Sumsub: Identity Fraud up 73%; how can Fintechs React?

In 2023, Sumsub’s Identity Fraud Report revealed that the rate of identity fraud cases in the fintech sector rose 73% between 2021 and 2023, from 0.67% to 1.16% – quite an uptick in such a short time. 

This begs the question: What can fintechs do now to quell the rapid threat of fraud just as quickly as fraudsters have upped their malicious activities in the sector? 

Fintech: Fighting the fraudsters

Following the release of its report, FinTech Magazine caught up with Inna Lyubashevskaya, Chief Customer Officer at Sumsub, who says to address the issue, fintechs “should look to engage partners equipped with comprehensive verification solutions that protect end-users at every stage of the compliance lifecycle, from client onboarding and AML screening to ongoing transaction monitoring and anti-fraud solutions”. 

Of course, partnering with an ID fraud verification provider is just the first step fintechs should take in combatting fraud; the landscape is ever-changing. Just as quickly as fraudsters are using the latest tech for malicious aims, fintechs and their partners must also leverage this for their defence strategies. 

“We urge businesses to be committed to helping foster a secure, accessible, and inclusive digital environment,” notes Lyubashevskaya. “This goes beyond mere rhetoric, but instead actively aiming to create a world where everyone, irrespective of age, location, or technical proficiency, can confidently access and utilise digital services, minimising the risk from malicious actors.”

Fintechs: The value of ID verification partnerships

Of course, as noted by Lyubashevskaya, partnering with a verification solutions specialist is an easy and efficient way for fintechs to scale up their consumer protection efforts immediately.

However, there are considerations for many financial institutions (FIs) before deciding whether a partnership is right for them. 

As Lyubashevskaya notes: “Organisations face a tough decision when considering whether to independently oversee identity verification processes or opt for outsourcing. 

“Legal obligations, particularly for FIs and regulated businesses, require a robust approach to customer due diligence (CDD), involving measures such as appointing a Money Laundering Reporting Officer (MLRO), staff training, risk assessment and screening for sanctioned individuals or Politically Exposed Persons (PEPs).”

Yet, while these factors may sway FIs and fintechs to favour developing in-house ID verification and cybersecurity solutions, there are common problems that can arise from this approach, as Lyubashevskaya explains. 

“Adopting an internal approach could include labour-intensive manual verifications, which can sometimes exceed 10 minutes per check,” she says.

“Moreover, the potential use of unsecured communication channels poses security risks, and the associated management costs and challenges, including recruiting and training professionals, demand substantial time and financial investments.

“Every business case is unique and requires thoughtful consideration about whether to handle identity verification internally or through outsourcing. While internal solutions have their merits, the compelling advantages of outsourcing, such as significant cost reductions and customisable options, often outweigh the benefits of an in-house approach.”

ID verification: Emerging technologies

Indeed, the job for bespoke ID verification providers like Sumsub is by no means straightforward. As fintechs onboard new technologies, these require new security measures alongside them. 

In particular, advancements in biometric technologies are reshaping the landscape of ID verification, and ID providers need to adopt new solutions to be able to offer the right security services.  

“At Sumsub, we’ve developed and implemented Liveness and facial recognition technology, to ensure the authentication of real individuals by verifying their presence and matching their facial features with trusted sources such as documents or databases,” notes Lyubashevskaya.

“Further capabilities such as non-document verification allow companies to onboard their users securely and nearly instantly, without asking them to upload or scan ID documents. By focusing on smoother user experiences, ID verification providers can ensure rapid authentication while acknowledging the importance of clear regulations to safeguard individual privacy.

“It’s important to have a balanced approach, recognising that potential technology threats often translate into real-life losses for both individuals and businesses. Striking the right balance between harnessing the benefits of technology and safeguarding individual privacy is crucial. If properly regulated and ethically implemented, biometric technology has the potential to significantly enhance digital security.”

Fintech: The biggest threat today

While it is important to protect for the safe implementation of future technologies, it is, of course, most pressing to deal with the issues of today – the biggest threat to fintechs being deepfakes. 

Data for 2023 revealed a 10x increase in the number of deepfakes detected globally across all industries, with crypto and fintech jointly constituting 96% of these cases.

Regional disparities further underscore the significance of this trend. Per Sumsub’s report, the UK experienced a 300% surge in deepfake incidents from 2022 to 2023, with North America seeing a 1740% surge, APAC at 1530%, Europe (including the UK) at 780%, MEA at 450% and Latin America at 410%. 

Further, the report identifies the top 5 identity fraud types in 2023, including AI-powered fraud, money-muling networks, fake IDs, account takeovers (ATOs), and forced verification.

Lyubashevskaya adds: “Despite attempts to enhance security protocols, there has been a continuous rise in ATOs. Based on our internal data, there was a 155% surge in global ATO incidents in 2023. 

“Another common fraud scheme is money muling. In this, seemingly innocent individuals, known as money mules, get roped in to transfer illegally obtained funds, hiding where the money actually comes from. 

“To stop such advanced tactics, which mainly target the fintech industry, companies need advanced anti-fraud systems, which involve constantly watching user behaviour and sending real-time alerts.

“ID cards remain the primary target for identity fraud, constituting nearly 75% of all fraudulent activities involving identity documents. Moreover, the report highlights online media as the industry experiencing the highest increase in identity fraud. 

“As businesses navigate these evolving threats, staying vigilant and adopting robust fraud prevention measures is imperative to ensure the integrity and security of the fintech ecosystem.”

Shifting identity fraud patterns 

What’s more, while deepfakes may be the dominant trend for fraudsters in leading markets, fraud patterns continue to change, with malicious actors now targeting businesses with customers past the KYC stage. 

 Lyubashevskaya notes: “Our internal stats showed that an alarming 70% of fraud activity occurs past the KYC stage, which was a clear indication for our business to adapt, as KYC checks during onboarding alone are no longer sufficient. 

“Consistent checks after onboarding are required, highlighting the need for platforms that consolidate KYC, KYB (Know-Your-Business) and Transaction Monitoring capabilities all in one place.

“AI-powered fraud techniques, such as deepfakes, are on the rise and recent industry commentary suggesting that generative AI developments could lead to KYC checks becoming ‘useless’. In securing the whole user lifecycle, businesses will not only manage fraud when it occurs but will also proactively prevent it.

“All industries working with customers remotely are vulnerable to synthetic fraud and deepfakes, and the human eye cannot easily detect these. 

“Therefore, it is crucial that businesses explore solutions that accurately detect deepfakes. Given the complex nature of fraud, we urge companies to embrace all-encompassing anti-fraud strategies. 

“These approaches should involve multi-layered methods, incorporating behavioural anti-fraud measures and transaction monitoring.

“Further, regulators must prioritise establishing a solid framework around AI. While the AI technology powering deepfakes can be used for innovative and creative purposes, it can also be employed for harmful intentions. 

“Finding the balance between both is what regulators, policymakers and businesses and stakeholders such as businesses need to work towards moving forward.”

Aligning business with AI regulations in 2024

2024 looks set to be there when tighter AI regulations are implemented across the industry, and while grappling with deepfakes and the rising tide of fraud, fintech companies must align their strategies to the latest rules. 

“While countries must converge on AI security standards, the engagement of various stakeholders is equally vital,”  Lyubashevskaya says. 

She concludes: “Governments and policymakers must collaborate closely with private businesses, acknowledging their frontline role in combating technically AI-related illicit activities, to establish a robust regulatory framework.

“Legislation around deepfakes is an evolving field. As we continue to develop as a regulatory framework, legal measures should criminalise malicious intent, the creation of deepfakes for fraudulent purposes, and the distribution of deceptive content, establishing rules that safeguard both privacy and security in the era of advancing artificial intelligence.

“To truly take a robust stance against fraud, there must be an ongoing dialogue between policymakers, leading tech firms responsible for the safety of millions of users, and smaller technology providers that truly understand the nuances of the threats we face. 

“We know that combating fraud in-house is far from easy, therefore many specialist anti-fraud firms play a pivotal role in providing transaction monitoring capabilities to identify suspicious activities.”

**************

Make sure you check out the latest edition of FinTech Magazine and also sign up to our global conference series – FinTech LIVE 2024. 

**************

FinTech Magazine is a BizClik brand.