FB pixel

Generative AI enabling identity fraud at scale: Au10tix report

Synectics offers data and advice
Generative AI enabling identity fraud at scale: Au10tix report

An eight month-long identity fraud campaign coordinated by organized crime groups has attempted 22,080 fraudulent user onboarding attempts by repeatedly applying generative AI to a single passport has been found by Au10tix.

The ID fraud is characterized by Au10tix researchers as a “Mega-Attack.”

The company’s Q4 Global Identity Fraud Report describes two distinct patterns of digital identity fraud attacks at “mega” scale. Half of the 22 thousand attacks took place within a span of two to three weeks, qualifying it as a “sudden burst” attack. “Slow burn” attacks are more typical, where a large number (Au10tix’ example is 2,000) AI-generated IDs are used five or six times a day over a period closer to a full year. Au10tix found 10 such slow burn attacks in 2023.

Criminals carrying out mega-attacks tended to target payments and cryptocurrency services, Au10tix found. Payment services were targets in nearly half of total attacks. Social media attacks also increased by 21 percent, which the researchers suggest could be motivated by establishing social credibility for fake accounts.

Au10tix recommends organizations implement selfie biometrics for user onboarding, as part of a robust set of technologies for KYB, KYC and AML screening. The company also says that consortium validation can increase privacy and improve fraud protection.

“We detected these mega-attacks by cross-referencing anonymized ID data against AU10TIX’s consortium of 60+ top-tier organizations, demonstrating the power of collective expertise in identifying complex fraud patterns that may evade individual entities,” said Dan Yerushalmi, CEO of AU10TIX. “Sophisticated AI and deep-fake technology are helping organized crime groups escalate their attack numbers exponentially, but we will continue working to make the world a safer and more secure place.”

ID fraud makes up 45 percent of all fraud reported by banks and financial services providers, according to research from Synectics Solutions, and most of it originates online.

A national UK database of syndicated risk incidents shows that 24 percent of ID fraud involved fictitious names, 27 percent involved a real person’s address being stolen, and 28 percent involved at least one attribute, such as name or address, that had previously been flagged for potential ID fraud.

“With ID fraud, we’re definitely seeing a sliding scale of sophistication,” says Synectics’ Analytics Consultant Tomas Brown. “For instance, fake names can be relatively easy to spot in some cases, but when paired with real data and used to create a synthetic ID that has accumulated a ‘genuine’ credit rating, the task is much harder. Here, and certainly in the case of the 28 percent linked to previous applications, there’s clear value in being able to refence syndicated fraud data and check ID details against multiple sources.”

Checks against multiple authoritative sources can also lower the risk of false positives, the company says, particularly for legitimate customers with thin credit files who might otherwise be excluded from financial services.

Old school still on

Sophisticated mega-attacks with advanced technologies are coexisting alongside more traditional types of identity fraud.

Police in Hong Kong have arrested three people found in possession of 28 stolen ID documents and payment cards and tools for making fake IDs, South China Morning Post reports.

The trio are accused of stealing the ID documents and cards through various methods, and then manipulating the photos on them to pass face biometrics checks to open fraudulent online accounts.

Related Posts

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News


EU watchdog rules airport biometrics must be passenger-controlled to comply with GDPR

The use of facial recognition to streamline air passenger’s travel journeys only complies with Europe’s data protection regulations in certain…


NZ’s biometric code of practice could worsen privacy: Business group

New Zealand is working on creating a biometrics Code of Practice as the country introduces more facial recognition applications. A…


Demonstrating value, integrated payments among key digital ID building blocks

Estonia has achieved an enviable level of user-centricity with its national digital identity system through careful legislation and fostering collaboration…


Strata Identity launches uninterrupted identity services product

There are a few things that can be more annoying than your office computer logging you out of applications because…


Digital identities shaking up identity verification industry: Regula

The arrival of digital identities is shaking up how companies operate and verify identities. Regula has published a survey with…


Digital ID for air travel is DPI that could lift Africa’s economy, HID argues

As the African continent experiences economic growth and increasing global integration, the potential for enhancing air travel through improved digital…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events