Identity Fraudsters Stole over $16 Billion from US Consumers in 2017. How can CSPs Reduce the Risks?

By: Bernardo Lucas

While we have emerged from the first quarter of 2018, consumers are still feeling the hangover effects of 2017. Sobering statistics and stories of how consumers around the world are being targeted by fraudsters continue to surface. A new study by Javelin Strategy and Research found that in the U.S. alone, identity fraud victims increased by 8%, resulting in $16.8 billion being stolen from 16.7 million U.S. consumers in just one year. The survey found that e-commerce shoppers experienced the highest prevalence of fraud, and consumers who are digitally connected were exposed to a 30% higher risk of fraud than those who are not. As the world, including fraudsters, embraces the digital transformation, how can communication service providers reduce the risks of identity fraud for their customers?

In today’s mobile-centric world, the use of mobile phones as a token for subscriber identification has become standard practice for most people. However, SIM-swap fraud, where scammers cancel and re-activate new SIM cards to hack services such as bank accounts, has been on the rise. Currently SIM-swap fraud is quite difficult to detect. Since it is a fairly new type of scam, telcos and banks are still trying to find effective ways of identifying when a customer’s mobile number has been fraudulently swapped and ported onto a new device. With fraudsters continuing to exploit this weakness, better authentication processes must be put into place.

In response to this need, new advances and technologies are rapidly being developed. 2018 is widely expected to be a breakthrough year for biometrics. In biometrics, body measurements such as finger prints, iris or retina recognition are used as a customary form of authentication. In fact, video identification is becoming a secure and user-friendly approach to enable mobile network operators (MNOs) to offer online mobile contracts with ID verification. While the Mission: Impossible movies have been showcasing this technology for decades, it is finally moving beyond science fiction to become part of our daily lives. Major moves are being made across the financial, consumer tech and automotive industries, to name a few, to get this technology into the hands of consumers. 

For example, the auto industry’s adoption of biometrics is expected to grow 38% during 2016-2025. Market research firm Acuity estimates that by 2020, 100% of smart phones will include embedded biometric sensors as a standard feature – demonstrating the acceptance by both consumers and enterprises of biometrics as a credible and trusted form of authentication. While this technology is exciting, used in isolation it can still be thwarted by determined fraudsters. You may remember that it only took a matter of days for Apple’s Touch ID fingerprint scanner, iPhone X Face ID and Galaxy S8’s facial recognition and iris scanners to be tricked with fingerprints copied by a high-end printer. To make matters worse, biometric data has been named as one of the hottest targets for hackers to steal in 2018 – making it more difficult for CSPs to trust who is really on the other side of a transaction.

It is for this reason that Identity and Access Management (IAM) and other security leaders must ensure that, in addition to biometrics, one or more additional methods are implemented to provide a second layer of security.

The growing adoption of eSIMs will provide greater protection than traditional SIM cards. Instead of storing user authentication details on physical SIM chips, which can be swapped out and put into other devices to avoid detection, each eSIM is permanently embedded into the handset, along with its user’s unique biometrics and security passcodes. This way, only the owner can access a phone. In addition, eSIMs will provide CSPs with greater control and will be able to prevent malicious apps from being downloaded onto a handset through initiatives such as the GSMA Security Accreditation Scheme

However, even with multi-factor identification, if the initial profile is spoofed using a synthetic identity (Synthetic ID), and false accounts are created to support these fake identities, these prevention methods will still fall short. The rise of synthetic identities, or IDs created using either real, stolen or fake identity data, is estimated to have cost banks at least $6 billion in 2016. Synthetic IDs are being used by fraudsters to subscribe to new services without the intention to pay for them. In fact, these phony IDs can be made with just a few bits of stolen information, such as a social security number and birth date, to construct a whole new persona. The issue is becoming more pervasive by the day – and harder to identify. In social media, this problem has come to the fore: 48 million Twitter accounts were found to be run by bots instead of real people. 


Latest Updates

Subscribe to our YouTube Channel