Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

12/9/2020
09:45 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

COVID Is Changing the Face of the Fraud Economy as Amateur Attacks Surge

SAN FRANCISCO & LONDON – DEC. 8, 2020 – Onfido, the global identity verification and authentication provider, is today launching its Identity Fraud Report 2020, which reveals that the risk of identity fraud has increased significantly with attacks occurring more frequently since the start of the pandemic. 

Over the past 12 months, the average identity document (ID) fraud rate increased by 41% over the previous year as first-time fraudsters appear to be more prevalent, likely due to increased economic hardships during the pandemic. The average ID fraud rate reached 5.8% - up from 4.1% the previous year (Oct 2018-2019). The increase is largely reflective of the significant spike in fraud since April 2020 when most of the world was entering the first phase of lockdown, as rates remained stable during the first few months of the year. 

Onfido partners with international criminal police organization INTERPOL on fraud techniques and learnings. The agency contributed to the report noting: “Identity document fraud can take different forms, and both false and genuine documents are used to perpetrate a variety of frauds. The fraudulent use of identity and travel documents therefore presents a threat to the security of countries and their citizens, the economy, and global commerce, and is often linked to organized crime, money laundering and terrorism. Onfido’s Fraud Index addresses specific topics and includes real-life statistics based on their work to uncover deception before it leads to criminal activity.”

Fraudulent activity peaked in July and August. But with large parts of Europe encountering a ‘second wave’ and re-entering lockdown, coupled with the spike in online activity for the holiday shopping season, Onfido predicts fraud rates will start to climb again in the last few months of the year. The explosion in ID fraud since the beginning of the pandemic has also given rise to a number of new trends for identity fraud:

  • Fraud is becoming the new ‘side hustle’ – Fraudulent activity tends to increase during crises as the three primary factors of fraud are intensified: opportunity, rationalization and pressure. This year, the proportion of unsophisticated fraud grew 23% year-over-year, from 57% in 2019’s Fraud Report to 70%. Given that the amount of sophisticated attacks stayed the same, at under 1%, this suggests that first-time fraudsters might be trying unsophisticated attacks as a new side hustle outside of their regular work to shield them from the economic downturn.
  • ID Fraud is no longer just a 9-5 job – In 2019, Onfido identified that many fraudsters treated it as a 9-5 job: attacks were higher on weekdays and dropped off over the weekends. This year, that has changed. Now, the suspected fraud rate is staying almost level over all seven days of the week. Professional fraudsters appear to be working overtime with the activity level at these times further bolstered by the growing ‘talent pool’ of non-professionals. 
  • Emerging trends in biometric fraud – In 2020, Onfido has identified a growing use of 2D and even 3D masks to attack both our selfie and video verification products. More troubling still, there has been an increase in replay attacks, where fraudsters attempt to circumvent cameras entirely and upload stolen videos or deep fakes. This was the first year Onfido saw deep fakes used; a tactic likely to quickly grow in popularity as they are cheaper to create than good 3D masks.
  • Suspicious behavior now harder to detect – Many legitimate individuals’ purchasing habits have dramatically changed as a result of the pandemic, which has rendered suspicious behavior even harder to spot. With so much volatility in the market, businesses across all industries need to be extra-vigilant and recalibrate their friendly friction threshold; the difficult balance between fraud risk and customer experience. 

Michael Van Gestel, Head of Global Document Fraud at Onfido, comments: “There is no question that Covid-19 has catalyzed massive growth in identity fraud attempts, with industries like financial services disproportionately affected. And with sensitive and personally identifiable information easily gleaned from social media and available for sale on the dark web, database checks are just not fit for purpose in this escalated fraud environment. Baking in more sophisticated identity verification methods, such as document and biometric authentication, will ensure that no matter how fraudsters try to capitalize on the changing situation, businesses can significantly lower the risk of fraud to their organization and customers.”  

Methodology

The Onfido team of document fraud specialists process millions of identity documents every year, helping over 1,500 clients detect fraud across 4,600 document types from 195 countries. The Identity Fraud Report shares the insights gained on the state of remote identity fraud over the past year, based on analysis of data collected from October 2019 - October 2020 and normalized by client and industry distribution.

Request a demo of Onfido’s award-winning Identity verification technology.

About Onfido

Onfido is setting the new standard for digital access. The company digitally proves a user’s real identity using AI, by verifying a photo ID and comparing it to the person’s facial biometrics. This means that businesses no longer need to compromise on customer experience, conversion, privacy or security. That’s how Onfido gives companies the assurance they need to onboard customers remotely and securely.

Recognized as a global leader in AI for identity verification and authentication, Onfido is backed by TPG Growth, Idinvest Partners, Crane Venture Partners, Salesforce Ventures, M12 - Microsoft’s venture fund, and others. Onfido has raised $200m in funding, and with approximately 400 team members across seven countries, is enabling digital access for some of the largest companies around the world.

www.onfido.com 

www.linkedin.com/company/onfido/ 

www.twitter.com/onfido 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...