Fake IDs Are the Trojan Horse of Fintech

Do you know a more legendary tale of strategy and deception than how the Greeks breached Troy with a hollowed horse? The Greeks needed a way to get past the sophisticated Trojan security system. They hid their real identity using a fake ID—a horse statue—and were happily escorted through Troy’s defenses. As they say, the rest is history. 

Financial Technology (FinTech) companies use technology to innovate or improve financial services, such as digital banking, mobile payments, online loans, wealth management, online stock trading, and blockchain services. All these companies have built sophisticated security systems to keep criminals out and to detect fraudulent transactions. However, the first line of defense is often the weakest: a customer's identity. 

The first step of identity-based fraud is using a fake ID to pretend to be someone else while withdrawing money, opening a line of credit, or making an insurance claim.  The “,” July 2024, a report from Javelin Strategy &  Research compiled data on consumers who reported that new accounts were fraudulently opened with their PII by account type and year and found that in every category there was more fraud in 2023 compared to 2022.  For example, new fraudulent credit card accounts used their stolen PII in 37% of cases, 7% higher than the year before.

Today’s Trojan Horse: The Fake ID

Today’s Trojan Horse is a fake ID or stolen Driver’s License. As a fraudster, your first step through FinTech security is to prove you are your targeted identity victim. The first question always asked when applying for credit or asking for withdrawal is, “Can I see your ID?” It doesn’t matter if it is a physical experience, such as applying for a credit card at a retailer or registering for a loan online; you will be prompted for your driver's license.

The fraudster will be prepared with a stolen identification or a fake ID. Fake driver’s licenses aren’t challenging to obtain; just search the web. You’ll find websites that even review fake ID quality from numerous websites. Once the ID is verified, much of the FinTech security will be based on the identity of the Trojan Horse, the fake identity, and the fraudster will be invited in and have access to financial information and transactions.

There are several high-tech methods to protect your company from literally “falling for the oldest trick in the book.”  They include:

• Never rely on visual checks alone. Fake IDs can easily trick in-person employee visual checks, optical character recognition (OCR) evaluations, and offshore human evaluators.
• Perform location checks that are difficult to fake using a VPN when integrating a check into your mobile app.  An example would be using cell tower location data from the mobile phone for the identity check. If an American is opening a credit card from North Korea, be suspicious. 
• Don’t trust systems that do simple DMV-issued driver's license barcode scans because the information to create those barcodes is public information. However, every state adds unique and proprietary authoritative data to their barcodes. Free mobile apps and any identity verification vendor can read the clear-text information in these barcodes, the same way any fake ID can have a readable barcode that doesn’t include this secret data. You must select a vendor with proprietary access to authoritative data in DMV-issued license barcodes. This is your best protection from accepting fake IDs.

The above recommendations aren’t meant to be exhaustive for onboarding and verifying the identity of FinTech customers; these are three foundational best practices for identity verification. Depending on your FinTech application, risk, and user experience, there are additional methods to prevent fake IDs from becoming your Trojan Horse that allow a fraudster access to scam your customers. The same  found consumers targeted for a scam are likely to leave their primary financial institution (FI), regardless of whether a financial loss results. U.S. consumers targeted by a scam are almost twice as likely to leave their primary FI as consumers who have not been targeted or affected by a scam.

Intellicheck prevents fake IDs from being FinTech’s Trojan Horse. Intellicheck is the only identity validation and proofing service that uses a unique and proprietary analysis of DMV-issued IDs to create trusted, real-time customer identity verification experiences. Good-looking fakes don’t fool Intellicheck’s verification analysis, which supports in-person, mobile, and website verification workflows using the hardware and processes you have in place. In addition to authoritative barcode verification, it is easy to add automated location data, facial match, liveness, and much more to your verification workflow to meet your security requirements.

Fraud Starts with Identity Theft, Identity Theft Ends with Intellicheck.

‍