In today’s digital-first world, fighting fraud can feel like a Sisyphean task. Just when you think you’ve got fraud under control, another new and dangerous fraud vector emerges. Fortunately, fighting fraud doesn’t have to be overwhelming. Because the vast majority of fraud vectors targeting businesses and consumers today fall into one of the 8 major types covered below, determining the best way to prevent the fraud vector from hurting your business is easy. Let’s explore 8 major fraud types and discuss how enabling advanced digital identity solutions such as cryptographic authentication can help prevent them.
Fraud Type 1: Identity Theft
Identity theft, aka true name fraud, occurs when a fraudster impersonates a real person, often by stealing their social security number.
How can Prove help? Often, the fraudster will enter the victim’s real information (name, birthday, social security number, etc.) but replace the victim’s real phone number with their own “burner” phone number. Prove Auth can prevent identity theft fraud by determining that the fraudster is not the rightful owner nor in possession of the victim's phone (physical device) during the transaction.
Additional Resources:
- Why the True Cost of Identity Fraud Is Even Higher Than You Think
- 5 Tips to Protect Yourself Against Identity Theft & Cybercrime
Fraud Type 2: First-party Fraud
A common form of first-party fraud occurs when an individual makes an expensive purchase and then falsely disputes the purchase as fraudulent with their credit card company to avoid paying for the purchase. Some fraud experts claim that first-party fraud is more prevalent than third-party fraud vectors like identity theft.
How can Prove help? Prove Auth makes it much harder for individuals to falsely dispute charges as it can produce detailed evidence that shows when a user’s verified phone number is associated with the transaction.
Additional Resources:
Fraud Type 3: Bot Attacks
Fraudsters generate scripts to sign up for online accounts in bulk, often using non-fixed VOIPs in the process. A fraudster uses bot attacks to create thousands of phony accounts, often using real data from victims, for a variety of malicious purposes.
How can Prove help? Bot Attacks are prevented by confirming proof of possession of each phone number used by an end consumer. Additionally, phone ownership confirms the identity of a consumer is linked to a specific phone number.
Additional Resources:
Fraud Type 4: Physical Theft of Phone
Physical theft of phones is not as scalable as the other frauds listed because it involves a criminal stealing a phone from somebody which is risky and often time-consuming. However, it does happen. After the phone is stolen, the victim will go to their mobile carrier to purchase a new phone and request a legitimate SIM SWAP.
How can Prove help? Trust Score and Trust Score+ can detect when the carrier suspends the phone line and performs a legitimate SIM Swap. Phones with recent SIM swaps earn a lower Trust Score and can be flagged.
Additional Resources:
Fraud Type 5: Account Takeover Type 1 (Port Attacks)
In this scenario, a fraudster impersonates the victim and ‘ports’ or switches the victim’s phone number from one carrier to another. After gaining control of the victim’s phone number, the fraudster can complete 2FA controls and gain access to a victim’s banking, crypto, and other important accounts to transfer the funds into their personal accounts.
How can Prove help? Trust Score and Trust Score+ will detect when a victim's phone number is taken over through a SIM swap via a Port-out attack. This attack is more common in taking over existing accounts versus at account creation. This capability is included in the base Trust Score.
Additional Resources:
Fraud Type 6: Account Takeover Type 2 (SIM Swap Fraud)
A SIM swap scam takes place when a fraudster impersonates a victim and requests a device swap within the same carrier. The victim’s phone will be deactivated and the fraudster’s device will begin accepting phone calls and SMS from that number. This is called a SIM swap. After gaining control of the victim’s phone number, the fraudster can complete 2FA controls and gain access to a victim’s banking, crypto, and other important accounts to transfer the funds into their personal accounts.
How can Prove help? Trust Score+ will detect when a victim's phone number is taken over, through a SIM swap via a device swap attack at the existing carrier. This attack is more common in taking over existing accounts versus at account creation.
Additional Resources:
- SIM Swap Fraud is Preventable – Why Aren’t More Companies Doing Something About It?
- How to Fight the Menace of Rising SIM Swap Fraud in the UK
Fraud Type 7: Synthetic Identity Fraud
A fraudster will create a synthetic or false identity by combining both real data from a victim with a fictitious social security number.
How can Prove help? Identity Verify can detect synthetic identities in banking and credit reporting agency (CRA) systems that do not have corresponding synthetic data held by the MNOs
Additional Resources:
Type 8: Known Fraudster
Most fraudsters are prolific. They don’t just target one victim, they target hundreds or even thousands of victims. When they target a victim, they often take over multiple accounts– crypto, banking, investment accounts, etc.
How can Prove help? Trust Score and Trust Score+ can detect bad actors and suspect phones that have been used in financial crimes as we launch the Prove fraud network. In addition, we are analyzing the correlation between phone number tenure and recycling behavior to catch known fraudsters and abusers.
The fight against fraud can be challenging, but it is not impossible. By understanding the various types of fraud that exist and using cryptographic authentication-based digital identity solutions like the ones offered by Prove, businesses can protect themselves and prevent fraud from occurring in the first place.
For more information or to schedule a consultation with a fraud prevention expert, contact us.
Keep reading
The stakes for businesses in ensuring trust and security in digital interactions are higher than ever.
This blog post outlines best practices for integrating identity verification APIs to enhance security, compliance, and user experience in digital interactions.
Identity verification is crucial for developers to prioritize in their applications to ensure a secure and trustworthy online environment for all parties involved.