of all biometric fraud attempts we saw in the first half of 2022 were cases where the ID was valid but the user-submitted selfie did not match the ID owner.
Since these IDs are genuinely authentic, they may pass a basic KYC check. However, these fraud attacks are easily blocked by Smile Identity’s Biometric KYC. Comparing user-submitted selfies to an official ID photo or document reveals whether the person behind the screen is the ID owner.
Impact if successful – medium to high
2. Selfie Spoofs
A selfie spoof is when someone tries to forge the presence of an authentic user with a photo. Some examples of this are: photos of prints, photos from a device, and printed face masks. These are sometimes referred to as “cheapfakes”.
Occasionally, these are benign mistakes where the user didn’t follow or understand the instructions and instead presented a photo from their device. However, more often than not, it indicates that a fraudster is attempting to present themselves as someone else.
At Smile Identity, we perform motion liveness checks to ensure that the person behind the camera is the original user.
Impact if successful – High
3. Duplicate Accounts
Most businesses run promotions to reward existing clients or attract new sign ups. We have noticed that this makes them vulnerable to a new kind of fraud known as “duplication fraud”. Fraudsters will sign up multiple times so that they can collect the rewards many times over.
There are two common methods of duplication fraud:
Serial Submitters – These individuals will try to gain access by submitting the same ID information as many times as possible.
Database Infiltrators- These individuals have found ways to access ID authority databases and pose a much greater threat. With this access, they are able to create seemingly legitimate identities by registering multiple times with an ID authority. These identities will appear valid during a basic government database check even with a face match. This fraud can only be caught using biometric de-duplication.
Impact if successful – high
To get more insights on the kinds of fraud attacks we see and how to mitigate them, download our State of KYC report .