IDnow 2019 Security Report: Social engineering tops the list of most common fraud attempts

Identity fraud in the digital world costs businesses billions. Fraudsters are resorting to increasingly creative methods that can only be defended against using the right technologies and processes. The list of most frequent fraud attempts is currently led by social engineering, which accounts for 73%, followed by the use of counterfeit (16%) or stolen ID cards (11%). These are the results of an analysis by IDnow (www.idnow.io), a leading provider of identity verification service solutions with over 250 clients including BNP Paribas, Commerzbank and UBS. In its 2019 Identity Fraud Report, IDnow presents up-to-date fraud cases from the first half of 2019 and explains how companies using digital business models can protect themselves from such scenarios.

Fraudsters have been using social engineering to persuade unsuspecting end users to open online accounts to exploit them for criminal activities for quite some time now. However, in 2019, the number of social engineering attempts increased in comparison to other fraud techniques. In most cases, fraudsters use fake job ads, app trial offers or cheap loans to lure their victims into a supposedly lucrative deal that requires them to open an account with an online bank. Contact is usually initiated using eBay classified ads (83%), job search engines such as Indeed (9%) and Jobmensa (2%) and networks such as Xing (2%).

Fraudsters use a pretext, such as a paid product test, to persuade their victims to open an account in their own name. Once the account is set up the fraudsters take control of it and use it to commit criminal offences. Usually, the victim doesn’t realize they have been deceived until this point. Nowadays, some fraudsters operate using sophisticated cover. This includes fake company email addresses, fake ads and even fully developed websites that mimic reputable businesses. Therefore, in 2019, it will become increasingly important to counter this trend with the help of advanced technology and specially trained identity specialists.

To prevent this type of identity fraud two defense strategies have proven to be particularly effective: The first is device binding, which ensures that the account can only be used with the device that was used to open it. As soon as the account is accessed from another device, the user is required to verify their identity once again. The second involves deploying particularly well-trained personnel who utilize psychological questions and detect inconsistencies during the video identification process to determine whether the new customer could be a potential social engineering victim.

This year, the quality of ID document copies has noticeably improved in identity fraud cases involving forged documents. Counterfeit identity cards (76%) are currently used three times more often than passports (24%). Fraudsters using this method are most active using ID documents from Austria (39%), the Czech Republic (24%) and Germany (20%). Organizations can protect themselves from these types of threats by relying on ident solutions that quickly and securely identify security features such as holograms / variable inks and use machine learning algorithms to continuously improve dynamic visual recognition. In unclear cases, a dual check should also be carried out.

In so-called similarity fraud, criminals use a genuine stolen ID card belonging to a person with similar facial features. However, this method’s overall share is declining as today’s specially trained experts and biometric systems are now able to detect this type of fraud much more effectively than was possible in the past. During the identification process, the user’s face is scanned and compared with their image on the ID document. If both images match across all key areas, it’s time to move on to the second step: the liveness detection test. The user is required to move their face in front of the camera based on certain guidelines to ensure that they are not simply a static shot or a photo, but a living person.

“To stay one step ahead of the latest fraud techniques, we need to be faster, better connected and more creative than the scammers themselves. To achieve this, we work alongside a large anti-fraud team that researches on Darknet, tests fake ads themselves and communicates with fraud victims to investigate the fraudsters’ strategies in detail. Furthermore, the team also arranges for the fraudsters’ websites to be taken offline and works in partnership with the police and state criminal police offices to arrest them. This is the basis on which we continuously adapt and improve our security processes,” says Armin Bauer, IDnow Co-founder and CTO. “In sensitive industries such as banking and insurance, when it comes to cyber fraud, every single case counts. That’s why, at the technical level, we rely on a hybrid model that optimally combines AI and human intelligence to protect customer data in the best possible way while simultaneously guaranteeing their security. This is an area we invest in heavily and it pays off: Our customers regularly inform us that the video identification procedure boasts the lowest fraud rates in comparison with other identification methods.”

The complete “How to Fight Identity Fraud in 2019” report containing all relevant information on fraud scenarios and suitable defense strategies can be found here.