The Veriff Identity Fraud Report 2019

Starting with an overview of the current state of fraud in a growing digital economy, the following report will shed light on the causes and forms of online identity fraud today, and close with industry-specific recommendations on how to put a stop to it.

You can’t sweep identity fraud under the rug in 2019

Since the birth of the World Wide Web 30 years ago, it has become an inseparable aspect of day to day life. Within only a year, the number of users on the Internet increased by 9.1%, compared to a relatively small 1.1% increase in the total population.

Source: Data Reportal

Whether it is the sheer increase in the volume of online users, or that fraudsters are innovating at a faster rate than corporate security teams and anti-fraud technology, trust online is increasingly difficult to uphold. If you find this tough to swallow, take a look at the cost of identity fraud for people and businesses.

The consumer and business cost of online identity fraud

In 2018, a staggering $1.48 billion in losses resulting from online fraud complaints reported to the Internet Crime Complaint Center. That’s a 28% increase compared to their 2017 numbers. Businesses aren’t safe either. A 2018 survey published by EY revealed that 33% of surveyed business leaders saw fraud and corruption as one of their greatest risks.

Fintech companies and banks usually come to mind when you think about fraud, but other industries are just susceptible albeit in different ways. According to a study by ThreatMatrix, the fraudulent new-account trend makes global e-commerce transactions ten times riskier than they used to be. 

Adding to that, our data gathered from millions of verifications a year detect that as much as 5% of all attempted verifications are fraudulent, with some industries like cryptocurrency and blocktech seeing rates as high 24.6%. 

The many manifestations of online identity fraud

While identity fraud has a severe impact on private individuals and businesses, it also trickles into political and social issues. Without proper identity verification practices in place, corruption, social manipulation, and a pervasive sense of doubt become serious problems in the modern world. 

1. The fake review problem

In 2013, the European Commission found as much as 16% of online reviews were fake. A more recent study by the Washington Post in 2018 estimated 57.8% of reviews for selected products were suspicious.

Rather than bots, which are easy to detect, most fraudulent reviews are a result of multi-accounting. Entirely preventable with the right identity verification process in place, review fraud is particularly disturbing when noting that 84% of people trust online reviews as much as they trust their friends.

2. Political polarization and distrust in media

Trust in online reviews is just the tip of the iceberg. The increasing polarization in today’s social and political spheres is undeniable, and the rise in online adoption has also contributed to the volume of misinformative media channels and accounts online. 

According to the 2019 Digital News Report, almost a third of surveyed participants claimed that they actively avoided the news. Moreover, trust in social media platforms like Facebook and YouTube is also flailing, both as a result of hate speech, fake accounts, and compromised user privacy as seen in the Cambridge Analytica Scandal.

3. Online fraudsters are moving fast

What were once best practices for online safety have become easy to hack by even the most amateur fraudsters. Research by Amnesty International found that hackers were easily capable of breaking into thousands of Yahoo and Gmail accounts stealing personal information, even those with 2FA enabled. 

Other forms of account takeover fraud are also making use of artificial intelligence, and in March 2019 the chief executive of a UK-based subsidiary was impersonated by an AI-based voice manipulation software. The attack resulted in a fraudulent transfer of $243,000, as well as concerns regarding the rise of innovation on the wrong side of the fight against identity fraud. 

The future of fraud prevention will ultimately rely on advances in machine learning and AI-based solutions that are capable of countering such attacks, especially as they increase in volume.

The role of identity verification in fighting fraud

Combating identity fraud and the many facets of its damage calls for changes in the current approach to user verification online. With the rise of internet adoption, fraud innovation and a growing reliance on online reviews and digital media are inevitable.

We expect to see more verification checks in online services like marketplaces and social media platforms, as well as a couple of other trends that will make more effective identity verification essential in 2020.

Trend #1 - Tighter regulations for fintech companies

The Fintech industry is already on its way as far as regulatory pressure for higher security goes.  On September 14, 2019, the European Union PSD2 directive went into effect, forcing all financial institutions to implement Strong Customer Authentication (SCA) practices. 

The authentication options include a one-time passcode, push notification, and a login or transaction supported by public-key cryptography. And even with these SCA practices in place, our data shows that there is still room for fraud to take place, particularly when it comes to two-factor authentication methods. 

Trend #2 - The need for more secure user authentication

It is expected that companies across all sectors will search for a more secure form of login that does not solely rely on the increasingly vulnerable device authentication. Identity verification software like Veriff will offer much-needed security across a range of services, offering a secure alternative that does not cost companies conversions.

Overview of identity fraud by industry

Veriff is used to connect companies with honest customers. Millions of data points collected between January and July 2019 via Veriff’s end-user flow pinpoint the core causes of online identity fraud. However, different industries have varying levels of risk depending on the markets they serve, the nature of the product, and the incentive to commit fraud.

Here are the most common categories of fraud across all industries investigated:

• Confirmed Fraud: The document is false, the session is not live, device or document security is compromised, or any other case where fraud is easily confirmed.
• Suspicious Behaviour: In our video feed, the user appears to be coerced, under the influence, or other actions suggest access from different locations and devices simultaneously that may be the result of farming, scamming, or other forms of fraud.
• Attempted Impersonation: The person’s face doesn’t match the photo in the shown id during verification.
• Document Tampering: The selected document looks modified or damaged in a way that suggests tampering.
• Velocity Abuse: The same user verifies themselves multiple times after previously being approved their credit cards.

If you have been a victim of a scam, fraud or cybercrime, please contact your local police fraud department as soon as possible and create a identity theft report. It is also recommended that you report the instance of a scam, fraud or cybercrime, whether you are a victim or not, to the CAFC. Remember: It's the role of your local police to investigate.

Freeze or lift the freeze on your free credit report by contacting each of the three major credit reporting agencies:

• Equifax
• Experian
• TransUnion

State and federal laws determine the criminal penalties for fraud.

If you think your Social Security number has been stolen, report it immediately to prevent financial fraud or identity theft.

When you’ve been a victim of identity theft, it’s tough to know what to do first. One of the phrases you may have heard when it comes to identity theft is a fraud alert. But do you know what fraud alerts do, what types are available or how fraud alerts work?

A fraud alert is a notice that is placed on your credit report that alerts credit card and bank companies and others who may extend your credit that you may have been a victim of fraud, including identity theft. Think of it as a “red flag” to potential lenders and creditors.

Consumer rights can also be protected by

The Federal Trade Commission is an independent agency of the United States government whose principal mission is the enforcement of civil antitrust law and the promotion of consumer protection. The FTC shares jurisdiction over federal civil antitrust law enforcement with the Department of Justice Antitrust Division.

Identity fraud in the fintech industry

When it comes to financial institutions such as peer-to-peer lending marketplaces and banking applications, the most prevalent form of fraud falls under the umbrella of suspicious behavior. 

Suspicious behavior encompasses a range of actions monitored via live video feed that suggest the user is unaware of what is occurring or that the person being verified is not even physically completing the verification process.

Common identity fraud cases in fintech

The most common form of suspicious behavior observed by is when customers appear to be guided through the process, unaware of what the verification taking place is for. This suggests coercion, alongside other common cases where a third party is holding the ID in front of the end-user, who is simultaneously being guided over the phone or via remote desktop software. 

Other, less common cases of confirmed fraud include falsified documents, photos that are either printed out or not taken during the live session, slideshows used in the video feed, or previously detected fraud activity. Document tampering is also seen in the form of spotted irregularities in IDs and attempted impersonation as the verification process is attempted with another person’s ID.

Recommendations for fintech companies fighting fraud

With the majority of fraud cases identified through live video activity, the fintech industry must be particularly vigilant when it comes to preventing identity fraud. 

Account takeover fraud, in particular, is a high risk, and less secure methods such as a one-time passcode do not adequately prevent cases of coerced or suspicious logins. In short, the SCA practices enforced by the European Union PSD2 directive do not cut it.

Identity fraud in the gaming industry

Like the Fintech Industry, the most common form of identity fraud seen in our clients in the gaming industry result from suspicious behavior observed in live video feeds during the verification process. 

However, our gaming industry clients, consisting primarily of esports platforms, see nearly six times more cases of suspicious behavior, which is possibly a result of the appeal of competitive esports to underage audiences. 

Common identity fraud cases in gaming

Our Gaming clients experience suspicious behavior in 7.69% of all verifications, although not exactly in the same way as fintech clients. In addition to appearing unaware of what the verification process is for, and being guided by a third party, gaming clients also see cases where a third person is submitting a session while the customer is entirely unaware of the process. 

Other industry-specific cases include attempted personation, with minors using their parents’ identification documents as the most common. Document tampering is also seen although not quite as much, and the least common form of identity fraud comes in the form of photos shown from another device which do not belong to the person completing the session.

Recommendations for gaming companies fighting fraud

The competitive gaming industry is booming, with esports in particular set to hit $1.1 billion in revenues in 2019. As the number of investments and interest grows, so will the incentive for identity fraud, both for the sake of accessing high-earning accounts and to bypass age restrictions. Staying vigilant as demand increases will be the key to managing higher volumes of users and fraud. If you review your credit report and find an error or unknown accounts, start by contacting the credit bureau that supplied the report.

Identity fraud in the mobility industry

The mobility industry has some of the lowest identity fraud rates, with suspicious behavior and confirmed fraud nearly neck to neck as the top causes. The mobility sector is relatively new and developing fast, which may explain the significantly lower prevalence of identity fraud in comparison to established industries with higher levels of risk.

Common identity fraud cases in mobility 

Of all forms of suspicious behavior, the most common was the customer being guided through the process while seemingly unaware of what the verification was for. 

Confirmed fraud was often in the form of verification being performed from a compromised device or ID theft - using an ID that was previously flagged for fraudulent activity. There were also cases where the photos shown during verification were from another device and did not belong to the person submitting the session.

Recommendations for mobility companies fighting fraud

As the mobility sector continues to shift focus away from production and moves towards more service-based business models, account security and anti-fraud practices will become increasingly important. 

Continuously monitoring fraud cases and adapting security measures accordingly will play a huge role in maintaining these low rates in an industry that is growing fast. 

Identity fraud in the crypto industry

Cryptocurrency and blockchain services experience the highest rates of fraud. The most likely cause for this is the nature of promotional activity in the sector, which usually involves “airdrops” or free money campaigns that give fraudsters a high incentive to cheat the system. This is why velocity abuse is seven times more likely to happen than suspicious behavior.

Common identity fraud cases in crypto

The most common form of velocity abuse is when a customer is attempting to verify their identity multiple times after being previously approved. This can be done with the same identification document or with different customers using the same device.

Our crypto industry clients also see forms of suspicious behavior unique to the sector, such as users appearing under the influence and sessions accessible from more than one country and device, suggesting scamming. 

Farming is also uniquely prevalent, where the same user repeatedly submits sessions of other people in the same settings, usually with the portrait pictures taken by someone else. Known fraud in the form of printed photos is also common, as well as slideshows in the video. 

Recommendations for crypto companies fighting fraud

Because cryptocurrency is built on the principles of anonymity and decentralization, introducing identity-based security measures might be faced with high resistance. However, Know Your Customer (KYC) compliance laws will soon apply to many forms of cryptocurrency services, particularly exchanges and wallet services that include the use of fiat currencies. 

With the regulatory environment gaining momentum, it is recommended that cryptocurrency and blocktech companies implement identity verification as soon as possible to minimize the friction that will occur as a result of the bank account transition.

Keep your eyes on our blog and social channels for more news in how to verify your identity safely and fraud prevention tips.