Cryptocurrency is a much bigger issue than the price of bitcoin. Although that gets the headlines, there’s the more complicated issue of bad actors and crypto fraud. Because for every innovative executive and daring company on the positive side, there’s a fraudster disrupting the two things that are essential to crypto’s growth: trust and safety. It’s an area where fraudsters are getting smarter and faster, and are going digital in their efforts to thwart even the best defenses.
It’s an example of the speed and scale at which fraudsters operate in the digital-first economy – and it’s been a continuing concern of Ofer Friedman, chief business development officer at ID verification firm AU10TIX. In a recent conversation with PYMNTS, he said that enterprises need to go digital in their efforts to stop fraudsters, drilling down to the forensic level of examining documents presented online. (And it doesn’t hurt to be a little paranoid, either.)
The conversation came against the backdrop of the March Future of Identity Report (a collaboration between PYMNTS and AU10TIX), which notes that fraudsters, especially those in the crypto space, are “relatively more sophisticated” than seen elsewhere. They’re leveraging cleverly faked credentials to get away with their schemes. The crypto market may reach $2 trillion, but studies have shown that more than half of cryptocurrency service providers have weak KYC procedures in place – and those vulnerabilities are not limited to bitcoin or crypto exchanges.
“Let’s start with the bad news,” Friedman told PYMNTS. “Most companies are not adequately protected against today’s fraud. And the reason is that most of them are following the basic requirements of regulators who do not go that ‘deep.’”
Those processes are fairly simple, he said: An individual furnishes credentials, and then the firm uses technology to “read” the data from those credentials and has someone look at the details (“usually in a back office,” said Friedman) – and then the face-matching takes place.
But there’s a problem buried deep in the mix, he noted. With the advent of computers – and a myriad of software devoted to editing and creating documents – faking an ID is easier than ever. No one needs scissors or Scotch tape anymore.
Going Deep … And Digital
With the aid of digital tools, said Friedman, fraudsters can cobble together data gleaned from widely available sources (even social media) and create a document that has all manner of “correct” data and visuals on it, in an attempt to thwart traditional screening processes. Looking at the documents today, the fraud is not necessarily visible. To beat the bad guys at their own digital fraud game, said Friedman, fraud detection must go digital, too. The urgency is there – as so much commerce goes online, authentication and verification efforts must take place.
In the bid to bring fraud detection into the digital age (and out of back rooms), said Friedman, there are a few approaches. For one thing, companies can focus on the actual images they are getting from consumers. “But you can have a second layer of defense beyond the document or the ‘face’ that you just got, because you’ve already got some background,” he maintained.
That entails taking a deep-dive look at the document itself. While the vast majority of fraud checks involve optical character recognition (OCR), said Friedman, “you have to go forensic. You have to go ‘paranoid.’” Firms need to start with the mindset that fraud will be complicated – and likely hidden. “Going digital, going ‘deeper,’ means you’re looking not just for what’s seen on the image, but also what happens to an image when a fraudster is performing the manipulation,” he explained.
The fraudster who uses Photoshop, other software or even templates to design and manipulate documents tends to leave “traces” of what’s been altered – and what is ultimately suspicious. Advanced technologies such as machine learning and artificial intelligence (AI) can help build those defense mechanisms and cross-reference various ID sources in a bid to uncover synthetic IDs.
The most robust layers of defense not only seek to stop fraudsters as they are probing firms’ vulnerabilities, but also enable enterprises to root out fake IDs and accounts that have already gotten through – in effect going back and cleaning house. Friedman pointed to Instinct, an adaptive analytics and behavior platform that helps pinpoint identity risk tied to past behaviors.
In the overall balancing act that exists as firms seek to verify their customers, satisfy compliance mandates and yet keep the user experience intact, Friedman told PYMNTS that “we have a credo that says, ‘let the customer do it the same way they’ve always done it. Let the technology do the smart stuff.’” End users simply take pictures and present them; AU10TIX’s identity management infrastructure is designed in a way that does not introduce more friction into the onboarding process.
Friedman noted that traditionally, the interaction in customer verification has been one-sided, as the customer has had to visit financial institutions’ or merchants’ websites, download mobile apps and kick-start verification efforts. “It’s been the customer who has been initiating the process,” he explained. But by enabling service providers to approach the customer and initiate the process (AU10TIX has a white-label solution, Secure.Me), that process can be truncated to a matter of seconds.
“It’s now a two-way situation, where customers and businesses can both initiate a process of onboarding or identity authentication as needed, obviously complying with regulations,” Friedman told PYMNTS.