Most consumers have been asked to email a photo of a government-issued ID to a business with whom they wanted to transact, at one time or another. A delivery driver more recently may have asked to snap an image of an ID with a smartphone, if delivering a regulated product or for contactless verification. Most people comply without giving identity theft or security concerns a second thought because they are in a hurry to complete the transaction.
It turns out, this is a risky practice, and there is a much better way to conduct digital ID verification.
Identities Stolen from Unsuspecting Rideshare Customers
More than 2,000 identities were stolen by a crime ring of 19 alleged fraudsters who operated a nationwide scam that created fraudulent Lyft and Uber rideshare and delivery driver accounts, which they then leased to people who hadn’t passed any driver background checks. One member of the group pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft. It is reported that he collected over $200,000 in fees for leased fraudulent accounts for his part in the scheme.
How did the fraudsters gain access to people’s identities? When delivering alcohol, the defendants, rideshare delivery drivers themselves, would ask for unsuspecting customers’ IDs to verify their age and then snap photos of the document. The fraudsters then used photo editing software to insert another person’s picture into those maliciously obtained IDs, which then created a fake driver’s license. The scam artists created rideshare drivers’ accounts and leased those accounts to people who were unable to pass Uber and Lyft background checks, either because they lacked documentation or had a criminal history.
The scam, which ran between 2019 and early 2021, began to unravel when identity theft victims came forward after receiving erroneous 1099s from Uber and Lyft reporting income as a driver.
A More Secure Way to Verify IDs: Digital Identity Document Verification
Businesses have a fiduciary and moral responsibility to keep customers and their private data safe. The Uber/Lyft scam example clearly demonstrates a misalignment between the controls these organizations were using to detect fraud risk and the obvious gaps that existed which put sensitive customer PII into the hands of bad actors.
With more than half of Americans using food delivery apps now and millions more taking advantage of online new account onboarding, the new digital paradigm requires a modern, secure approach to verifying identities and ages. This is not only true for regulated industries to ensure adherence to due diligence procedures, but it’s also critical to building user trust and protecting a brand’s reputation.
Best practices dictate that companies should be applying the same level of diligence to contract drivers as they do for their employees–including risk-based identity verification at every stage of the worker lifecycle, beginning at onboarding and continuing with routine auditing. Furthermore, employees and contractors should not be authorized to use their personal mobile phones to capture customer PII or data; providing such PII should remain under the control of the consumer in a web-safe environment.
The more secure and modern approach exists with digital identity document verification: automated, machine learning-driven technology which authenticates a government-issued ID and matches a selfie of the person presenting the ID to the photo on the ID document. Relying on a secure image capture app on a smartphone, the user uploads a photograph of their government-issued ID and a selfie at the time he or she is applying to be a driver or when someone is making the alcohol purchase for age verification.
The identity verification provider behind the image capture app runs automated validation checks on the authenticity of the ID to ensure it’s not a forgery or that it hasn’t been subject to tampering, which would have caught the IDs referenced previously. If a selfie is taken, liveness detection is run to prevent spoofing and then facial biometric features from the selfie are compared to facial biometric features from the photo on the ID to ensure a match.
How Socure Differentiates Identity Document Verification
ID document verification has been a fundamental defense for companies to fight identity fraud for a while. Its intended purpose is to verify that a person is who they say they are. However, the standard approach to document verification around authenticating the validity of a government-issued ID and ensuring that a selfie matches the photo on the ID isn’t enough to predict whether it’s safe to do business with that person, because gaps remain concerning the risk associated with the identity on the identification.
Companies should employ a predictive document and identity verification solution, which incorporates risk signals for fraud detection alongside ID document verification, liveness detection, and biometric facial matching.
By definition, predictive analysis is the use of data, artificial intelligence, and statistical algorithms to identify what could happen in the future. Applying that to document verification, it’s possible to identify users who might commit fraud in the future.
In the case of Socure’s DocV, hundreds of powerful predictive signals have been incorporated throughout the identity document verification process, which collectively inform the decision. It allows businesses to block fraudsters from their ecosystem and prevent fraud in this current digital-first environment, but it also auto-approves more good customers.
Using proprietary computer vision, DocV extracts document PII and verifies it by linking to authoritative data sources, like credit headers, utility, and telecom records. From there, device, phone, and address data are also gathered and evaluated during the onboarding process, from which Socure derives predictive signals like phone-to-name correlation, address-to-name correlation, device-first-seen, and IP- distance-from-address that are nearly impossible to fabricate.
Also critical to fraud detection is the incorporation of more than 17,000 highly predictive features that are unique to identity and device components which can indicate fraud intent and contribute to driving more predictive, data-driven outcomes–resulting in a single source of truth on digital identity.
When DocV is combined with Socure’s ID+ identity verification platform, businesses gain the power of a full suite of fraud risk and compliance solutions, including KYC, Global Watchlist and Monitoring, and the Sigma Fraud Suite, to ensure a 360-degree view of their customer. Trusted by more than 1,000 top financial institutions, government agencies, and enterprises, ID+ is the only graph-defined identity verification platform that utilizes every element of identity to deliver the most accurate fraud detection and identity verification decisions in real time.
Companies should be balancing the effective mitigation of fraud while supporting a seamless document verification experience controlled by the user. By enabling AI-driven, predictive ID document verification, these rideshare businesses could have easily avoided the identity fraud, the inconvenience to their customers, and the damage to their reputation suffered in this story.
To learn more about Predictive DocV and see it in action, schedule a demo today.
Brenda Gilpatrick is senior director of product marketing at Socure. She helps to lead go-to-market strategies for the ID+ fraud product suite. Previously, she was an independent consultant in the payments and fintech industry, working with companies of all sizes on marketing, technology, operations, and business development initiatives.
How to Defeat a Hidden Threat Behind Zelle...
2022 has emerged as the year of the Zelle scam. Thousands...
How to Play Offense to Tackle Increasing Identity...
Industry colleagues are asking for our insight into how the current...