Socure's inaugural Document and Biometric
Identity Fraud Report reveals selfie spoofing attacks
target users 50+
INCLINE
VILLAGE, Nev., May 1, 2024
/PRNewswire/ -- Socure, the leading provider of artificial
intelligence for digital identity verification, sanction screening,
and fraud prevention, today released its inaugural
Document and Biometric Identity Fraud Report,
detailing the rampant use of fake government-issued IDs and the
techniques used to fool legacy document verification systems.
According to the data, document image-of-image was the most
prevalent identification (ID) document fraud technique
in 2023, occurring in 63% of all IDs that were rejected. This was
followed by tampered headshots (21%) and selfie spoofing (20%).
Document image-of-image occurs when the user takes a photograph
or uses a screenshot image of an ID, rather than providing a live
capture of the document. Document headshot tampering takes place
when a user purposefully manipulates facial imagery. And, selfie
spoofing entails taking a picture of an image on a computer screen,
printed on a piece of paper or even an actual headshot on a
different document – often carried out to steal identities or
fraudulently access systems.
The report assesses document verification-related account
openings across a variety of industries including online gaming,
marketplaces, lending, and credit cards. Document and biometric
verification - the process of verifying the authenticity of a
government-issued ID, including driver licenses and passports and
matching it to selfie - is a critical step for organizations
needing to verify a customer's age and identity when opening an
account. Common applications include verifying a driver license
when renting a car or confirming someone purchasing alcohol online
is 21 or older.
Fraud surrounding IDs has become pervasive,
accounting for 70% of all fraudulent verifications evaluated by
Socure's document verification solution. The other 30% of
fraudulent captures is biometric-related fraud,
including selfie spoofing and impersonations (15%) as well as a
mismatch between the headshot on the ID and the selfie (15%).
A concerning trend, selfie spoofing can be carried out quickly
and easily thanks to the availability of public social media
profiles – and unlike document image-of-image, it almost
always represents malicious intent. Fraudsters simply use images
posted by others online as the "selfie" to go with a recently
stolen ID acquired from other means.
"A perfect storm exists today in which the digital economy and
social media have provided exponentially more opportunity for
fraudsters to carry out identification document
fraud," said Eric
Levine, SVP, Head of Document Verification at Socure. "From
car rentals to liquor deliveries to accessing government benefits,
verifying identities has become an integral part of our economy and
it's crucial that we prevent deep fakes, fake IDs and stolen and
fabricated identities from entering the digital ecosystem. This
will require us to fight AI with AI using a multi-layered security
approach that combines document verification, biometrics analysis
and auxiliary signals to detect the most advanced ID
fraud attempts of today and tomorrow."
Additional key findings from the report include:
- Selfie-spoofers target seniors at nearly 4x the rate.
Nearly half (49%) of all selfie spoofing attacks are carried out on
users in the age 50 and above population. Older demographics
typically have greater assets—more to steal—and are often less tech
savvy, thus more susceptible to fraud.
- Cross-country ID-related fraud:
Idaho and New Hampshire rank as the top two states with
the highest verification rejection rates, indicating high document
fraud. The techniques seen most often were document
image-of-image and selfie-to-headshot mismatches.
- Geography matters—for your device. When the location of
a device used to create a new account and the state on their
submitted ID documents don't match, there is nearly twice the rate
of fraud. Florida,
Texas and Georgia were the top three state IDs with the
highest volume of out-of-state verifications.
Full data, analysis and insights from the Unmasking Document and
Biometric Identity Fraud: Exposing the Deceptions
Report can be found here.
To learn more about Socure's document verification solution,
visit Socure's website.
Methodology
Data & DocV core engine
Insights found in the report are derived from Socure's DocV core
engine's 2023 production data. The transactions found within
this data provided demographic information such as age, sex,
document state, and device state obtained from the associated
documents and device data. This information allowed for findings
related to specific fraud vectors, breakdowns of
fraud by available demographic groups, prevalent
fraud vectors in industry verticals such as online
gaming, marketplaces, lenders, credit card, and more.
Data manipulation
The dataset described above was amassed via a query to a Socure
database containing transaction metadata, with additional
manipulations such as estimating individuals' age via the
transaction date and document date of birth, grouping certain
reason codes to demarcate distinct risk vectors, and obtaining more
granular information on the risk level of a transaction (was the
transaction rejected due to presence of risk vectors indicating a
fraud attack, or due to the presence of vectors that
simply rendered an accept decision too risky?).
Analysis approach
Each percentage related to a type of fraud
technique represents the fraudulent transactions where the
technique is present, meaning that some may have more than one of
these techniques. Consequently, these numbers add up to more than
100%.
Analysis was exploratory in nature and as such was largely
iterative; first passes at the data showed high-level trends in
production traffic, such as transaction volume over time, overall
demographic composition, and overall fraud/risk signal
composition. Following from questions and corresponding hypotheses,
further iterations delved into specifics such as demographic
compositions of individual fraud vectors, transactions
with mismatched document and device states, or fraud
vector appearance rates over time in a particular industry
vertical. Included in this report are the visualizations that led
to and provided the most salient insight both for initial
hypotheses at the start of the report and for questions that arose
over the course of this process.
About Socure
Socure is the leading provider of digital identity verification
and fraud solutions. Its AI and predictive analytics
platform applies artificial intelligence and machine learning
techniques with trusted online and offline data intelligence to
verify identities in real-time. Socure is the only vertically
integrated identity verification and fraud prevention
platform with both IAL-2 and FedRAMP Moderate certifications,
delivering advanced levels of assurance and the highest standards
for security and compliance. The company has more than 2,300
customers across the financial services, government, gaming,
healthcare, telecom, and e-commerce industries, including four of
the five top banks, the top credit bureau and more than 400
fintechs. Organizations including Capital One, Citi, Chime, SoFi,
Green Dot, Varo, Ingo, Robinhood, Gusto, Public, Poshmark, Stash,
DraftKings, PrizePicks and the State of
California trust Socure for accurate and inclusive identity
verification and fraud prevention. Learn more at
socure.com.
View original content to download
multimedia:https://www.prnewswire.com/news-releases/report-photographed-ids-fake-images-and-selfie-spoofing-dominate-document-related-identity-fraud-302132671.html
SOURCE Socure