Know Your Customer? Don’t be so sure, says iProov

Customers aren’t what they once were, with more and more transactions happening digitally and via mobile devices. As such, Know Your Customer (KYC) procedures that do no more than meet minimum requirements risk being hoodwinked by fraudsters focusing their energies on KYC bypass methods.

In a release from iProov, the face biometrics company shares new findings from its Biometric Threat Intelligence service, which “has uncovered a significant dark web operation focused entirely on KYC bypass methods.”

The dark web group operating in Latin America is amassing “a substantial collection of identity documents and corresponding facial images, specifically designed to defeat KYC verification processes.” It is possibly linked to similar operational patterns observed in Eastern European regions, although the connection remains unconfirmed.

Of additional concern is the way in which the identity data is being obtained: not stolen, but traded away in a financial transaction, “with individuals willingly providing their image and documentation in exchange for payment.” This demonstrates how identity fraud tactics are evolving.

Andrew Newell, chief scientific officer at iProov, says “what’s particularly alarming about this discovery is not just the sophisticated nature of the operation, but the fact that individuals are willingly compromising their identities for short-term financial gain.”

“When people sell their identity documents and biometric data, they’re not just risking their own financial security – they’re providing criminals with complete, genuine identity packages that can be used for sophisticated impersonation fraud,” Newell says. “These identities are particularly dangerous because they include both real documents and matching biometric data, making them extremely difficult to detect through traditional verification methods.’’

Lax fraud protection spurs lawsuit

The consequences of lax fraud protection measures can include legal action, as major U.S. banks JPMorgan Chase, Bank of America, and Wells Fargo are learning.

A release from the Consumer Financial Protection Bureau (CFPB) says it has sued the banks and Scottsdale, AZ-based Early Warning Services, the operator of digital payments network Zelle, for “failing to protect consumers from widespread fraud on America’s most widely available peer-to-peer payment network.”

CFPB alleges that the banks “rushed the network to market to compete against growing payment apps such as Venmo and CashApp, without implementing effective consumer safeguards.” Failures include limited identity verification, allowing repeat offenders to hop between banks, ignoring customer complaints and shirking enforcement.

The result is customer losses totalling more than US$870 million over Zelle’s seven-year existence.

“The nation’s largest banks felt threatened by competing payment apps, so they rushed to put out Zelle,” says CFPB Director Rohit Chopra. “By their failing to put in place proper safeguards, Zelle became a gold mine for fraudsters, while often leaving victims to fend for themselves.”

Banks look to biometrics, AI for help fighting fraud

Some are anticipating the threat better than others. Research from GSMA shows that 29 percent of Filipino consumers have fallen victim to financial crimes like identity theft and security breaches. In comments made during the recent Digital Nation Summit in Manila and reported in Manila Bulletin, Rizal Commercial Banking Corporation’s (RCBC) executive vice president Lito Villanueva highlights how the bank is concentrating on training its workforce in AI to combat the threat.

“In fraud detection, AI’s use of anomaly detection and behavioral biometrics has increased accuracy rates to as much as 85 percent,” Villanueva says. “To bolster these efforts, under the leadership of our President and CEO Eugene S. Acevedo, we’ve prioritized upskilling – ensuring all senior officers undergo AI certification to strengthen expertise and align with our vision of building a workforce adept in data science and AI.”

Across the South China Sea in Ho Chi Minh City, there is a push to have customers complete biometric identity verification ahead of a new banking regulation mandating biometric verification as of January 1.

But while mobile biometric identity verification is on offer, Viet Nam News says that banks have been swamped with elderly customers who have limited experience with technology and want to complete ID verification in person.

‘Crucial inflection point’ for financial sector

With bank fraud on the rise from Manhattan to New Delhi, and tactics like executive impersonation and customer account takeover proliferate, the market conditions for biometric identity verification are rosy. An article by Gabe Reagan, VP of human engagement for New York’s Reality Defender, looks at the emergent threat of synthetic voices used in deepfake voice fraud, and how to approach a solution.

Reagan says the financial sector is at “a crucial inflection point” in the effort to fight fraud, as voice cloning, synthetic voices and deepfakes improve at a rapid pace. Experts estimate losses from deepfake voice fraud could reach $40 billion by 2027.

“With cybercriminals weaponizing this technology to orchestrate unauthorized transactions, impersonate executives, and breach biometric safeguards, institutions must evolve their defense strategies to meet this emerging threat,” he writes.

Current multi-factor authentication (MFA) and biometric verification tools have potential vulnerabilities, Reagan says, with biometric systems often struggling to differentiate between real and synthetic voices.

“Financial institutions require a new generation of defensive capabilities that can match the sophistication of modern synthetic media threats while maintaining operational efficiency and customer experience.”

Biometrics, digital ID firms adapt

Reality Defender is just one of a number of firms supporting stronger financial fraud prevention through networks in the age of deepfakes and generative AI. 2024 saw developments from Liminal, Centana, Proof, Mitek Systems, BioCatch, Socure and Intellicheck.

Liminal is betting on identity authorization networks (IANs), user identity frameworks that go beyond establishing that a user is a real person, or what their risk level is, to attest that they have agreed to something, created something, or are authorizing something.

Centana is a private equity firm focused on “investing in the future of financial services and innovation around financial services.” TK firm Jumio was among its first investments, as it aims for what partner Eric Byunn calls a “third layer” of digital identity that includes both “orchestration” and “elements of holistic scoring (heuristics etc.) not fully covered by what the market calls orchestration.”

Proof’s Verify deepfake defense tool, which aims to reduce the risk of deepfake fraud, already serves over 7,000 organizations, including financial institutions, healthcare providers, small businesses, and government agencies. The company has shifted its focus from notarizations to offering a “comprehensive, identity-centric platform.”

Mitek launched its Digital Fraud Defender (DFD) software, a “multilayered solution to the growing challenge posed by generative AI for digital identity fraud,” intended to protect financial institutions against AI-driven attacks such as deepfakes, synthetic identity fraud and account takeover.

BioCatch launched the BioCatch Trust Network, “the world’s first inter-bank, behavior-based, financial crime intelligence-sharing network,” with five of Australia’s largest banks as founding members.

Socure acquired Effectiv, a company specializing in AI-driven fraud detection, in a deal worth $136 million. And Socure’s digital identity consortium data was integrated with Oscilar’s AI platform to strengthen fraud prevention and risk management for the financial sector.

Intellicheck deployed its identity verification tool for title agents to verify the identities of borrowers and sellers in real estate transactions, in an example of a financial-adjacent sector.

Article Topics

biometrics  |  digital identity  |  financial crime  |  financial services  |  fraud prevention  |  generative AI  |  identity verification  |  iProov  |  KYC  |  Luciditi  |  selfie biometrics