Socure's inaugural Document and Biometric Identity Fraud Report reveals selfie spoofing attacks target users 50+
INCLINE VILLAGE, Nev., May 1, 2024 /PRNewswire/ -- Socure, the leading provider of artificial intelligence for digital identity verification, sanction screening, and fraud prevention, today released its inaugural Document and Biometric Identity Fraud Report, detailing the rampant use of fake government-issued IDs and the techniques used to fool legacy document verification systems. According to the data, document image-of-image was the most prevalent identification (ID) document fraud technique in 2023, occurring in 63% of all IDs that were rejected. This was followed by tampered headshots (21%) and selfie spoofing (20%).
Document image-of-image occurs when the user takes a photograph or uses a screenshot image of an ID, rather than providing a live capture of the document. Document headshot tampering takes place when a user purposefully manipulates facial imagery. And, selfie spoofing entails taking a picture of an image on a computer screen, printed on a piece of paper or even an actual headshot on a different document – often carried out to steal identities or fraudulently access systems.
The report assesses document verification-related account openings across a variety of industries including online gaming, marketplaces, lending, and credit cards. Document and biometric verification - the process of verifying the authenticity of a government-issued ID, including driver licenses and passports and matching it to selfie - is a critical step for organizations needing to verify a customer's age and identity when opening an account. Common applications include verifying a driver license when renting a car or confirming someone purchasing alcohol online is 21 or older.
Fraud surrounding IDs has become pervasive, accounting for 70% of all fraudulent verifications evaluated by Socure's document verification solution. The other 30% of fraudulent captures is biometric-related fraud, including selfie spoofing and impersonations (15%) as well as a mismatch between the headshot on the ID and the selfie (15%).
A concerning trend, selfie spoofing can be carried out quickly and easily thanks to the availability of public social media profiles – and unlike document image-of-image, it almost always represents malicious intent. Fraudsters simply use images posted by others online as the "selfie" to go with a recently stolen ID acquired from other means.
"A perfect storm exists today in which the digital economy and social media have provided exponentially more opportunity for fraudsters to carry out identification document fraud," said Eric Levine, SVP, Head of Document Verification at Socure. "From car rentals to liquor deliveries to accessing government benefits, verifying identities has become an integral part of our economy and it's crucial that we prevent deep fakes, fake IDs and stolen and fabricated identities from entering the digital ecosystem. This will require us to fight AI with AI using a multi-layered security approach that combines document verification, biometrics analysis and auxiliary signals to detect the most advanced ID fraud attempts of today and tomorrow."
Additional key findings from the report include:
- Selfie-spoofers target seniors at nearly 4x the rate. Nearly half (49%) of all selfie spoofing attacks are carried out on users in the age 50 and above population. Older demographics typically have greater assets—more to steal—and are often less tech savvy, thus more susceptible to fraud.
- Cross-country ID-related fraud: Idaho and New Hampshire rank as the top two states with the highest verification rejection rates, indicating high document fraud. The techniques seen most often were document image-of-image and selfie-to-headshot mismatches.
- Geography matters—for your device. When the location of a device used to create a new account and the state on their submitted ID documents don't match, there is nearly twice the rate of fraud. Florida, Texas and Georgia were the top three state IDs with the highest volume of out-of-state verifications.
Full data, analysis and insights from the Unmasking Document and Biometric Identity Fraud: Exposing the Deceptions Report can be found here.
To learn more about Socure's document verification solution, visit Socure's website.
Methodology
Data & DocV core engine
Insights found in the report are derived from Socure's DocV core engine's 2023 production data. The transactions found within this data provided demographic information such as age, sex, document state, and device state obtained from the associated documents and device data. This information allowed for findings related to specific fraud vectors, breakdowns of fraud by available demographic groups, prevalent fraud vectors in industry verticals such as online gaming, marketplaces, lenders, credit card, and more.
Data manipulation
The dataset described above was amassed via a query to a Socure database containing transaction metadata, with additional manipulations such as estimating individuals' age via the transaction date and document date of birth, grouping certain reason codes to demarcate distinct risk vectors, and obtaining more granular information on the risk level of a transaction (was the transaction rejected due to presence of risk vectors indicating a fraud attack, or due to the presence of vectors that simply rendered an accept decision too risky?).
Analysis approach
Each percentage related to a type of fraud technique represents the fraudulent transactions where the technique is present, meaning that some may have more than one of these techniques. Consequently, these numbers add up to more than 100%.
Analysis was exploratory in nature and as such was largely iterative; first passes at the data showed high-level trends in production traffic, such as transaction volume over time, overall demographic composition, and overall fraud/risk signal composition. Following from questions and corresponding hypotheses, further iterations delved into specifics such as demographic compositions of individual fraud vectors, transactions with mismatched document and device states, or fraud vector appearance rates over time in a particular industry vertical. Included in this report are the visualizations that led to and provided the most salient insight both for initial hypotheses at the start of the report and for questions that arose over the course of this process.
About Socure
Socure is the leading provider of digital identity verification and fraud solutions. Its AI and predictive analytics platform applies artificial intelligence and machine learning techniques with trusted online and offline data intelligence to verify identities in real-time. Socure is the only vertically integrated identity verification and fraud prevention platform with both IAL-2 and FedRAMP Moderate certifications, delivering advanced levels of assurance and the highest standards for security and compliance. The company has more than 2,300 customers across the financial services, government, gaming, healthcare, telecom, and e-commerce industries, including four of the five top banks, the top credit bureau and more than 400 fintechs. Organizations including Capital One, Citi, Chime, SoFi, Green Dot, Varo, Ingo, Robinhood, Gusto, Public, Poshmark, Stash, DraftKings, PrizePicks and the State of California trust Socure for accurate and inclusive identity verification and fraud prevention. Learn more at socure.com.
SOURCE Socure
Share this article