Identity fraud is closer than you think

The year has barely begun and we already feel a little scared by the challenges of transacting online going by the latest episode of Carte Blanche on DSTV. If you missed the episode, one of the segments it featured focused on consumers who were victims of online fraud during the course of 2018 and explored some of the scenarios around how this fraud happened.

Last week, I posted my list of key trends for 2019, one of which was The Digital Identity Question Takes Centre and covers the need for next-generation identity verification technologies and models. The Carte Blanche segment showed exactly why I believe it’s so important for consumers and businesses to be aware of this technology trend and how they need to adequately secure personal information and consistently seek out ways to improve identity verification in the online transactions.

The episode pointed out that one of the major issues preventing victims from getting their case fairly appraised is the lack of clarity around who’s liable in online fraud cases. Many online banking terms and conditions shift the responsibility of not letting their accounts become compromised to the users themselves. In an age of major security breaches and sophisticated cybercrime syndicates, succumbing to fraud is no longer just a case of clicking on a poorly-written spoof email.

Complicating the issue is the way physical and digital identities overlap, and how criminals can take advantage. Online banking doesn’t just exist online - your digital identity isn’t confined to a username and password or PIN. Who you are as a person outside of the context of online banking - a person who visits a cell-phone shop and gets SIM swapped, posts a picture of a birthday celebration to their social media and reveals their birth date, or simply has their card spoofed at a point-of-sale is in as much risk as someone who opens Nigerian prince emails.

The Carte Blanche episode has highlighted something my industry has known for a while - online identity is encompassing more and more aspects of who we are and what we do outside of the digital realm - and vice versa. Staying safe means changing the way we think about cybersecurity, identity and personal information.

How consumers can stay safe

We all know the risks - it can take something as simple as a stolen wallet or a dodgy card machine to expose yourself to fraud. But there’s also a danger that doesn’t get highlighted as much yet has the potential to be far more damaging over the long term - of a criminal accessing personal information and using it for credit fraud. Unlike unusual card transactions, this can take a long time to discover - and by that time, your criminal alter-ego could have racked up major debt in your name and ruined your credit.

In a world where data is instrinsically part of everything we do, not being careful with your personal information can be just as damaging as telling everyone your PIN. Just as businesses can create compelling pictures of their customers using data analytics, criminals can also use the wealth of information that’s out there to create a convincing false digital identity.

Many victims of identity fraud point to the theft of ID documents as the reason that their identity was compromised. It’s why we at TransUnion recommend keeping ID and other documents used to open accounts – bills that act as proof of address, for example – safe and away from situations where they might fall into the wrong hands. Yes, even that A4 copy of your ID you left in the photocopier.

There’s also the risk of fraudsters actively phishing on channels you might not expect. Many victims are caught out by calls, SMSs and emails requesting personal information such as addresses, phone numbers and dates-of-birth. Criminals can even get valuable information from your social media – people posting a happy birthday message on your timeline or the name of your primary school. These pieces of information are combined across consumers to create a fictitious whole new identity known as synthetic ID’s.

It’s important to be aware for consumers to be aware of their own data – from what privacy settings they have on their social media accounts to which websites they shop on and sign up for. Fraudsters have been found to utilise information on social media to simulate passwords and gain access to accounts and online shopping sites. While this won’t completely eliminate risk – we live in a digital society, after all – it can go a long way towards minimising exposure to it.

Finally, there’s an overlooked way of spotting identity fraud as it happens, by signing up for credit alerts and frequently checking your credit report. This is the first place fraud tends to show up, and you can set alerts to notify you of any suspicious activity such as a credit enquiry or new account opening in your name.

The business imperative

For businesses who work with personal data every day, the reality of identity fraud is even more complicated. It’s no longer enough to send out an alert warning of potential scams or advising customers not to give out their passwords. Instead, organisations need to adopt a multi-layered approach that leverages current fraud prevention and digital verification strategies with a third layer of verification like a one-time-pin and two-factor authentication. The greater importance lies with the emergence of digital engagement channels that no longer provide the benefit of face-to-face validation available in a bank branch as an example. Digital to physical identity validation therefore becomes a requirement through real-time customer engagements on digital channels.

That’s just the start – it’s also critical to incorporate non-traditional verification techniques into your security strategies such as knowledge-based authentication, digital verification and document verification. As clever as identity thieves may be, their chances of discovery drastically go up with each data set.

At TransUnion, we’ve had great success using this approach in our IDVision solutions. Using traditional data coupled with trended data that shows how a consumer has performed over time, and combining it with deeper and broader forms of alternative data, we are able to build a clear, holistic digital identity that reduces the chances of spoofing.

As the boundaries between digital and physical behaviour, as well as public and private data, continue to blur, it’s essential that we evolve as well.

It’s time to take the curation of digital identities – whether our customers’ or our own – into our own hands.

About Lee Naik

Lee Naik was named one of LinkedIn's Top 10 Voices in Technology and is recognised as one of South Africa's leading digital and technology transformation experts. He is CEO of TransUnion Africa, where he leads a portfolio of businesses that help organisations make more informed decisions and consumers manage their personal information, leading to a higher quality of life.

Check out his Linked blogs and follow him on @naikl for his latest commentary.