Dangerous Hooded Hacker Breaks into Government Data Servers and Infects Their System with a Virus. His Hideout Place has Dark Atmosphere, Multiple Displays, Cables Everywhere.

Organized crime makes identity fraud more common than you think

Organized crime groups are exploiting gaps in detection technology to orchestrate financial fraud on a massive level simultaneously across multiple businesses and geographies. The result? Actual fraud rates are multiple times higher than reported, AU10TIX’s chief business development officer Ofer Friedman said.

Originally founded to provide identity intelligence technology for airports and border crossings, AU10TIX has evolved into a provider of digital identity services. Their client roster includes Google, PayPal, Coinbase, Uber, AirBnB and Payoneer.

Why fraud rates are far higher than reported

An oft-quoted stat is that fraud rates hover around 1%. That number is way lower than actual rates, Friedman said. On a broad level, it’s because current fraud detection methods focus on the individual case level. That’s great for catching independent criminals with limited capacity.

But it does little to detect large-scale fraud being conducted by organized crime. These groups are sophisticated outfits with the latest resources.

If that fraud is seldom detected, that means financial firms already have fraud inside their systems.

“They have no way of knowing it until it bites,” Friedman said. “They won’t admit it, but they have to pay the price of it.”

“The sentinel has to stay in the software. Each one knocking at the door is checked; if they pass you, they’re good. But if you’re doing this level of analysis, which is traffic-based analysis, the sentinel can turn around and look back because you have a database full of accounts and customers, which can be checked at the same level. And that’s how you surface all those Trojan horses who haven’t stung you yet.”

He added that organized fraud rings are likely great investors. They are among the first to recognize a trend (by attacking it). Criminals are proficient early technology adopters.

How organized crime beats standard fraud detection systems

Many individual fraud attempts are detectable to the naked eye. They use multiple fonts in different sizes. Pictures are of poor quality and misshapen.

It takes better technology to catch more sophisticated efforts. Sometimes, the red flag is where the ID was last touched. For example, an American driver’s license is traced back to North Korea.

Many cannot be detected on an individual basis. Armed with technology that can analyze and retain millions of examples, AU10TIX technology can detect minute similarities like a picture’s position, lighting and reflection.

“It’s not a simple cut and paste,” Friedman noted. “They might be producing them and then creating one which passes everything. Then they add those minute or not-minute changes like different face (or other) details. The number starts building up and up and up. 

“This is professional fraud. There is no system on the market today that will detect them because there’s nothing to suspect about them.”

The impressive reach of organized crime

Organized crime dips into cryptocurrency, gaming and banking simultaneously. They generate thousands of accounts. Sometimes they act quickly, while in others, they lie in wait. It all begins with the cloning of a perfect fake.

“They will start those attacks when a perfect fake is cloned in minute ways that are enough to pass all the checks, including the data check,” Friedman said. “Because everyone should do a KYC, the data would usually be taken from someone’s profiles. 

“You don’t have to go to any darknet to do that. It’s a waste of time. And when it’s so good, the only way to detect it is to follow the logic of how professional fraudsters or organized crime behave. And once you do, you should be worried.”

AU10TIX monitors fraud attempts by criminal groups. They can be assessed at global and national levels. Friedman shared an example where color codes constantly fluctuate, indicating that the percentage of different types of fraud attempts is ever-changing. One group ran 675 attacks in a day. Eighteen versions of an Afghan ID card were used by another, all undetectable by case-level technology.

Organized crime techniques vary by a region’s ability to detect them. In more developed countries, regulations and advanced technologies like live submission force fraudsters to deploy more impressive methods. With emerging options like deep fakes, detection methods must be constantly upgraded.

How to stop the fraudsters

Many solutions verify information. Sophisticated ones look past the data, assuming that scammers will use every conceivable combination (with no two IDs the same). They consider reflections and the fingerprints left by digital devices.

Organized crime uses sophisticated tools to engage in fraud on a massive scale
Organized crime uses sophisticated tools to engage in fraud on a massive scale. Image courtesy of AU10TIX

Friedman estimates the actual fraud rate is three to 10 times higher than generally accepted rates, depending on the country and time being assessed. In the past, physical fraud activities, beginning with buying identity documents on the street, were common in Latin America and Africa. In North America and Europe, more advanced methods are deployed.

But trends are constantly in flux.

“Now we are talking about attacks that require specific tools,” Friedman said. “There are the easy-to-catch fakes, which try to use AI and deep fakes. And we are catching them. But we are catching those trying to take advantage of cheap or inexpensive tools.

“Now those who are professionals, it doesn’t matter where they are because they’re well-equipped and well-funded. And they will respond based on two factors: which market verticals are high and which are less protected? They would obviously like to go through the front door rather than the window.”

It’s gonna get worse, especially in the EU

Criminal organizations are gearing up for the Fraud Olympics, coming to Europe in 2024. All EU member states must provide a digital identity wallet to anyone who asks. Guess who will be at the front of the queue?

“And they will apply using the means that now exist,” Friedman warned. “This is exactly what’s first needed to whitewash identities. Because the next time you apply and you are already in a wallet, who’s going to check if you are pre-verified already? 

“That’s the whole concept of verifiable credentials. So if you have any plans on becoming a fraudster, start practicing. You’re in a good time.”

Also read:

  • Tony Zerucha

    Tony is a long-time contributor in the fintech and alt-fi spaces. A two-time LendIt Journalist of the Year nominee and winner in 2018, Tony has written more than 2,000 original articles on the blockchain, peer-to-peer lending, crowdfunding, and emerging technologies over the past seven years. He has hosted panels at LendIt, the CfPA Summit, and DECENT's Unchained, a blockchain exposition in Hong Kong. Email Tony here.