Socure, the provider of artificial intelligence for digital identity verification, sanction screening, and fraud prevention, released its inaugural Document and Biometric Identity Fraud Report, detailing the rampant use of fake government-issued IDs and the techniques used to fool legacy document verification systems.
According to the data, document image-of-image was “the most prevalent identification (ID) document fraud technique in 2023, occurring in 63% of all IDs that were rejected.”
This was followed by “tampered headshots (21%) and selfie spoofing (20%).”
Document image-of-image occurs when “the user takes a photograph or uses a screenshot image of an ID, rather than providing a live capture of the document.”
Document headshot tampering takes place “when a user purposefully manipulates facial imagery. And, selfie spoofing entails taking a picture of an image on a computer screen, printed on a piece of paper or even an actual headshot on a different document – often carried out to steal identities or fraudulently access systems.”
The report assesses document verification-related account openings “across a variety of industries including online gaming, marketplaces, lending and credit cards.”
Document and biometric verification – the process of “verifying the authenticity of a government-issued ID, including driver licenses and passports and matching it to selfie – is a critical step for organizations needing to verify a customer’s age and identity when opening an account.”
Common applications include verifying a driver license “when renting a car or confirming someone purchasing alcohol online is 21 or older.”
Fraud surrounding IDs has become pervasive, “accounting for 70% of all fraudulent verifications evaluated by Socure’s document verification solution.”
The other 30% of fraudulent captures “is biometric-related fraud, including selfie spoofing and impersonations (15%) as well as a mismatch between the headshot on the ID and the selfie (15%).”
A concerning trend, selfie spoofing “can be carried out quickly and easily thanks to the availability of public social media profiles – and unlike document image-of-image, it almost always represents malicious intent.”
Fraudsters simply use images “posted by others online as the “selfie” to go with a recently stolen ID acquired from other means.”
Eric Levine, SVP, Head of Document Verification at Socure said:
“A perfect storm exists today in which the digital economy and social media have provided exponentially more opportunity for fraudsters to carry out identification document fraud. From car rentals, to liquor deliveries to accessing government benefits, verifying identities has become an integral part of our economy and it’s crucial that we prevent deep fakes, fake IDs, and stolen and fabricated identities from entering the digital ecosystem. This will require us to fight AI with AI using a multi-layered security approach that combines document verification, biometrics analysis and auxiliary signals to detect the most advanced ID fraud attempts of today and tomorrow.”
Additional key findings from the report include:
- Selfie-spoofers target seniors at nearly 4x the rate. Nearly half (49%) of all selfie spoofing attacks are carried out on users in the age 50 and above population. Older demographics typically have greater assets—more to steal—and are often less tech savvy, thus more susceptible to fraud.
- Cross-Country ID-related fraud: Idaho and New Hampshire rank as the top two states with the highest verification rejection rates, indicating high document fraud. The techniques seen most often were document image-of-image and selfie-to-headshot mismatches.
- Geography matters—for your device. When the location of a device used to create a new account and the state on their submitted ID documents don’t match, there is nearly twice the rate of fraud. Florida, Texas and Georgia were the top three state IDs with the highest volume of out-of-state verifications.
Methodology
Data & DocV core engine
Insights found in the report are derived “from Socure’s DocV core engine’s 2023 production data.”
The transactions found within this data “provided demographic information such as age, sex, document state and device state obtained from the associated documents and device data.”
This information allowed for findings “related to specific fraud vectors, breakdowns of fraud by available demographic groups, prevalent fraud vectors in industry verticals such as online gaming, marketplaces, lenders, credit card, and more.”