How to put an end to document fraud and identity theft?

In September 2022, 69% of French companies said they had experienced at least one fraud attempt, and 57% had been victims of proven fraud, according to Allianz Trade's Fraud Barometer 2022. Over 80% of respondents consider fraud management to be one of the top three challenges facing their company. With the acceleration of digital technologies and the emergence of generative AI, it has never been easier to falsify documents or even impersonate someone else.

Document fraud and identity theft are growing threats affecting many sectors, from finance and healthcare to public services and private enterprise. Fraudsters now have increasingly sophisticated tools at their disposal, making their methods more difficult to detect and prevent. This development poses serious challenges for companies, who need to protect not only their own information, but also that of their customers and partners.

In this context, it is crucial to understand the mechanisms of document fraud and identity theft in order to put in place effective measures to counter them. But just how widespread is this phenomenon, and what solutions can help companies protect themselves against these increasingly sophisticated threats?

‍

1. Understanding document fraud and identity theft

Document fraud

Document fraud is the act of partially or completely falsifying or altering a document in order to deceive certain stakeholders. Documents often targeted by this type of fraud include identity documents, proofs of address, RIBs, invoices, purchase orders and financial reports.
Fraud techniques are rapidly evolving, thanks to image-editing software such as Photoshop, reinforced by the exploitation of generative artificial intelligence, which makes it possible to create increasingly sophisticated false documents.

Identity theft

Identity theft involves using another person's personal information without their consent to commit fraudulent acts. Techniques commonly used for this type of fraud include phishing, where messages or emails are sent to trick victims into revealing their personal information. There is also hacking and the exploitation of data leaks to gain access to this information. A growing trend among fraudsters is synthetic identity theft, which combines real and false information to create a new identity, such as fake president, fake IBAN or fake supplier fraud.

But how serious is this type of fraud? Is it really that common?

According to the Allianz Trade x DFCG 2020 barometer, the main fraud attempts include supplier fraud (45%), intrusion into IT systems (41%) and fake customer fraud (24%). What's more, 63% of companies have observed an increase in phishing attempts in 2022. All companies need to be concerned by these acts of fraud, as they represent a real danger to their business. Large companies must be particularly careful, as they are the preferred target of fraudsters: over 82% of companies with sales between 100 and 500 million euros have suffered at least one proven fraud.

‍

2. The fraud iceberg: What is the real cost of document fraud and identity theft for businesses?

Document fraud and identity theft are just the tip of the iceberg. The costs associated with these frauds go far beyond direct financial losses. To better understand the overall impact, it is essential to examine the various aspects that contribute to these costs.

‍

‍

Monetary cost

Document fraud and identity theft entail considerable monetary costs for companies. They suffer direct financial losses through stolen funds, fraudulent payments and refunds to misled customers. These incidents can also result in regulatory fines. When fraud is discovered, it is often necessary to compensate victims, which includes refunds and sometimes offers of free services or discounts. On top of this, the costs involved in investigating incidents, rectifying security issues and implementing new protection measures can be substantial. Fraud can also lead to the loss or theft of critical and sensitive information, such as financial data, personal customer information and trade secrets. Recovering and securing such data often requires significant investment in cybersecurity technologies and specialized consulting services. In addition, to prevent future fraud, companies need to invest in advanced security systems, identity verification and fraud detection technologies.

‍

Damage to reputation and brand image

Fraud and identity theft can seriously damage a company's reputation. When a company falls victim to fraud, the trust of customers, business partners and investors can be seriously undermined. This loss of trust can have long-term consequences, affecting customer loyalty and reducing opportunities for growth. A poor reputation can also complicate existing business relationships and hamper the company's ability to attract new customers or partners. A company's reputation is often one of its most valuable assets, and the damage caused by fraud can be difficult to repair.

‍

Lower productivity

Combating fraud and identity theft can have a significant impact on business productivity. Implementing rigorous security measures to prevent such incidents can slow down operational processes. For example, additional identity checks and security controls can lengthen customer onboarding times and complicate internal procedures. These delays can lead to customer frustration, negatively impacting their overall experience and, consequently, their satisfaction and loyalty. What's more, the human and technological resources required to implement and manage these security measures can divert attention from the company's core activities, slowing growth and affecting operational efficiency.

‍

3. Existing identity and data verification solutions

In the face of document fraud, a number of solutions exist today to verify the identity of individuals and protect sensitive information, as well as to detect document fraud. These solutions are based on a variety of technologies and methods, each with its own advantages and disadvantages.

‍

Manual verification of customer information

This type of verification relies primarily on capturing an image of the user's face and a photo of their identity document, but does not attempt to match these two elements. Unlike traditional photo or video comparison methods, this system simply verifies human presence without any in-depth analysis of the document.
Manual KYC relies on human verification of identity documents and supporting documents provided by users. This process is particularly time-consuming and requires human intervention at every stage, increasing the risk of error and fraud. Although this method is well-suited to smaller structures, it quickly becomes ineffective when it comes to managing large volumes of data.

Semi-automated verification of customer information

This approach combines manual processes with digital tools to speed up certain steps, such as automatic document validation via specialized software. This type of verification relies on identity documents such as passports or ID cards to verify a person's identity. Although this reduces processing time, human intervention is still required to verify and confirm information. This saves time compared with manual KYC, but the risks of human error, identity theft and persistent delays remain.

‍

Identity verification or document fraud detection with artificial intelligence (AI) and/or biometrics

Automated KYC solutions leverage technologies such as artificial intelligence, optical character recognition (OCR) and biometrics to quickly and securely verify user identity. AI and OCR can automatically validate documents and detect certain anomalies, reducing human error and speeding up processing times. Biometrics, such as facial recognition or fingerprints, add a further level of security, confirming that the user corresponds to the declared identity. But matching the biometrics performed with the documents analyzed is often complex and particularly costly.
‍
However, these solutions require regular updating of algorithms and technologies to counter the most sophisticated frauds, and still experience perfectible fraud detection.

‍

Limitations of these methods

Despite their relative effectiveness, these identity and data verification solutions have several limitations:

• Fraud detection perfectible: The accuracy of these methods is not always optimal, which can lead to detection errors such as false positives or false negatives. These inaccuracies can have a negative impact on the success rate of checks, and affect customer satisfaction from the outset.

• Complexity of the onboarding process: Current methods can lengthen verification times, making the onboarding process more complex and laborious for new customers. This lack of fluidity can discourage users and potentially lead to abandonment of the sign-up procedure.

• High costs: Identity verification processes, such as KYC (Know Your Customer), generate significant costs for companies, ranging from $13 to $130 per verification. These expenses include not only the costs of complying with regulations, but also the expenses associated with carrying out identity checks, which can run as high as $500 million, according to Forbes. Added to this are the indirect costs associated with investigating fraud incidents, upgrading security infrastructures, and ongoing staff training.

• ‍Cyber attack risk: centralized databases, often referred to as "Honey pots", are attractive targets for hackers due to the large amount of data they contain. While this is a major risk, it's also important to note that these centralized systems often lack traceability, making it difficult to verify at any time and effectively monitor verification processes.

‍

💡Towards a reusable identity Reusable identity naturally presents itself as an ideal solution for verification. It would reconcile the need for simplicity and security in the user journey. But how does it work?

‍

4. The decentralized identity wallet: an innovative solution

What is the identity wallet?

The digital identity wallet is a digital wallet containing the identity of the natural or legal person and digital credentials (such as IBAN, proof of address, Kbis excerpts, etc.) issued by trusted sources such as governments, institutions or companies. These reusable credentials can then be easily presented to third parties. Users know with whom they are sharing their attestations, and can revoke sharing at any time.

What does the wallet mean for users and businesses?

For users :

• One-click verification: Users save time and effort by no longer having to verify the same information or personal attributes multiple times. This approach provides a reusable identity and eliminates lengthy onboarding processes.
• Control over personal data: Users retain total control over their data, choosing with whom to share their information, for how long, and being able to revoke this sharing at any time.
• Increased security: Decentralized digital identity is based on a secure "by design" infrastructure. User data is protected against hacking by encryption and secure sharing methods.

For companies :

• Reduced fraud: Decentralized identity wallets enable secure data exchange, reinforcing trust. Thanks to the immutability of verifiable credentials, the risk of document fraud is drastically reduced. Every Credential can always be traced back to its issuer, guaranteeing its authenticity.
• Improved customer satisfaction: By reducing friction, companies can offer a fluid and secure user experience, improving customer and supplier satisfaction.
• Regulatory compliance: Companies can easily comply with European data protection and identity verification standards (GDPR, Loi sapin 2, AML). This simplifies the onboarding of customers, suppliers(KYC, KYS, KYB) and other stakeholders while eliminating the risks of non-compliance and the additional costs that can arise.

Why is the identity wallet effective against document fraud?

Verifiable attestations: when using the wallet, all shared attestations are forgery-proof, as they come directly from authentic sources. Attestations and the identity of each third party can be verified at any time, guaranteeing authenticity. Verifiable attestations represent identity attributes of a natural or legal person, such as an Credential IBAN, a Credential Kbis or a proof of address. In particular, they enable :

• Rather than checking potentially forged documents, we might as well exchange only forgery-proof documents!
• have a "digital twin" of a physical document with the same legal value
• no longer need to check the same identity attribute several times (no need to double-check your identity each time you authenticate)
• more control over your data

Trusted registry: a trusted registry makes it possible to verify the source of each Credential (the issuer), the authenticity of a Credential or the identity of theCredential holder. As a result, for every commercial exchange, the identity of the interlocutor can be easily verified, eliminating the risk of counterfeit President, counterfeit IBAN or counterfeit supplier fraud.

Assessment of the wallet-based digital identity verification solution

‍
‍
5. Use case: what does customer onboarding (KYC) look like, without and with the wallet?

Identity wallets can transform the entire onboarding process, offering a more fluid and secure user experience, higher conversion rates and the elimination of document fraud.

‍

Let's imagine a classic KYC onboarding process to create an account on a sports betting site:

Know Your Customer (KYC) without a wallet

⛔ The classic KYC process often has to be repeated for each new service a customer wishes to access. For example, if the user wishes to open an account with another sports betting site, he or she will again have to carry out identity verification and retrieve the various documents required.

‍

KYC via identity wallet

KYC based on reusable identity simplifies the process considerably. Once the user's identity has been verified and authenticated, they obtain a reusable digital identity. This identity contains authentic attestations of the necessary documents and information, enabling them to onboard any new service in seconds.