How Digital Identity can Combat Fraud

IDENTITY FRAUD IS NOT JUST ESCALATING - IT'S EVOLVING. Just read a truly insightful piece from the team at IDVerse - A LexisNexis® Risk Solutions Company on how Agentic AI is redefining the identity verification landscape — and honestly, it’s one of the more intelligent contributions I’ve seen on the topic in a while. This isn’t a buzzword drop. It’s a clear-eyed look at what happens when identity, fraud, and AI intersect in a Zero Trust world — and what actually works to stay ahead of attackers who are evolving faster than the defenses that are supposed to stop them. 🔗 https://lnkd.in/eUaeNban 🔍 The piece explores something I’ve been thinking a lot about - how digital identity is no longer just a reflection of someone — it’s a construct that can be manipulated, faked, and industrialized. We’re not just dealing with bad actors. We’re dealing with entire ecosystems of "fraudsonas" — synthetic identities and AI-driven deception that can slip past so-called "innovative" verification tools. What IDVerse is doing with Agentic AI is pretty remarkable. Rather than replacing traditional tools which remain essential, they’re adding a new, adaptive layer — one that can learn, react, and detect in real time. It’s an evolution, not a rip-and-replace approach. 🤖 Agentic AI isn’t about automation — it’s about autonomy. It acts with context. It flags behaviors that aren’t just unusual, but intelligently inconsistent. It adapts verification flows to match the risk level. And it does this all without disrupting the user experience. And the timing couldn’t be more critical. 📈 Synthetic ID is now the fastest-growing type of financial crime 🎭 Deepfake-as-a-service is a real thing The idea of using intelligent, context-aware systems to bridge real-world data to digital behavior — and flag the dissonance between the two — is the future. It’s also one of the best paths forward for program integrity, especially across federal, state, and local government initiatives. This article didn’t just promote a platform. It reframed the way I think about how trust is earned — and maintained — in a high-risk, AI-enabled world. #IDVerse #AgenticAI #IdentityVerification #ZeroTrust #DigitalFraud #ProgramIntegrity #Cybersecurity #FraudPrevention #TrustAndSafety #GovTech LexisNexis Risk Solutions LexisNexis Risk Solutions Public Safety LexisNexis Risk Solutions Government

Passwords can be stolen. Devices can be spoofed. But your digital body language? That’s much harder to fake. 🧠 As fraud gets more sophisticated, behavioral biometrics is finally having its moment. We’ve relied on static credentials for years: passwords, 2FA, even facial recognition. But attackers have caught up. They’re using AI to mimic voices, hijack sessions, and bypass traditional defenses. 🤖 The real shift isn’t adding more checks. It’s moving from one-time verification to continuous context. Behavioral biometrics analyzes how you type, swipe, scroll, and navigate, how long they spend on each page, are they on a call, are they being accessed remotely, and would work here. They are building a unique, persistent profile that’s nearly impossible to replicate. It doesn’t just ask, “Are you who you say you are?” It asks, “Are you behaving like you?” This kind of signal is becoming critical: • It detects bots and synthetic identities at onboarding • Flags account takeovers as they happen • And reduces friction for the legitimate users you actually want to keep It’s especially valuable as phishing, vishing, and social engineering attacks grow more targeted, especially in financial services, where the real challenge is protecting existing wallets, not just detecting bad onboarding attempts. Passive. Adaptive. Always on. Exactly what modern fraud prevention needs. ✅ The future of authentication isn’t about adding more steps. It’s about making security invisible and intelligent. Agree?

I don’t say this lightly.  Our new release of the Sigma V4 Fraud Engine is GAME CHANGING for companies losing millions of dollars annually from digital account opening fraud.  I’m talking to the banks, fintechs, marketplaces, governments, gaming companies…  Pay attention. Here’s the performance data on Sigma Identity V4: 🔹 Capturing up to 99% of identity fraud in the riskiest 5% of users, compared to just 37% by competitors at the same review rate 🔹 Reducing false positives by more than 40% over Socure's Sigma ID v3 🔹 Delivering an average 20x ROI for customer's from increased revenue/false positive reduction, fraud loss reduction, and lower manual reviews How did we do it? 10 years of making huge investments across 3 key areas: 1️⃣ Digital Signal creates a robust digital fingerprint of each customer, inclusive of devices and their OS, browser languages, geolocations, and relationship to multiple identities. 2️⃣ Entity Profiler allows us to see an identity from its inception in the digital economy, assessing every historical transactional, digital and relational data point to make up-to-the-second risk decisions. 3️⃣ Integrated Anomaly Detection is a new model that assesses identity behavioral pattern differences at the company, industry, and financial network level and allows us to identify thousands of risk-indicating variables. Let’s use an analogy.  Think of fighting identity fraud like playing a giant game of 'Spot the Difference' where most of the images are identical copies of a normal, everyday scene. The fraudulent activity is like one subtle, but crucial difference hidden in one of these images. It's hard to find because it blends in so well. However, with the right tools, this one different detail lights up or gets highlighted, making it easy to spot. This saves the fraud analysts, who are like players in this game, a lot of time and effort as they don't have to scrutinize every single part of the picture to find the anomaly #fraud #ai #banks #fintech

Weak Know Your Customer process (KYC) is the main cause of failure in Financial Crimes Programs, as 90% of all fraud comes from fully verified identities. Weak identity verification and KYC controls have created a system where: ❌  Financial crimes professionals are reporting illicit activity on a victim, not on the actual perpetrator ❌ A tremendous amount of time and resources are being allocated to reports that shouldn’t have been generated in the first place Worse, it doesn't appear to be stopping bad actors. If anything the opposite. Recent FinCEN SAR filling data makes ugly reading. Most attackers have impersonated others to defraud victims. 👉 69% of identity related BSA reports indicate that attackers impersonated others as part of efforts to defraud victims.  👉 18% of identity-related BSA reports describe attackers using compromised credentials to gain unauthorized access to legitimate customers’ accounts.  👉 13% of identity-related BSA reports report attackers exploiting insufficient verification processes to advance their schemes The solution to the problem - Layering controls. 🐟 1 - Lowest friction. Collect device & behavior signals 🐟 2 - Moderate friction. One Time Passcodes (OTP), identity checks, background data checks with telco's, email providers, bank consortia, matching SSNs to DOBs 🐟 3 - High friction (when risk dictates). eCBSV -The Social Security Administration created eCBSV, a fee-based Social Security number (SSN) verification service. Doc IDV + Selfie + Liveness detection. 🐟 4 - Post account creation speed bumps. Monitor payment credentials and transactions against known good / bad identities and counterparties (+ MUCH more). Progressive KYC is critical to balance the friction of user experience with the critical need to continually improve compliance programs. Krisan Nichani wrote a great long form piece on our blog (link in comments) #kyc #aml #compliance

Last week, 2 major announcements seemed to rock the identity world: The first one: A finance worker was tricked into paying $26M after a video call with deepfake creations of his CFO an other management team members. The second one: An underground website claims to use neural networks to generate realistic photos of fake IDs for $15. That these happened should not be a surprise to anyone. In fact, as iProov revealed in a recent report, deepfake face swap attacks on ID verification systems were up 704% in 2023 and I am sure that the numbers in 2024 so far are only getting worse. Deepfakes, injection attacks, fake IDs, it is all happening. Someone asked me if identity industry is now worthless because of these developments and the answer is absolutely not. There is no reason to be alarmist. Thinking through these cases, it becomes obvious that the problem is with poor system design and authentication methodologies: - Storing personal data in central honeypots that are impossible to protect - Enabling the use of the data for creating synthetic identities and bypassing security controls - Using passwords, one time codes and knowledge questions for authentication - Not having proper controls for high risk, high value, privileged access transactions Layering capabilities like: - Decentralized biometrics can help an enterprise maintain a secure repository of identities that can be checked against every time someone registers an account. (For example, for duplicates, synthetic identities and blocked identities.) If you just check a document for validity and don't run a selfie comparison on the document, or check the selfie against an existing repository, you could be exposing yourself to downstream fraud. - Liveness detection and injection detection can eliminate the risk of presentation attacks and deepfakes at onboarding and at any point in the authentication journey. - Biometrics should be used to validate a transaction and 2 or more people should be required to approve a transaction above a certain amount and/or to a new payee. In fact, adding a new payee or changing account details can also require strong authentication. And by strong authentication, I mean biometrics, not one time codes, knowledge questions or other factors that can be phished out of you. It goes back to why we designed the Anonybit solution the way we did. (See my blog from July on the topic.) Essentially, if you agree that: - Personal data should not be stored in centralized honeypots - Biometrics augmented with liveness and injection detection should be the primary form of authentication - The same biometric that is collected in the onboarding process is what should be used across the user journey Then Anonybit will make sense to you. Let's talk. #digitalidentity #scams #deepfakes #generativeai #fraudprevention #identitymanagement #biometricsecurity #privacymatters #innovation #privacyenhancingtechnologies

ChatGPT Created a Fake Passport That Passed a Real Identity Check A recent experiment by a tech entrepreneur revealed something that should concern every security leader. ChatGPT-4o was used to create a fake passport that successfully bypassed an online identity verification process. No advanced design software. No black-market tools. Just a prompt and a few minutes with an AI model. And it worked. This wasn't a lab demonstration. It was a real test against the same kind of ID verification platforms used by fintech companies and digital service providers across industries. The fake passport looked legitimate enough to fool systems that are currently trusted to validate customer identity. That should make anyone managing digital risk sit up and pay attention. The reality is that many identity verification processes are built on the assumption that making a convincing fake ID is difficult. It used to require graphic design skills, access to templates, and time. That assumption no longer holds. Generative AI has lowered the barrier to entry and changed the rules. Creating convincing fake documents has become fast, easy, and accessible to anyone with an internet connection. This shift has huge implications for fraud prevention and regulatory compliance. Know Your Customer processes that depend on photo ID uploads and selfies are no longer enough on their own. AI-generated forgeries can now bypass them with alarming ease. That means organizations must look closely at their current controls and ask if they are still fit for purpose. To keep pace with this new reality, identity verification must evolve. This means adopting more advanced and resilient methods like NFC-enabled document authentication, liveness detection to counter deepfakes, and identity solutions anchored to hardware or device-level integrity. It also requires a proactive mindset—pressing vendors and partners to demonstrate that their systems can withstand the growing sophistication of AI-driven threats. Passive trust in outdated processes is no longer an option. Generative AI is not just a tool for innovation. It is also becoming a tool for attackers. If security teams are not accounting for this, they are already behind. The landscape is shifting fast. The tools we trusted even a year ago may not be enough for what is already here. #Cybersecurity #CISO #AI #IdentityVerification #KYC #FraudPrevention #GenerativeAI #InfoSec https://lnkd.in/gkv56DbH

“Sorry, Benedetto, but I need to identify you,” the executive said. He posed a question: What was the title of the book Vigna had just recommended to him a few days earlier. Recently, a Ferrari executive was nearly deceived by a convincing deepfake impersonating CEO Benedetto Vigna but listened to his gut and stopped to verify that he was speaking with the real Vigna. This incident highlights the escalating risk of AI-driven fraud, where sophisticated deepfake tools are used to mimic voices and manipulate employees. Perhaps more importantly, how awareness of these threats can save your organization from fraud. The executive received WhatsApp messages and a call from someone posing as Vigna, using a different number and profile picture. The imposter's voice was a near-perfect imitation, discussing a confidential deal and asking for assistance. Suspicious, the executive asked a verification question about a book Vigna recently recommended, causing the call to abruptly end. Key Takeaways: Verify Identity: Always confirm the identity of the person you're communicating with, especially if the request is unusual. Ask questions only the real person would know. (Teach this to your family as well, this applies to real world- not just business) Be Alert to Red Flags: Differences in phone numbers, profile pictures, and slight mechanical intonations in the voice can signal a deepfake. Continuous Training: Regularly train employees on the latest deepfake threats and how to spot them. Robust Security Protocols: Implement multi-factor authentication and strict verification processes for sensitive communications and transactions. As deepfake technology advances, it's crucial to stay vigilant and proactive. By fostering a culture of security awareness and implementing strong verification methods, we can protect our organizations from these sophisticated scams. Awareness matters. #cybersecurity #insiderthreat #Deepfake #AI #Fraudprevention #Employeetraining #Ferrari #Securityawareness #humanrisk

Are fraudsters smarter than #FraudFighters? -- It certainly seems like that sometimes, but having spent years working in big banks, processors, and merchants, I understand firsthand how they can be bogged down by bureaucracy and red tape for the smallest of changes needed to react to quickly changing trends. While this story is about a criminal who used thousands of fraudulent identities to create accounts with gig economy companies, it also delves into (yes, I used "delve." No, this post wasn't written by ChatGPT, Jordan) why she did it - tackling themes of immigration and the ingenuity of those harmed by a broken system. This is not a political post, don't worry. While fraud fighters hate when our companies experience loss from fraudsters, sometimes there's... I hesitate to say this, but an appreciation of the cleverness of their methods. This woman exploited gaps in Documentary KYC, SSN verification, and device detection to create her own fraud empire. Fraud technology has improved significantly over the past 5 years (in large part, it was forced to by COVID), but companies spend millions on system upgrades and new vendors and can still fail. But why? - KYC checks are being bypassed by GenAI videos, images, and IDs - SSN Verification can be expensive and isn't available for most merchants - Device ID at checkout isn't enough any more Just as the woman in this article evolved her methods in response to new challenges, WE should be evolving what we collect, when we collect it, and how we assess it - not just at a single point in time, but across the customer journey. - Is the user spoofing a video with a virtual camera? (Synthetic Fraud) - Is the device stationary or at an unnatural angle for normal interaction? (Device Farms) - Is the user copying and pasting information like address or SSN? (more Synthetic Fraud, mules, ID theft) - Is the user in an active phone call or have remote access software running on their device? (Scam Victims) If your answer to these questions is "I don't know," I'd recommend researching what companies are innovating in this space so the next Priscila that comes along isn't exploiting you. #fraud #scams #fraudtechnology

We’ve reached a point where AI can create “perfect” illusions - right down to convincing identity documents that have no real-world basis. An image circulating recently shows what appears to be an official ID, yet every detail (including the background and text) is entirely fabricated by AI. This isn’t just a hypothetical risk; some people are already mass-producing these fake credentials at an alarming pace online. Why It’s Concerning - Unprecedented Scale: Automation lets fraudsters churn out large volumes of deepfakes quickly, making them harder to detect through manual review alone. - Enhanced Realism: AI systems can generate documents with realistic holograms, security patterns, and microprint, fooling basic validation checks. - Low Entry Barrier: Anyone with a decent GPU and some technical know-how can build - or access - tools for creating synthetic IDs, expanding fraud opportunities beyond sophisticated criminal rings. Preparing for Tomorrow’s Threats Traditional “document checks” used in some countries may not suffice. We need wide spread AI-assisted tools that can spot anomalies in ID documents at scale - such as inconsistent geometry, pixel-level artifacts, or mismatched data sources. Biometrics (e.g., facial recognition, voice authentication) can add layers of identity proof, but these systems also need to be tested against deepfakes. Spoof detection technologies (like liveness checks) can help confirm whether a user’s biometric data is genuine. Probably more than ever it is important for governments to provide smaller businesses means of cross-checking IDs with authoritative databases - whether government, financial, or otherwise. As AI-based fraud techniques evolve, so must our defenses. Keeping pace involves embracing advanced, adaptive technologies for identity verification and maintaining an informed, proactive stance among staff and consumers alike. Do you see biometric verification or real-time data cross-referencing as the most promising approach to identify fake IDs? #innovation #technology #future #management #startups

Is KYC Broken? Here’s the latest...(you need to know) Most companies think KYC is a bulletproof line of defense. The reality, it can be a giant blind spot. Fraudsters have figured out how to bypass identity verification at scale. AI-generated deepfakes, emulators, and app cloners make it easy to create synthetic identities that can pass KYC checks. KYC system's aren’t failing because they are weak, they're failing because they were never built to catch fraud in an AI world. Here’s the exploit: ▪️ Deepfake Technology: AI-generated videos that bypass facial verification. The KYC platform sees a “real” face but its not! ▪️ Device Spoofing: Emulators and cloners create multiple fake devices, masking fraudulent activity and enabling scaled attacks. ▪️ Hooking & Tampering: Fraudsters manipulate verification apps to inject fake data directly into the process. The result? Fraudsters can pass KYC undetected. Fake accounts skyrocket - Payment fraud and chargebacks escalate. Most companies don’t have a good grip on this yet. So what’s the fix? You have to start analyzing devices and behaviors in real time. ✅ Device intelligence: Identify syndicates tied to the same device, accurately. ✅ Behavioral analysis: Detect session anomalies in real-time before fraudsters can cash out. ✅ Continuous monitoring: Fraud doesn’t stop at onboarding or only happen at payment - think "anytime fraud" and monitor accordingly. Fraudsters know KYC is just a checkpoint. They know what you are checking for and how to fool the process. What do you think #fraudfighters?