Socure Insights on Identity theft report, the Fake ID Edition. It found that identity fraudsters have virtually eliminated any single reliable indicator for detecting fake identities online. Data gathered from Socure customer transactions, reveals that when considering common signs of fraud the difference between authentic and fake identities is nuanced at best.
“After processing billions of data points, we confirmed that consumers and fraudsters are far more alike than different when it comes to digital identities,” said Sunil Madhu, Chief Strategy Officer for Socure. “While differences in fraudster behavior certainly remain, they have become subtle enough that relying on a handful of variables is no longer sufficient; the complex and subtle relationships between multiple variables must be analyzed to get an accurate result.”
Identity fraud detection
Data used in the report is based on actual fraud attempts detected by Socure’s ID+ Platform across the company’s broad client base. The determination of all fraudulent and valid accounts were confirmed by Socure’s clients. The study assessed hundreds of indicators of fraud to determine how reliable they are for detecting fake identities.
Following are eight of the most interesting indicators:
When a phone number is required, two thirds of the numbers provided by legitimate applicants were registered with a Top 4 Carrier (67%), while just over half of fraudsters (52%) did so. This is most likely due to fraudsters’ propensity for using so-called “burner” (pre-paid) phones and/or SIM cards to keep expenses down.
Fraudsters typically use the most common male names, like John, James, David, or Michael, etc.
- Social Media Accounts
Approximately 80% of fraudulent identities have no associated social media accounts. Although this would seemingly have a high correlation with fraud, some legitimate applications also have no social media presence. These legitimate applications, however, have other strong indicators that predict an identity is true.
- Device Location
Most fake IDs use IP addresses that are inconsistent with their actual location.
Unless required, fraudsters rarely provide an age. When required, they typically choose the 25 to 45 range.
Like IP addresses, fraudsters use inconsistent information, like an incorrect zip code or house number. Meanwhile, the name and address submitted with fake IDs only match 50% of the time.
- Valid Email Address
Here again, there is very little difference between legitimate applicants (97%) and fraudsters (87%) when it comes to submitting a valid email address.
- Name to Email Match
Fraudsters use made-up email addresses where they can receive a confirmation and evade detection by the victim of identity theft. 60% of legitimate applicants provide an email that matches with their name, while fraudsters only do this 32% of the time.
A full copy of the report and its findings is available here.
The Socure ID+ platform combines artificial intelligence, unsupervised machine learning and clustering algorithms to learn customer identity from their digital footprints. By calculating risk and correlation scores, Socure ID+ empowers businesses to dramatically increase online transaction acceptance rates, as well as reduce manual reviews and fraud.