Apr 23, 2021

Secret Crime Fighters, Episode 13

In today’s Not So Secret Crime Fighter episode we are kicking off a three part series in partnership with Onfido. We’ll be focussing on a series of identity fraud typologies, and helping you think through some controls that you might want to implement. Hopefully by the end of the series you’ll have a thorough understanding of how criminals may be targeting your identity verification controls, and how you can stop them.

This week we are looking at typologies that saw criminals using the same photos or the same personal information in the identity documents submitted. These highlight the importance of using an established identity verification provider, as well as having other important controls in place.

Same personal information, different faces

Criminals were discovered signing up for bank accounts using the same personal information (e.g. name, date of birth) in multiple ID documents, but with different photos.

This can be stopped by using an identity verification provider like Onfido, which can spot fake documentation. Another good control to implement here is an internal check for duplicate customers. When a customer signs up with the same name and date of birth, or the same name and address, a quick review of the photos on the two documents can help to avoid onboarding the same person multiple times. This review can be manual or automated, using one of the facial recognition software solutions available.

Same faces, different personal information

A slight adaptation of the above typology was seen when criminals were discovered in three different scenarios signing up for cryptocurrency exchanges or bank accounts with identity documentation showing the exact same faces, but with the personal information slightly altered.

The first scenario saw criminals signing up to a crypto exchange to claim a cash drop bonus using the same 5 faces across 1000+ Indonesian identity documents. The only differences were that the personal details (name, date of birth, document number) were slightly different on each.

The second scenario saw criminals signing up for accounts, also to claim cash drop bonuses, using Russian driving licences with the same face 300+ times a day for 2 weeks. This was a sophisticated attack using complex image manipulation of a template document, where the only difference between the licences was the slight alteration of personal information, usually changed by one or two characters each time.

The final scenario saw criminals attempting to open accounts with a crypto exchange to claim, you guessed it, cash drop bonuses, using Belgian driving licences with the same photo in each. Hundreds of attempts were made each day, and the only difference between the documents were the last couple of characters in the names being changed.

This typology, where the same face is used with slightly altered personal information, can be stopped by using an Identity Verification provider like Onfido, who checks for duplicate faces used at onboarding for each of their customers. Another good control to implement here is to keep a blocklist of faces connected to known fraudulent sign up attempts, and to use something like Amazon’s Rekognition to check for duplicate faces yourself.

Thanks for reading our latest Secret Crime Fighters newsletter. If you have an interesting typology that you’d like to share, we’d love to hear about it! Please email us at [email protected].

Recent Posts

Compliance Team Resources
Why Fintechs Need 24/7 Automated Compliance Testing
By
Natasha Vernier
.
November 26, 2024
Company News
Expanding Compliance Testing: New Modules for Reg E, Reg B, and Reg Z
By
Natasha Vernier
.
November 22, 2024

In today’s Not So Secret Crime Fighter episode we are kicking off a three part series in partnership with Onfido. We’ll be focussing on a series of identity fraud typologies, and helping you think through some controls that you might want to implement. Hopefully by the end of the series you’ll have a thorough understanding of how criminals may be targeting your identity verification controls, and how you can stop them.

This week we are looking at typologies that saw criminals using the same photos or the same personal information in the identity documents submitted. These highlight the importance of using an established identity verification provider, as well as having other important controls in place.

Same personal information, different faces

Criminals were discovered signing up for bank accounts using the same personal information (e.g. name, date of birth) in multiple ID documents, but with different photos.

This can be stopped by using an identity verification provider like Onfido, which can spot fake documentation. Another good control to implement here is an internal check for duplicate customers. When a customer signs up with the same name and date of birth, or the same name and address, a quick review of the photos on the two documents can help to avoid onboarding the same person multiple times. This review can be manual or automated, using one of the facial recognition software solutions available.

Same faces, different personal information

A slight adaptation of the above typology was seen when criminals were discovered in three different scenarios signing up for cryptocurrency exchanges or bank accounts with identity documentation showing the exact same faces, but with the personal information slightly altered.

The first scenario saw criminals signing up to a crypto exchange to claim a cash drop bonus using the same 5 faces across 1000+ Indonesian identity documents. The only differences were that the personal details (name, date of birth, document number) were slightly different on each.

The second scenario saw criminals signing up for accounts, also to claim cash drop bonuses, using Russian driving licences with the same face 300+ times a day for 2 weeks. This was a sophisticated attack using complex image manipulation of a template document, where the only difference between the licences was the slight alteration of personal information, usually changed by one or two characters each time.

The final scenario saw criminals attempting to open accounts with a crypto exchange to claim, you guessed it, cash drop bonuses, using Belgian driving licences with the same photo in each. Hundreds of attempts were made each day, and the only difference between the documents were the last couple of characters in the names being changed.

This typology, where the same face is used with slightly altered personal information, can be stopped by using an Identity Verification provider like Onfido, who checks for duplicate faces used at onboarding for each of their customers. Another good control to implement here is to keep a blocklist of faces connected to known fraudulent sign up attempts, and to use something like Amazon’s Rekognition to check for duplicate faces yourself.

Thanks for reading our latest Secret Crime Fighters newsletter. If you have an interesting typology that you’d like to share, we’d love to hear about it! Please email us at [email protected].

There’s more to read!

Resources