Identity Fraud In the New, Post-Pandemic Digital World

When COVID-19 started, most of the world went into lockdown, but we still needed to transact with local and large businesses. This pushed many into the digital-age and catapulted the ones that were already there, to be the leaders.

The Association of Certified Fraud Examiners (ACFE), from a survey May 2021, in collaboration with Grant Thornton LLP showed that more than half the organizations polled uncovered more fraud than usual since the beginning of the pandemic. And 20% of those organizations detected a significant increase in fraud crimes.

These changes will not be temporary. As the world became used to doing things from our phone more, the demand for contactless payment and verifying identity grew. While the government is battling unemployment and PPP loan fraud, going over your protocol against identity fraud are more important than ever.

Social Engineering Schemes

Think of social engineering of like meeting a new person, that loves the same books, lives in your same neighborhood and enjoy the same activities. Once this person “connects,” trust is established and it becomes easier to collect other pieces of information. The fraud becomes individualistic and personalized in nature from the attacker. This is mostly done online through social media and chat forums.

What makes social engineering attacks, such as phishing and spear phishing, so dangerous for companies is that human error is much more difficult to identify, detect, and thwart than weaknesses in operating systems and software, which is how malware works.

User credentials (e.g., usernames, passwords, and PINs), personally identifiable information or PII (e.g., names, street addresses, and email addresses), and medical information (e.g., insurance claim, healthcare provider, and diagnosis/treatment information) top the list for the bits that fraudsters piece together for their attack. With just one piece of that information released, it can cause major headaches for the victim and businesses.

Identity Fraud

This one existed well before COVID-19 and continues to break records every year. This is when a fraudster impersonates someone that is not them. This is done to gain access to accounts. Once one account is compromised, the bad-actor can access many accounts for the takeover.

• Account takeover fraud — is a type of identity theft. The fraudster poses as a genuine customer to gain access to the account. The smart fraudster uses bots to automate the attempted access to accounts. This makes it even harder and more time consuming to respond to threats as a business. When fraudsters perform account takeovers, they usually attack personal, not corporate, accounts. However, account takeover fraud can cost companies money as well. For example, if the affected user disputes the fraudulent transactions, the business may be held liable.
• Synthetic Identity Fraud — it’s the fastest-growing crime in the country, estimated to cause $48 billion in annual online fraud losses by 2023. Synthetic fraud happens when someone combines a real piece of information (e.g., SSN) with fake Personally Identifiable Information (PII) (e.g., birthdates, addresses, or even a permutation on the spelling of the individual’s first or last name) to create a fake identity.
• Deepfakes — This is a headline in the news often lately. Using something as easy as an iPhone app, people can create near-perfect images of someone else’s head on another person’s body. This is being done all over social media for many popular celebrities, like Elon Musk for example.

How to stop the fraud

Now that we have covered all the acronyms and buzz-words, the question at the end is what can your business do to fight back?

1. Stay Educated — keep abreast of newest methods of attacks and hire a team that knows how to practice and have procedures in place to curb a cyberattack.
2. Identity your customers from the start — have the total picture, not just an address and name cuts it anymore. This includes identity verification that collects a document and verifies it with a live seflie. Companies like Aver, use artificial intelligence and image recognition to catch the fake-documents and bad-actors from the start.
3. Offer more — Advise customers to set up things like biometric access to devices and 2-Factor Authentication (2FA).