Why biometrics are a nonnegotiable in 2023

If companies are serious about protecting themselves from fraud, simple knowledge-based authentication services are no longer going to cut it. 

The world has become vastly more digital over the last three years. Spurred by the pandemic, thousands of companies moved services online, and as they did, fraudsters went with them. 

A report from the UK Parliament found that 80% of reported fraud is now happening online. Identity fraud — which spiked at the start of the pandemic by 41% — has yet to return to pre-pandemic levels.

Just as when the pandemic hit, as the economy slows down, fraud rates may rise as it becomes a viable option to secure income. And now that online identity fraud has been introduced as a rich revenue stream over the last few years, the more organised fraudsters will continue to focus and reiterate their efforts in this arena. It’s unlikely that we’ll see these rates go back down to what they once were. 

It’s more important than ever for companies to understand what fraudsters are doing, so that they can understand how to protect themselves. Here are some of the big lessons we learned about fraudsters in 2022, indicating how they might act this year:

Fraud doesn’t take a day off — anymore

One of the biggest transformations that’s happened since the start of the pandemic is that fraudsters are no longer abiding by the five day work week. Pre-pandemic, fraud was similar to a nine-to-five job; fraud peaked Monday through Friday, and tapered off over the weekends. 

Now, fraud is virtually consistent Monday through Sunday, 24 hours a day. Empowered by technology and a global network, fraudsters are able to traverse regions and time zones. No longer limited by their own waking hours, fraud has moved to a 24/7 model that allows them to take advantage of businesses’ vulnerabilities. By operating 24 hours, fraudsters can more easily attack during closed hours, when staff are likely offline. 

Fraudsters are working smarter, not harder

One of the biggest trends seen across 2022 was the increase in drastically scalable ‘low-effort’, ‘less sophisticated’ fraud; this simple to spot fraud jumped 37% in 2022. ‘Less sophisticated’ fraud generally includes document errors that are simple to spot, and has grown in popularity as fraudsters take advantage of companies’ security features that enable them to attack en masse. 

Fraudsters are interested in working smarter, not harder; if they can bypass a company’s security system using the same document with simple text changes, they will. The fraudsters are further emboldened to execute this type of fraud when companies lack the ability to cross reference document information with information submitted by other customers. This is known as ‘repeat fraud’, where cybercriminals use the same or similar information to launch large-scale attacks. 

With repeat fraud, fraudsters can make thousands of copies of the same document and only tweak minor details. In these cases, the documents may all have the same face and personal information — but the document number will change by one digit each time. In one case captured on our platform this year, the same document number was submitted over 300 times, each time combined with slightly different personal information. 

When combined with synthetic fraud — which is when fictitious identities are combined with real personal data that’s been purchased from large-scale data breaches — companies have a difficult task to keep their businesses secure. Given synthetic fraud relies on real information, it is notoriously difficult to detect, and is estimated to account for up to 85% of all fraud. 

Biometrics provide a deterrent

Out of the hundreds of thousands attacks that businesses faced in 2022, fewer than 1.5% were attempted biometric fraud, in which fraudsters attempted to gain access to a system by falsifying biometric data. 

Many companies that use biometric verification ask users to take a photo or video of themselves that can then be matched to the photo ID provided. This leaves fraudsters with few choices. Without in-depth knowledge of how to spoof such a verification method, most fraudsters are left to attempt crude solutions, such as using a printed mask or just holding a photo up to the camera. Unsurprisingly, the vast majority of these attempts fail, as these softwares have been trained to detect three dimensional images. 

Once again, fraudsters are showing that they’re working smarter, not harder. Biometric verification is not yet the industry standard for all businesses, which means that fraudsters can spend more time attacking companies that don’t use biometric verification, rather than wasting time on those that do. By combining verification types — asking for both a selfie video and a photo of an ID — companies can effectively deter fraudsters from attempting attacks. 

Fraud isn’t going anywhere anytime soon. If companies want to protect themselves, and their customers, they need to create more complex systems for fighting fraud — but it’s possible to prevent fraud, without adding friction for genuine customers. Adding passive signals — signals that detect multiple attempts and track how many accounts a single device creates — can help uncover the fraudsters who are engaging in large-scale attacks. 

By clamping down on “easy” fraud, companies can ensure they’re safer in 2023.