Identity Fraud: How It Works and 4 Ways You Can Stop It.
What Is Identity Fraud?
Identity fraud is a crime in which attackers impersonate another person by obtaining personally identifiable information (PII), such as a social security number, credit card number, or driver's license number. This stolen information allows purchases of goods or services in the victim's name or gains unauthorized access to sensitive systems and data. In extreme cases, impostors could create the debt or commit crimes using the stolen identity, exposing the victim to financial loss or criminal penalties.
This is part of our series of articles about identity verification.
In this article:
- Identity Fraud Types
- How Do You Know If You're a Victim of Identity Fraud?
- 4 Ways to Prevent Fraud for Online Businesses
- Secure All Payments
- Address Chargeback Risks
- Prevent Fraud with Standard KYC Practices
- Use Document Verification Tools
Identity Fraud Types
Identity fraud begins when criminals access complete or partial identifying information. Occasionally access to this information is physical—copied or stolen documents. However, more commonly, this digital data is secured via malware, breaches, or social engineering.
Here are the three categories that most types of identity fraud come under:
- Account Takeover (ATO)—exploits an existing account. Once attackers get credentials to the account, the fraudulent individual can use all the funds for their personal use. The deceitful individual may continue their access after the initial takeover until the account owner or detection systems identify the fraudulent activity. They can also use the account to transfer funds from other schemes or compromised accounts.
- Identity theft—here, the fraudster uses the identity of the target rather than their existing accounts. The more information the fraudster has gathered from stolen data, the easier it is to impersonate a different individual. For example, they may have stolen public and social data. Using this data allows applying for credit cards, opening bank accounts, applying for loans, and creating new corporations. This activity may continue until a credit monitoring company notifies the target or apprehends the fraudster.
- Tax identity theft—involves fraudsters accessing your personal information, which they then use to file a tax return and receive a refund—or CST/HST refunds or rebates.
- Synthetic identity—fraudsters establish fake identities using real or fake information, or a combination of both. For example, an identity thief could use a genuine social security number with a name not connected to that number. Fraudsters could use the personal information of deceased people or children for synthetic identity theft, given that data is not verified very often.
Related content: Read our guide to identity fraud vs. identity theft (coming soon)
How Do You Know If You're a Victim of Identity Fraud?
The theft of personal information has significant consequences, so it is essential to know the signs you may have been a victim of identity theft. Early detection of identity fraud can minimize immediate harm and long-term consequences.
Here are some warning signs that your personal information was compromised.
- Fraud alerts from financial institutions—most banks put security protocols to identify a potential data breach. For example, if you live in the US and use your London credit card information when making a purchase, your bank might freeze the transaction and notify you of a potential credit card fraud attempt.
- Unexplained changes to credit score—if you notice your credit score changes, although there was no change to your financial activity, this could indicate identity fraud. An increase in your score could mean someone is manipulating the score to use your identity for credit card debt. A drop in your score can indicate that an attacker has applied for a loan in your name. You can get a free copy of your yearly credit report from the major credit institutions.
- Changes to financial accounts—check your bank statements every month (at least) and look for unfamiliar or unexpected transactions and withdrawals. Check for increases in your credit limit or the addition of a credit card account you did not apply for, which an attacker might have created in your name.
- Denial of an application for a loan or new credit card—if you applied for a credit card or loan and were declined, investigate the reason for rejection. If you think your credit is good, double-check your current credit history. Identity theft may damage your credit rating.
- A call from debt collectors—if a debt collector calls you about foreign debt, this is a strong sign that someone used your information to open a financial account or secure a line of credit. Do not disclose personal information over the phone. Go over your credit report to check for unfamiliar debt issues.
- You receive an unfamiliar email—if you receive an email intended for another person. Still, it comes to your email address; this could mean someone is using your address for personal gain. Be wary of receiving unfamiliar medical bills or W-2 forms from unknown companies.
- You experience tax returns—if you receive tax records you never requested, or the tax authorities refuse to file your tax return, this could indicate identity theft. Attackers who compromise an identity can use it to submit false tax returns to receive the funds. If you believe this has happened to you, contact the fraud division of your local tax service.
4 Ways to Prevent Fraud for Online Businesses
The following practices can help you minimize the risk of fraud in your know your customer (KYC) and anti-money laundering (AML) procedures.
Secure All Payments
Ensure that all payment methods you allow are secure. If you accept Paypal or other online payment methods, make sure you know any policies that might impact your business.
Research and apply the relevant security measures to prevent document fraud in your KYC verification process.
Address Chargeback Risks
Chargebacks are a significant challenge for online businesses. A chargeback is when a customer claims that payment is unauthorized. Banks and credit card companies have various chargeback policies, so you must know what these are to protect your organization.
Track all transactions to help prevent chargebacks and support your case against false claims. Tracking also provides evidence of adequate delivery of goods and services. The same measures you take to prevent chargebacks also help verify customer identity and avoid identity theft.
Prevent Fraud with Standard KYC Practices
Use these standard practices to implement secure online KYC and prevent document fraud:
- Use email and mobile phone verification (e.g., send a confirmation email or SMS, send an OTP).
- Verify customer details using public records.
- Validate documents with the institution that issues them.
- Ask customer-specific questions to confirm identity.
- Use video KYC processes.
Use Document Verification Tools
Verify the authenticity of documents using dedicated, third-party software. Outsourcing verification may be more affordable and save time. Some businesses verify documents manually, but you can also use automated software to verify documents such as certificates, IDs, and bank statements. These tools are considered secure enough for banks and FinTech companies.
BlueCheck KYC Identity Verification
BlueCheck helps financial institutions conduct KYC checks, including identity and age verification, to prevent identity fraud and meet regulatory requirements. Key features include:
- Multiple datasets to confirm information—a combination of proprietary and commercially available databases to verify the information. BlueCheck can increase the likelihood of a successful verification using this combination of resources, streamlining the onboarding process.
- Smart Database Navigation—BlueCheck can automatically verify most customers using smart database navigation. Queries move through the most accurate databases commercially available to ensure a match.
- Quick Implementation—Using our DirectAPI or CustomJS framework, BlueCheck Identity Verification can deploy quickly, saving your business time and money.
- Set How Users Are Verified—BlueCheck offers a host of verification methods giving users a choice and alternatives when identifying themselves. For example, allow for name & address, last 4 of SSN, or Photo ID verification.
- Encryption & Security Standards—BlueCheck utilizes multi-layer data encryption to ensure data is securely transmitted and stored, protect against malicious actors, and safeguard the verification process.
- Developer & API Documentation—thoroughly documented REST API available in addition to the verification plugin.