Natasha Vernier
May 21, 2021

Secret Crime Fighters, Episode 15

This week we have our final episode in partnership with Onfido. Our Not So Secret Crime Fighter has helped us shed some light on a range of different identity fraud typologies, and hopefully you feel better equipped to control for them now than you did at the start of the series.

Impersonation Fraud

When applying for jobs, people are often asked for copies of their identity documents. In some places this is even a legal requirement, so it’s no surprise that criminals have abused this as an attack route.

When some victims were applying for jobs, they were asked for a copy of their ID documents and a selfie. Thinking that they had not been successful in the job application process, they thought nothing more of it until they noticed a trace, or soft check, on their credit files carried out by Onfido. After contacting Onfido, it became apparent that the “jobs” they had applied to were fake, and that they had unknowingly sent their ID and selfie to criminals. These criminals had then opened crypto accounts in the names of the victims to claim cash bonuses.

To stop this kind of fraudulent onboarding, fintechs and banks need to make sure that the selfies are not still images by taking control of the capture flow of ID documents and selfies. This can be done either by enforcing an SDK live capture or by building it in-house.

Google Image Fraud

If you Google “passport” or “driving licence” you can find a large number of photos of ID documents, some of which are fake, and some of which are real. Onfido has noticed that as the price of Bitcoin increases, so too does the number of fraudulent sign up attempts using documents sourced from Google to open crypto accounts.

These crypto accounts usually only require a document to be provided, so one recommended control is to also require a selfie (and to do the corresponding liveness check as explained above). Onfido also provides alerts that images may be compromised if they see an ID document provided to a customer that was found on Google.

Thanks for reading our latest Secret Crime Fighters newsletter. If you have an interesting typology that you’d like to share, we’d love to hear about it! Please email us at [email protected].

Recent Posts

Compliance Team Resources
Will AI + Automated Testing Eliminate the Third Line of Defense?
By
Natasha Vernier
.
October 28, 2024
Compliance Team Resources
Why Banks Must Embrace Automated Compliance Testing
By
Natasha Vernier
.
October 2, 2024

This week we have our final episode in partnership with Onfido. Our Not So Secret Crime Fighter has helped us shed some light on a range of different identity fraud typologies, and hopefully you feel better equipped to control for them now than you did at the start of the series.

Impersonation Fraud

When applying for jobs, people are often asked for copies of their identity documents. In some places this is even a legal requirement, so it’s no surprise that criminals have abused this as an attack route.

When some victims were applying for jobs, they were asked for a copy of their ID documents and a selfie. Thinking that they had not been successful in the job application process, they thought nothing more of it until they noticed a trace, or soft check, on their credit files carried out by Onfido. After contacting Onfido, it became apparent that the “jobs” they had applied to were fake, and that they had unknowingly sent their ID and selfie to criminals. These criminals had then opened crypto accounts in the names of the victims to claim cash bonuses.

To stop this kind of fraudulent onboarding, fintechs and banks need to make sure that the selfies are not still images by taking control of the capture flow of ID documents and selfies. This can be done either by enforcing an SDK live capture or by building it in-house.

Google Image Fraud

If you Google “passport” or “driving licence” you can find a large number of photos of ID documents, some of which are fake, and some of which are real. Onfido has noticed that as the price of Bitcoin increases, so too does the number of fraudulent sign up attempts using documents sourced from Google to open crypto accounts.

These crypto accounts usually only require a document to be provided, so one recommended control is to also require a selfie (and to do the corresponding liveness check as explained above). Onfido also provides alerts that images may be compromised if they see an ID document provided to a customer that was found on Google.

Thanks for reading our latest Secret Crime Fighters newsletter. If you have an interesting typology that you’d like to share, we’d love to hear about it! Please email us at [email protected].

There’s more to read!

Resources