Digital ID fraud mostly through web channel in 2021: Shufti Pro report
The overall digital identity and financial fraud rate leapt to 37 percent of attempted transactions in 2021, from only 20 percent in 2020, according to new research from Shufti Pro. The Shufti Pro Fraud Report 2021 shows biometrics fraud was a component in roughly one of every five attacks. Android was much more frequently used to attempt fraud than iOS, but more than three-quarters of fraud attempts (78 percent) came via the web.
The report suggests an overall increase not only in attack volumes, but also sophistication.
The frequency of ID document fraud as a share of total incidents declined sharply in 2021 from the previous two years, but even as the total number of fraud attempts grew, biometric fraud attempts decline modestly, from about 22 percent to 20 percent of all incidents observed by Shufti Pro.
Over half of digital fraud attacks in Sudan, Kenya, Cameroon and Ethiopia involved biometric fraud, according to the report. Biometric fraud rates actually fell significantly as a share of the total in both the U.S. and Europe, perhaps hinting at more mature deployments with liveness detection.
Fines levied against banks for non-compliance with know your customer (KYC), anti-money laundering (AML) and data privacy regulations also continued apace, with a total of $937.7 million in the first half of 2021.
In cryptocurrency, Shufti Pro found that fraud has risen by over 500 percent in a year. Of all stolen crypto funds, 72 percent came from DeFi protocols.
Charities also experienced an increase in fraud rates, but at 16 percent, the difference is striking.
The report also touches on fraud trends in fintech, online dating, gaming and gambling and ride sharing.
The effect of the pandemic is considered, and new fraud techniques encountered during the past year are reviewed.
Many digital identity criminals turned to passports, and specifically manipulation of the MRZ code, to spoof identity document verification processes. Attempts with photoshopped and expired ID documents increased in 2021, and though Shufti Pro observed better-quality templates for fake ID documents for sale on the dark web than were previously available, the company says this approach is no match for a robust AI document verification system.
New fraud attempts observed during the year include uploading documents with reflected light obscuring the information they contain, which likewise is always rejected by Shufti Pro, according to the report.
The report concludes with predictions about fraud trends to expect in 2022, such as more synthetic identity and deepfake fraud attacks, and an increased focus by fraudster on remote workers.