Businesses warned as fraudsters use sophisticated techniques to hack security systems
Synthetic identity fraud is a developing technique where swindlers combine legitimate and fake information to create a new fake persona.
BY Online fraudsters are no longer targeting passwords and authentication codes to infiltrate their targets’ accounts. Instead, they are using data validation tools such as users’ ID numbers, biometrics and even photos such as selfies to fool security systems.
A study by online security firm, Smile Identity, shows that as technology advances and companies tighten their security systems, fraudsters are now adopting more sophisticated tricks to infiltrate user accounts.
The most common fraud attempt is using stolen IDs, where fraudsters try to sign up to a service using an ID number or document that is not their own. Since these IDs are genuine, they may pass a basic security check.
Fraudsters who have found ways to access ID authority databases pose an even greater threat. With this access, they are able to create seemingly legitimate identities. These identities will appear valid during a basic government database check even with face match.
“Of all the biometric fraud attempts caught in the first half of 2022, 48 percent were cases where an ID was valid but the face did not match the ID owner,” notes the report.
Selfie-spoofs have also been detected as among the new, sophisticated fraud attempts, where fraudsters try to forge the presence of an authentic user with a photo.
‘Cheapfakes’
Some examples of these photos, commonly referred to as ‘cheapfakes’, are photos of prints, photos uploaded from a device, and printed face masks, which became common at the onset of the pandemic.
“Occasionally, these are benign mistakes where the user didn't follow or understand the instructions and instead presented a photo from their device. The majority of the time, fraudsters obtain social media images or videos of the people they wish to impersonate,” noted the report.
Another developing technique used is the synthetic identity fraud, where fraudsters combine legitimate and fake information to create a new fake persona. Because some of the information is legitimate, it can be more difficult to catch the fraudster, and they can remain undetected for an extended period of time.
“Random face generators are an emerging type of synthetic fraud whereby fraudsters use widely available computer vision algorithms to create faces that look like real people but are entirely fictitious. Others are replacing existing user images or videos with others which look alike, and making it seem like the target did or said something that they, in fact, did not,” notes the report.
Fintech start-ups saw the highest rates of fraudulent attempts in 2022. After the pandemic, many of these start-ups cropped up to solve cash-flow problems, and for this, they received billions of shillings in investment. But as more transactions moved online, the sector became a ripe target for fraudsters.
This was followed by Buy Now Pay Later (BNPL) start-ups, as fraudsters tried to get away with more opportunistic crimes. Crypto start-ups, however, recorded the lowest levels of fraudulent attacks.
“Generally, fraudsters put in effort where the rewards are highest. A fraudster who beats the system just one time can make off with high value goods. In comparison to other industries, the value at risk may be a small referral fee that only becomes attractive to a fraudster if they can collect it over and over,” notes Smile Identity.
Reward existing clients
The report also highlights that businesses which run promotions to reward existing clients or attract new sign ups were vulnerable to a new kind of fraud known as ‘duplication fraud’. This is where fraudsters will sign up multiple times so that they can collect the rewards many times over.
Though a majority of the fraud attempts detected have been of low sophistication, including attempts to open an account with a stolen or invalid ID, the report notes that for the foreseeable future, as businesses adapt to the new virtual reality, more sophisticated types of fraud could emerge.
It therefore notes that passwords and verifying ID numbers alone will not be enough to catch fraudsters. Companies will need to adopt biometric face checks to ensure that only legitimate users are signing up for accounts or accessing services online.
“Biometric solutions are the way forward not only for security but also for user convenience. The rise of selfies in the mid 2010’s and the subsequent use of facial biometrics for device access has made consumers more familiar with facial recognition as a medium. Face verification is more secure and less error prone than manually entering passwords or text,” notes the report.
