News and resources on cyber and physical threats to banks and fintechs worldwide.

ID fraud may account for 50% of all bank-reported fraud by 2025

Source: Synectics Solutions

Analysis of the UK’s largest database of syndicated risk intelligence shows ID fraud is the top fraud type reported by banks and other financial service providers, accounting for 45% of all adverse contributions made in 2023. This could reach 50% by the end of the year.

The data also shows that ‘ID fraud originating online’ is now the single most common fraud threat facing the industry today.

Database operator Synectics Solutions is urging vigilance but also caution. “Focussing efforts on more robust online ID verification has to be the answer”, says Chris Lewis, Synectics’ Head of Solutions. “But this presents risk. Widespread adoption of solutions that shut the door on fraud too indiscriminately will also potentially block vital system access to thousands of ‘ID Poor’ customers - a market segment increasing in size each year.

“With the wrong response to ID fraud, the financial exclusion fall-out could be huge. This concern was front-and-centre in the Government’s 2024 report on public dialogue on trust in digital identity services.

To help institutions navigate the challenge, Synectics has released details of the most common forms of ID fraud reported, and advice on implementing inclusionary verification measures.

The changing face (and name) of ID fraud.
National SIRA contains over 300 million rows of data, constantly being updated and verified by fraud teams all over the UK from 170+ leading banks.

In 2023, 72% of all SIRA entries related to internet-based interactions with over a third (37%) logged as ID fraud originating via the internet, making this the most common fraud type/channel combination.

Drilling down into the reasons for these specific types of ID fraud filings[3], analysis shows at least:
• 24% related to instances where an applicant’s name was found to be fictitious.
• 27% related to applicants stealing another (genuine) person’s address details.
• 28% related to cases where key details e.g. name, address, contact details etc., were linked to at least one other application already flagged for potential ID fraud.

“With ID fraud, we’re definitely seeing a sliding scale of sophistication”, says Synectics’ Analytics Consultant Tomas Brown. “For instance, fake names can be relatively easy to spot in some cases, but when paired with real data and used to create a synthetic ID that has accumulated a ‘genuine’ credit rating, the task is much harder. Here, and certainly in the case of the 28% linked to previous applications, there’s clear value in being able to refence syndicated fraud data and check ID details against multiple sources.”

The danger of replacing one risk with another.
Given the clear internet-based bias, and with digital ID adoption in the UK now starting to surge following the government’s development of the Digital identify and Attributes Trust Framework (DIATF), the findings demonstrate the importance of robust online ID verification processes.

But how exactly can banks and other financial service providers make these processes effective, fast and fair - ensuring genuine customers, including those potentially classed as ‘ID poor’, aren’t unfairly penalised with slow services or entirely excluded.

As a board member of the Open Identity Exchange (OIX) - which aims to promote and support the safe adoption of digital ID solutions - and through his work at Synectics on projects with both banks and ID Service Providers (IDSPs), Chris Lewis has a very clear checklist institutions should look for.

“Banks should choose solutions which verify ID details against multiple authoritative sources rather than one or two, and which risk score individuals based on the frequency, recency, and quality of their digital interactions with organisations”, says Chris.

“This simultaneously lowers the risk of false positives, especially linked to good customers who may have thin credit files, while increasing protection from ID fraud. Given that all these checks can now be done in a matter of seconds, there’s no real reason why banks can’t balance good service with robust defences, while still ensuring that ID-poor customers are not excluded.”

Comments: (0)