A recent discovery of a large-scale identity farming operation on the dark web has raised concerns among security researchers, who are now urging customer-facing businesses to enhance their verification checks. The operation, carried out by an unnamed underground group, involved compiling a significant amount of identity documents and corresponding facial images to deceive Know Your Customer (KYC) verification checks, as reported by IProov’s Biometric Threat Intelligence service.
According to iProov, the images and documents used in this operation may have been voluntarily provided by the data subjects in exchange for financial compensation. This poses a unique challenge for organizations that rely on selfies for online customer verification, as they now have to differentiate between fake and authentic documents that are being exploited by unauthorized scammers.
Andrew Newell, chief scientific officer at iProov, expressed alarm over the discovery, emphasizing the risk individuals take when they willingly compromise their identities for short-term financial gain. Selling identity documents and biometric data not only jeopardizes one’s financial security but also equips criminals with complete and genuine identity packages that can be exploited for sophisticated impersonation fraud.
The underground group uncovered by iProov is believed to operate primarily in the Latin America region, with local law enforcement authorities being notified of their activities. However, similar operations have been identified in Eastern Europe, indicating a widespread issue that transcends geographical boundaries.
In addition to legitimate identity documents, cybercrime groups are exploring other avenues to circumvent onboarding and login verification checks. Entrust recently cautioned about the increasing use of AI-powered deepfakes in fraudulent attempts to pass motion-based biometrics checks, which are commonly used by banks and service providers for user authentication. Deepfake technology now accounts for a quarter (24%) of such fraudulent attempts, showcasing its growing sophistication in evading security measures.
Although deepfake technology is less prevalent (5%) in simpler selfie-based authentication methods due to their susceptibility to traditional spoofing techniques, the industry is constantly evolving to stay ahead of cybercriminals. The evolving landscape of identity fraud underscores the importance of continuous improvement in verification processes to thwart increasingly sophisticated threats.
As businesses navigate the challenges posed by identity farming operations and emerging technologies like deepfakes, collaboration between industry stakeholders, law enforcement agencies, and cybersecurity experts is crucial to effectively mitigate risks and safeguard consumer data. Enhancing awareness, implementing robust security measures, and staying abreast of evolving threats are essential steps in safeguarding against identity fraud in an increasingly digitized world.