Identity fraudsters are getting better and better at what they do
Socure, a provider of predictive analytics for digital identity verification, found that fraudsters have virtually eliminated reliable indicators for detecting fake identities online. Data gathered from Socure customer transactions by Aida, the company’s identity verification robot, reveals that when considering common signs of fraud the difference between authentic and fake identities is nuanced at best.
“After processing billions of data points, we confirmed that consumers and fraudsters are far more alike than different when it comes to digital identities,” said Sunil Madhu, Chief Strategy Officer for Socure. “While differences in fraudster behavior certainly remain, they have become subtle enough that relying on a handful of variables is no longer sufficient; the complex relationships between multiple variables must be analyzed to get an accurate result.”
Data used in the report is based on actual fraud attempts detected across the company’s client base. The determination of all fraudulent and valid accounts were confirmed by Socure’s clients. The study assessed hundreds of indicators of fraud to determine how reliable they are for detecting fake identities. Following are eight of the most interesting indicators:
Mobile – When a phone number is required, two thirds of the numbers provided by legitimate applicants were registered with a Top 4 Carrier (67%), while just over half of fraudsters (52%) did so. This is most likely due to fraudsters’ propensity for using so-called “burner” (pre-paid) phones and/or SIM cards to keep expenses down.
Names – Fraudsters typically use the most common male names, like John, James, David, or Michael, etc.
Social media accounts – Approximately 80% of fraudulent identities have no associated social media accounts. Although this would seemingly have a high correlation with fraud, some legitimate applications also have no social media presence. These legitimate applications, however, have other strong indicators that predict an identity is true.
Device location – Most fake IDs use IP addresses that are inconsistent with their actual location.
Age – Unless required, fraudsters rarely provide an age. When required, they typically choose the 25 to 45 range.
Address – Like IP addresses, fraudsters use inconsistent information, like an incorrect zip code or house number. Meanwhile, the name and address submitted with fake IDs only match 50% of the time.
Valid email address – Here again, there is very little difference between legitimate applicants (97%) and fraudsters (87%) when it comes to submitting a valid email address.
Name to email match – Fraudsters use made-up email addresses where they can receive a confirmation and evade detection by the victim of identity theft. 60% of legitimate applicants provide an email that matches with their name, while fraudsters only do this 32% of the time.