Biometrics could be a fix for the growing headache of synthetic ID fraud
Biometric News & Events

BLOG

January 17, 2024

Biometrics could be a fix for the growing headache of synthetic ID fraud

Biometrics and digital ID firms are responding to a significant uptick in synthetic identity fraud, which uses generative AI and a combination of stolen and falsified information to create a potent attack vector. As the problem grows, more emphasis will fall on biometric liveness detection.

Socure reframes identity capture to address synthetic identity fraud

Socure has launched its new Sigma Fraud suite, which aims to tackle identity fraud by reframing digital identity as a holistic continuum of data rather than a single snapshot in time. A release says the Identity Fraud V4 system assesses personal identifiable information (PII) validated by thousands of real-time network and anomaly detection data sources, as well as digital and behavioral risk signals, for “instant and near 100 percent accurate identity fraud decisions in less than 150 milliseconds.”

Socure created the tool with a growing list of digital identity fraud threats in mind; it believes the sophistication of generative AI-based and synthetic identities demands an approach that takes into account the “rich historical context” of a consumer’s behavioral patterns across institutions, locations and time frames. This context is provided in large part by consortium data from the Socure Risk Insights Network, which incorporates data from nearly 2,000 entities including major banks and fintechs, gaming services, payment platforms, and payroll providers.

Promising close to perfect fraud capture with a less than 5 percent review rate, the upgraded fraud prevention suite beefs up ID verification with Entity Profiler, an algorithm that analyzes digital footprints and session intelligence as reflected in the recency, frequency, and context of historic transactions and behavior. Socure says the system can “confidently assert the identity of a consumer who has consistently utilized similar PII, IP geo-location, mobile devices, operating systems and browser languages over a span of multiple years and across varying institutions to create a unique and persistent device ID.” Another addition is Integrated Anomaly Detection, which scans for thousands of risk factors in real-time across company, industry, and financial networks to track unusual user behavior patterns – a useful defense against high-volume fraud attacks, tumbled emails and muling activity.

Johnny Ayers, founder and CEO of Socure, says it has spent more than a decade since building the most accurate machine learning fraud models in the industry. “Beyond extreme accuracy, the Sigma Fraud suite enables organizations to consolidate a patchwork of inaccurate, expensive and operationally burdensome identity verification solutions that haven’t kept pace with the innovation and attack surface afforded by GenAI tools,” says Ayers.

Synthetic ID fraud fastest growing financial crime in US

A single API call for a layered defense, Sigma Fraud bolsters security against third party identity fraud, account takeover, and – critically – synthetic fraud attacks. Synthetic identities mix stolen but genuine personal data with fabricated information. According to the Deloitte Center for Financial Services, synthetic identity fraud stands to generate at least $23 billion in losses in the U.S. by 2030. It is the fastest growing financial crime in the country.

A post on Socure’s blog explains how credit bureaus can contribute to the problem through insecure data ingestion processes, which prompt the production of more synthetic IDs. “A credit bureau’s data is limited to what it can receive from the financial system; if there are synthetic identities that appear legitimate, there’s not much they can do to find them until it’s too late,” the blog says. Education information, property records, and email histories are among the additional holistic data points that can be used to augment identity verification.

Socure reports eliminating over 200,000 synthetic identities in 2023, saving partners upwards of $3 billion in fraud losses.

Common for companies to approve synthetic IDs

A new white paper from Deduce and Wakefield Research delves deeper into the synthetic identity issue. Results based on a survey of 500 U.S. fraud and risk professionals with a minimum seniority of manager show that 50 percent report synthetic fraud prevention in their organization is only somewhat effective or worse. Perhaps even more shocking is that 87 percent of companies have extended credit to synthetic customers, with estimated losses potentially topping $100,000 “per incident.”

“Fraudsters are already becoming more inclined to nurture their accounts over a longer period of time for larger financial gain,” reads the report, ominously entitled “Financial Jeopardy: Companies Losing Fight Against Synthetic Fraud.” It names generative AI as a major threat, arguing that “companies can’t afford to continue to use legacy technology and techniques as they are largely proving ineffective at detecting the new breed of synthetic identities that demonstrate typical account activity such as obtaining high credit scores, paying bills online, or making online purchases. These accounts are looking more like those of legitimate customers with each passing day.”

Biometrics necessary in a zero-trust security environment

The report from Deloitte points to the biometrics industry as a potential fix. “Powerful biometric tools can provide additional layers of defense by evaluating whether users are human, testing the veracity of visual artifacts and manipulated recordings, and identifying anomalies that may be atypical of online consumer behavior,” it says, recommending that financial institutions expend more effort refining liveness detection checks. “Security systems for physical biometrics can compete with the growing sophistication of spoofers by adding elements like skin texture, facial imperfections, perspiration, and blood flow,” it says. “Physical and behavioral biometrics are becoming a more critical component of the zero-trust security model, which assumes all network traffic is malicious.”

lily
Posts made: 84

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts
You May Also Like