Guest Post: The Four Key Fraud Threats of 2024—And How to Fight Them

“Our internal data shows that every 100th user of a digital platform or service globally was a member of a fraud ring in 2023. These networks are located all over the world.” – Pavel Goldman-Kalaydin, Head of AI & ML at Sumsub

In the last five years, identity fraud has increased in volume and sophistication worldwide, putting more industries and users at risk. Businesses are trying to fight back, with verification solutions becoming a critical fraud defense. Now, with the rapid rollout of AI, comes a new challenge: ensuring trust and safety online when our most sensitive data—our faces, voices, and likenesses—can be counterfeited through deepfakes.

In this article, I’ll share Sumsub’s internal identity fraud data based on millions of identities verified in 2023. I’ll also discuss how to build proper verification flows that reflect the complexity and ubiquity of digital fraud.

Four Complex Fraud Schemes and Ways to Tackle Them

These identity fraud schemes are difficult to detect at the user onboarding stage, which is why post-KYC attacks make up over 70% of all registered fraud. Each one requires industry-specific defenses. Let’s dive deeper and look the enemy in the eye.

1. Account takeover. This type of identity fraud can take on many forms, occurring through social engineering, phishing, advanced malware attacks, and personal data breaches. In 2023, instances of account takeover increased by 155 percent. The result is always the same: the victim’s digital identity is compromised and their credentials are stolen.

To prevent account takeover, businesses must deploy advanced anti-fraud systems with real-time behavioral and location intelligence, detection of high-risk or unlikely transactions, multiple payment method checks, and facial biometrics (not only at the onboarding phase). Together, these measures will trigger immediate alerts to prevent account takeover.

2. Money muling. This involves transferring illegal funds through seemingly innocent people (“money mules”), using their legitimate bank accounts or crypto wallets. This form of money laundering increasingly involves young people (starting from age 12), immigrants, and other financially vulnerable persons.

The global scale of money muling is staggering. According to Europol, over 10,000 money mules and 474 of their recruiters were identified last year, leading to more than 1,000 arrests and €100 million in reported losses.

If customers are involved in money muling, the financial and reputational consequences for the business can be devastating. To avoid this, robust security measures and adherence to AML regulatory requirements are necessary.

Spotting money mules is complex—but with the right measures, you can get the job done. To do this, companies should consider behavioral anti-fraud solutions and automated transaction monitoring.

3. Fraud networks. Also known as fraud rings, fraud networks are groups of individuals—operating globally or in the same location—who jointly participate in fraud, such as multi-accounting, money laundering, personal data breaches, and more. Our internal data shows that every 100th user of a digital platform or service globally was a member of a fraud ring in 2023. These networks are located all over the world. In Bangladesh, for example, 10.2 percent of users verified by Sumsub last year were part of fraud networks. Other countries with a high percentage of users involved in fraud networks included Oman (7.2 percent), Thailand (6.6 percent), China (4.6 percent), Singapore (2.8 percent), and Portugal (1.3 percent).

To detect fraud networks, you need to analyze users and their transactions from multiple angles. This is expensive and almost impossible to do manually. Instead, businesses can use advanced fraud prevention techniques like AI-based transaction monitoring, device fingerprinting, and more.

Successful fraud network detection involves taking proactive steps before cybercrime occurs, including suspicious pattern detection, uncovering hidden connections between clients and entities, detecting anomalies, and, again, analyzing user behavior continuously at every stage of the lifecycle.

4. AI-driven fraud. Deepfakes are one of the most prominent examples. According to Sumsub’s research, there was a tenfold increase in the number of AI-generated deepfakes across all industries from 2022 to 2023, with crypto and fintech representing 96 percent of those cases. Our data suggests that North America and the Asia-Pacific had the largest increases in detected deepfakes, at 1,740 percent and 1,530 percent, respectively. In Europe, the growth rate was 780 percent, while Latin America and Middle East-Africa demonstrated relatively lower increases in deepfake cases, at 410 percent and 450 percent, respectively.

AI-powered fraud also includes forged document photos. As 404 Media recently reported, there are services that claim to generate fake IDs in minutes, costing as little as $15. The most disturbing thing is that these documents are difficult to detect even for robust verification providers.

The human eye can hardly spot AI-generated fraud. Therefore, the best way to detect it is by using AI-powered systems themselves. This enables companies to analyze vast amounts of data, including personal information and behavioral signals (i.e. login times). Plus, these algorithms can automatically indicate deepfake usage if certain red flags are raised—something the human eye is largely incapable of doing.

Overall, identity fraud is causing extensive harm to individuals and organizations, and we can’t just hope that it’ll go away on its own. For companies offering their products and services online, the safest strategy is to implement multi-layered solutions that combine rigorous KYC checks with ongoing monitoring of transactions and AI-based fraud prevention techniques. 

There’s obviously no single universal solution to combat sophisticated fraud. Multiple layers of fraud protection are required instead, which should continuously incorporate the latest tech. This includes deepfake detection, fraud network analysis, behavioral and transaction monitoring, etc. 

You also need to double-check if suspicious customer behavior is really a threat since there may be false positives. To address such cases, you can revert to normal KYC checks. 

Last but not least, companies should ensure their policies are up to date, with internal cybersecurity training and continuous AML compliance procedures. The cumulative cost of these measures, if implemented properly, will far exceed the potential losses incurred by advanced fraud schemes.

–

May 6, 2024 – by Pavel Goldman-Kalaydin, Head of AI & ML at Sumsub