Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

12/9/2020
09:45 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

COVID Is Changing the Face of the Fraud Economy as Amateur Attacks Surge

SAN FRANCISCO & LONDON – DEC. 8, 2020 – Onfido, the global identity verification and authentication provider, is today launching its Identity Fraud Report 2020, which reveals that the risk of identity fraud has increased significantly with attacks occurring more frequently since the start of the pandemic. 

Over the past 12 months, the average identity document (ID) fraud rate increased by 41% over the previous year as first-time fraudsters appear to be more prevalent, likely due to increased economic hardships during the pandemic. The average ID fraud rate reached 5.8% - up from 4.1% the previous year (Oct 2018-2019). The increase is largely reflective of the significant spike in fraud since April 2020 when most of the world was entering the first phase of lockdown, as rates remained stable during the first few months of the year. 

Onfido partners with international criminal police organization INTERPOL on fraud techniques and learnings. The agency contributed to the report noting: “Identity document fraud can take different forms, and both false and genuine documents are used to perpetrate a variety of frauds. The fraudulent use of identity and travel documents therefore presents a threat to the security of countries and their citizens, the economy, and global commerce, and is often linked to organized crime, money laundering and terrorism. Onfido’s Fraud Index addresses specific topics and includes real-life statistics based on their work to uncover deception before it leads to criminal activity.”

Fraudulent activity peaked in July and August. But with large parts of Europe encountering a ‘second wave’ and re-entering lockdown, coupled with the spike in online activity for the holiday shopping season, Onfido predicts fraud rates will start to climb again in the last few months of the year. The explosion in ID fraud since the beginning of the pandemic has also given rise to a number of new trends for identity fraud:

  • Fraud is becoming the new ‘side hustle’ – Fraudulent activity tends to increase during crises as the three primary factors of fraud are intensified: opportunity, rationalization and pressure. This year, the proportion of unsophisticated fraud grew 23% year-over-year, from 57% in 2019’s Fraud Report to 70%. Given that the amount of sophisticated attacks stayed the same, at under 1%, this suggests that first-time fraudsters might be trying unsophisticated attacks as a new side hustle outside of their regular work to shield them from the economic downturn.
  • ID Fraud is no longer just a 9-5 job – In 2019, Onfido identified that many fraudsters treated it as a 9-5 job: attacks were higher on weekdays and dropped off over the weekends. This year, that has changed. Now, the suspected fraud rate is staying almost level over all seven days of the week. Professional fraudsters appear to be working overtime with the activity level at these times further bolstered by the growing ‘talent pool’ of non-professionals. 
  • Emerging trends in biometric fraud – In 2020, Onfido has identified a growing use of 2D and even 3D masks to attack both our selfie and video verification products. More troubling still, there has been an increase in replay attacks, where fraudsters attempt to circumvent cameras entirely and upload stolen videos or deep fakes. This was the first year Onfido saw deep fakes used; a tactic likely to quickly grow in popularity as they are cheaper to create than good 3D masks.
  • Suspicious behavior now harder to detect – Many legitimate individuals’ purchasing habits have dramatically changed as a result of the pandemic, which has rendered suspicious behavior even harder to spot. With so much volatility in the market, businesses across all industries need to be extra-vigilant and recalibrate their friendly friction threshold; the difficult balance between fraud risk and customer experience. 

Michael Van Gestel, Head of Global Document Fraud at Onfido, comments: “There is no question that Covid-19 has catalyzed massive growth in identity fraud attempts, with industries like financial services disproportionately affected. And with sensitive and personally identifiable information easily gleaned from social media and available for sale on the dark web, database checks are just not fit for purpose in this escalated fraud environment. Baking in more sophisticated identity verification methods, such as document and biometric authentication, will ensure that no matter how fraudsters try to capitalize on the changing situation, businesses can significantly lower the risk of fraud to their organization and customers.”  

Methodology

The Onfido team of document fraud specialists process millions of identity documents every year, helping over 1,500 clients detect fraud across 4,600 document types from 195 countries. The Identity Fraud Report shares the insights gained on the state of remote identity fraud over the past year, based on analysis of data collected from October 2019 - October 2020 and normalized by client and industry distribution.

Request a demo of Onfido’s award-winning Identity verification technology.

About Onfido

Onfido is setting the new standard for digital access. The company digitally proves a user’s real identity using AI, by verifying a photo ID and comparing it to the person’s facial biometrics. This means that businesses no longer need to compromise on customer experience, conversion, privacy or security. That’s how Onfido gives companies the assurance they need to onboard customers remotely and securely.

Recognized as a global leader in AI for identity verification and authentication, Onfido is backed by TPG Growth, Idinvest Partners, Crane Venture Partners, Salesforce Ventures, M12 - Microsoft’s venture fund, and others. Onfido has raised $200m in funding, and with approximately 400 team members across seven countries, is enabling digital access for some of the largest companies around the world.

www.onfido.com 

www.linkedin.com/company/onfido/ 

www.twitter.com/onfido 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21354
PUBLISHED: 2021-03-08
Pollbot is open source software which "frees its human masters from the toilsome task of polling for the state of things during the Firefox release process." In Pollbot before version 1.4.4 there is an open redirection vulnerability in the path of "https://pollbot.services.mozilla.com...
CVE-2021-21362
PUBLISHED: 2021-03-08
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-04T00-53-13Z it is possible to bypass a readOnly policy by creating a temporary 'mc share upload' URL. Everyone is impacted who uses ...
CVE-2020-4695
PUBLISHED: 2021-03-08
IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of confidentiality.
CVE-2020-4903
PUBLISHED: 2021-03-08
IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105.
CVE-2020-5014
PUBLISHED: 2021-03-08
IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247.