Evolution of fraud demands layered response: AuthenticID, Aware, Daon panel

By now, everyone has received a scam call or a phishing email. Yet amorphous and invisible threat actors – “fraudsters,” in the parlance – can feel like an abstract foe, ill-defined and painted in the garish colors of a Batman villain, wielding deepfakes, injection attacks and other ominous-sounding weapons.

However, recent news puts a human face on the fraud threat. So-called “scam compounds” in Myanmar have been found to be populated with people who were lured there by the promise of office jobs or other legitimate employment, then forced to run scams under threat of beatings and other abuse. The fraud threat is very real, and algorithmic technology is accelerating it.

Fraud is a constant concern for many relying parties, payments firms, digital ID providers and other stakeholders at the Secure Technology Alliance’s (STA) Identity and Payments Summit. A fraud prevention panel playfully evoking the Ghostbusters features AuthenticID CEO Blair Cohen, Daon CPO Ralph Rodriguez and new Aware CEO Ajay Amlani, discussing the techniques now available to fraudsters – and how businesses and individuals can pushback with innovative tools.

From days to seconds: fake digital IDs now simple to create

Daon’s Rodriguez says it used to be a lot of work to create a fake digital identity. Now, “digital fakes can be created for pennies.” This means that threats that used to be linked to nation state actors have been democratized.

Cohen demonstrates how a three second audio sample can now be used to effectively clone a voice, with major implications for call center fraud. Generative AI tools like large language models (LLMs) and diffusion models are enabling the cheap and speedy creation of deepfakes and synthetic identities. Aspiring fraudsters can now even look to the fraud-as-a-service network, which offer fraud services in conveniently priced packages.

Friction can be good: exploring risk-based authentication

Moreover, says Cohen, fraudsters share knowledge and collaborate – in contrast to the competitive digital ID sector, which tends to work in silos of proprietary tech. “There is coordination happening,” Rodriguez says, “but extremely slowly.”

The best defense in the meantime is a layered security approach. That often summons the demon Friction. But Rodriguez says “the notion of risk-based authentication is coming into play” – the idea that friction could be applied based on the stakes of a transaction; a $10,000 transfer, for instance, should have more friction (i.e. security layers) than sending $15 to a friend for a movie ticket. Cohen even goes so far as to suggest that maybe “we’ve got it all wrong on friction,” noting that the realities of the current fraud landscape make him much more amenable to regular security checks, which have become reassuring to him.

That said, according to Mattr, most customers still hate friction, in that 33 percent of customers will bail on a transaction after 5 minutes of frustration. Fraud is malicious, but friction remains a potent enemy capable of driving customers away.

And it comes with the risk of scope creep. In a separate panel on wallets, industry expert and consultant Kaliya Young (Identity Woman) notes the invasive potential of cybersecurity technologies. What happens, she asks, if “we end up with a web where entering a website demands your ID?” For many, fears about fraud are still overruled by fears of surveillance. Young says a responsible approach needs “business and regulatory norms to maintain the anonymity of everyday life that helps us feel comfortable in society.”

One thing is certain: fraud will not stop itself – and it won’t stop evolving. Finding the perfect solution means using an informed, layered approach, staying agile and making use of available technologies, from biometric authentication to liveness detection to mDLs – and whatever comes next.

Article Topics

AuthenticID  |  Aware  |  biometric payments  |  biometrics  |  Daon  |  digital ID  |  digital identity  |  Identity and Payments Summit  |  Secure Technology Alliance  |  synthetic identity fraud