Tuesday, June 4, 2024
On June 3, 2024, AU10TIX released the Global Identity Fraud Report. How often do you research and report on ID fraud? What demographics do you reach, and what methodology do you use?
Market intelligence is critical in the identity verification industry, perhaps even more than any other sector because this particular market is highly and intensively impacted by the technological advancements of fraudsters. We monitor on an ongoing basis, but with our Serial Fraud Monitor (SFM), we take it a notch higher and issue quarterly reports.
Organized professional fraud is not marginal; it was just not previously visible. Our SFM system detects around a million professional organized (serial) attacks every year that are undetectable using the standard tools of the industry. The whole point in issuing these reports is awareness. Just because most don't see this fraud doesn't mean it doesn't exist.
The methodology used is actually really exciting. It's not just about the numbers; it's about the Know Your Enemy layer above it, back-engineering why they do what they do, when they do it, which industries they target, which modes they use, etc. We obviously go deeper, but making these quarterly reports open to the professional public is enough to help others better adapt to the challenges of today and tomorrow.
How have events so far this year impacted organized ID fraud activities?
If you have the capacity to detect and analyze professional fraud attacks, you'll see very clearly how they adapt to things like regulatory measures, advancements in AI-enhanced technologies, the volatility of potential target industries, and encountering defenses that can detect such attacks.
As a rule, professional fraudsters are encouraged to sting where the market is surging, where defenses are weak, and [where advanced tools are] not there to provide a second line of defense. For example, attacks against the crypto industry were heavily impacted by the recent bitcoin price drop and the introduction of Markets in Crypto-Assets (MiCa) regulations.
What new threats have arisen from emerging technologies?
The inability to be detected by humans, which is more of a problem than many think. Many solutions that are defined as "automated" are actually assisted by humans to achieve acceptable pass rates. Hybrid processing may occasionally produce high answer rates, but that's an illusion. Unless otherwise proven, humans can detect what their senses allow them, and human senses already show a tendency to favor deepfakes over the real thing. My advice, to quote Agent Smith from the movie The Matrix, is "Never let a human do a machine's job."
Are the new threats outpacing legitimate IDV solutions? If so, why?
Oh yes. In more than a decade and a half in identity verification, I cannot recall such a pace of fraudsters improving. This is almost a monthly paced evolution, where we see new tools and methods used, new initiatives that commercialize AI-enhanced fakes at all levels, and new attack profiles that show high responsiveness to detection attempts. We're at the dawn of Fast Moving AI Fraud.
Will we see a decrease in payments fraud as more providers align with banking industry KYC standards? If so, will fraudsters pivot to a different sector?
Right now, payments are the undeniable favorite of fraudsters. This is indicative of fraudsters' tendency to go for relatively easy wins. There are so many payment providers that would rather steer clear of decisions at this time that there's little reason for fraudsters to act differently.
If payment service providers decide to adopt strong IDV/KYC standards, that might tip the scales, but it will depend on exactly what they choose to do. Not all identity verification and KYC solutions are the same. In fact, there are significant differences in levels of automation and depth of detection between vendors. Those who choose double layered defense (case-level and traffic-level) will fare better, especially if they go forensic deep, and invest in broad coverage. Once fraudsters try them, they are likely to abandon these better protected players in favor of easier prey.
What types of strategies will be most effective for ID protection this year?
Double layered defense (case-level and traffic-level). As a rule, the more difficult you make it for fraudsters, the more they are likely to stay away. The better protected service providers may even advertise which solution is under their hood, using it as a deterrent. This is a specialized capability, so "do it yourself" is not a useful strategy.
Also, a capability-based-choice is increasingly proving to be a better bet than a cost-based-choice strategy. At this point in time, it is highly likely that uncommonly inexpensive solutions will not hold water, especially for cross-market or global players.
AU10TIX recently launched new KYB and Digital ID solutions. What challenges do they address, and how do they work?
KYB is definitely one of the stars at AU10TIX at this time. What used to look like a generic exercise with everybody doing the same thing turned out to be a very active domain—and for good reasons. In the broader market, KYB used to be a highly manual and expensive process, covering only certain parts of the actual business landscape. Where there's a gap, there's an opportunity. AU10TIX's new KYB offering addresses those gaps, meeting an insatiable demand for types of KYB that have never been well covered or heavily automated.
As for our Digital ID solutions, it's an emerging domain out there—a jungle in many ways. Interoperability is not really there, standards are abundant, and government resources often do not account for the fact that we have been in a global market for a couple of decades now. In this primordial soup of standards and levels of maturity, AU10TIX is very active in creating the Babel Fish (Check out Douglas Adams' The Hitchhiker's Guide to the Galaxy) of digital IDs—a single platform that can automatically handle all IDs, whether paper, plastic, or digital. Stay tuned! 
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
