Apr 27, 2020

Adam Lee, Chief Product Officer at Boku, argues the online world is over-reliant on easily-compromised personal data for verification.

We can no longer rely on personal data alone to confirm user identity online. Databases are now so routinely hacked into, compromised and distributed to criminals over the dark web that today’s user verification systems – which chiefly rely on user’s personal data for success– are becoming increasingly exposed to the risk of user impersonation by malefactors.

Information from Javelin Research suggests there were 14.4 million US victims of identity fraud in 2018. Fraud attacks utilising stolen user data to impersonate victims accounted for US$14.7 billion in financial losses. In total, the 2018 US Identity Fraud Study estimated that US$107 billion had been stolen from individuals, retailers, banks and other organisations in the previous six years through user impersonation– and the problem continues to grow as fraudsters become more adept at harvesting stolen user credentials and distributing these credentials among the criminal fraternity.

User impersonation usually occurs when a new account is falsely created using data stolen or purchased by criminals on the dark web. Fraudsters then substitute their own contact information in place of the victim’s, allowing them to hijack any subsequent communication with the business. Armed with this synthetic ID, fraudsters are able to use stolen credit card numbers and apply for bank loans or infiltrate online communities and peer to peer marketplaces, all while incognito.

In response to the rapid growth in user impersonation, industry is moving towards secondary forms of identity verification that link personal ID verification with other factors, such as biometrics (fingerprints) or knowledge points such as Personal Identification Numbers (PINs) delivered to the user’s home address. However, biometric factors usually require some form of pre-registration which remains fairly uncommon at present, while PINs mailed to a user’s home address often lead to a confirmation process that can take days, if not weeks, to complete.

Our latest white paper, presents a better kind of solution, one that allows a mobile number to be matched against a name and address, thereby preventing fraudsters from creating synthetic ids using their own mobile number.

Download Boku’s white paper outlining a better approach to online verification, or visit our Identity Solutions page to find out more.