Skip to main content

What is Identity Fraud?

Verify consumer identities with confidence.

identity proof

The threat of identity fraud poses serious risks to private and public sector organizations and consumers alike. Its scale and growth compel organizations to invest in identity verification to minimize the cost of identity fraud. According to the Federal Trade Commission (FTC), in 2023, there were over 1 million cases of identity theft in the United States alone. Although this is down from its peak of 1.4 million in 2021, it’s almost double pre-pandemic levels. Furthermore, Javelin Strategy & Research’s 2023 Identity Fraud Study reported identity fraud scams in the United States resulted in losses of $43 billion in 2022 and impacted 40 million adults. The study also highlighted an alarming increase in the complexity and number of identity theft cases, demonstrating the evolving nature of threats to personal data individuals and organizations face.

 

Identity theft reports in the United States

2019

650,000

2020

1,389,000

2021

1,434,000

2022

1,108,000

2023

1,037,000


Source: Federal Trade Commission

Every organization must address the challenge of detecting and preventing the fraudulent use of personal information to better avoid substantial financial, operational, legal and reputational costs. 

What is Identity Fraud?

Identity fraud occurs when stolen and/or fraudulent information is used unlawfully to commit fraud or theft, impacting businesses and consumers alike. Identity fraud can manifest in various forms, including new account fraud, account takeover (ATO) and synthetic identities, each posing unique challenges to the integrity of business operations.

 

What is identity theft and how is it different from identity fraud?

Identity fraud and identity theft are closely related. While the terms are often used interchangeably, they refer to different stages of the same issue. Identity theft is the acquisition of personal information, while identity fraud is the subsequent misuse of this information:

What are the most common types of identity fraud?

Globally, the five most common types of digital fraud in 2023 were the following:

1. Account takeover fraud accounted for 7.0% of all digital fraud in 2023. ATO occurs when fraudsters gain unauthorized access to a victim’s online accounts (banking, ecommerce, etc.) and steal money or information, or further perpetrate fraud.

2. Credit card fraud (6.9% of 2023 digital fraud) is the use of stolen credit card information to make unauthorized purchases or withdraw funds.

3. True identity theft (6.9% of 2023 digital fraud) occurs when a fraudster uses a victim’s personal information to impersonate them and commit various types of fraud, such as opening new credit accounts, taking out loans or even obtaining medical services.

4. Automated clearing house (ACH)/debit fraud (6.4% of 2023 digital fraud) entails the use of illicitly acquired bank account and routing information to transfer money from the victim’s account, either as a lump sum or recurring payments.

5. Synthetic identity fraud (6.1% of 2023 digital fraud) involves fraudsters creating a new identity using either a combination of real and fabricated information or entirely fictional details. This synthetic identity is then used to apply for credit, loans or even healthcare. Because this type of fraud doesn’t directly victimize a real individual, it’s particularly challenging to detect — leaving it up to financial institutions to uncover high-risk accounts on their own.

What types of business are most impacted by identity fraud?

Sectors that process a high volume of personal and payment information make attractive targets for identity fraudsters. In descending order of suspected digital fraud attempt rates, these are 2023’s 10 most impacted industries:

Rank

Industry

Percentage of suspected digital fraud globally

1.

Retail

8.7%

2.

Video gaming

7.6%

3.

Online gambling

5.3%

4.

Communities

4.6%

5.

Telecommunications

4.5%

6.

Financial services

4.3%

7.

Travel & leisure

2.3%

8.

Insurance

1.5%

9.

Government

1.4%

10.

Logistics

0.9%

How are businesses impacted by identity fraud?

Consequences can be far-reaching, affecting not only the financial health of institutions but also their reputational standing and regulatory compliance.

  • Fraudulent transactions: These are unauthorized transactions made using stolen identity information that lead to direct financial losses — which in many cases, the organization must reimburse the victim. These fraudulent transactions include credit card fraud, chargeback fraud, payments fraud (unauthorised transfers from illicitly accessed accounts on payment platforms like Automated Clearing House (ACH), PayPal or Venmo), and promotion fraud (exploitation of marketing promotions, discounts or incentives intended for legitimate customers). 
  • ATO: This occurs when fraudsters access and take control of a legitimate user’s account. Once they have control, they can make unauthorized transactions, change account details and steal personal information. ATO commonly impacts credit accounts through unauthorized spending or transfers; retail accounts by changing a shipping address for purchases, for instance; medical accounts by making fraudulent insurance claims; and community platforms via third-party seller fraud, as an example. 
  • New account fraud: Using personally identifiable information (PII) obtained through data breaches, phishing attacks or social engineering, fraudsters can create new credit card accounts, take out loans or establish utility services, resulting in credit losses, promotional waste and chargeback fees.
  • Operational costs: The costs associated with detecting, investigating and rectifying instances of identity fraud can be substantial. This includes investments in advanced fraud detection systems and the personnel required for ongoing monitoring and response efforts.
  • Wasted marketing expenses: This can occur in two ways. First, when identity fraud results in a customer closing accounts or moving to competitors, the business forfeits the cost of acquiring that customer. Second, frauds involving stolen identities often trigger marketing campaigns intended for legitimate customers. As a result, companies end up allocating resources — such as personalized promotions, discounts and targeted advertising — to fraudulent accounts.

This indirect cost of identity fraud can be even more devastating than direct financial losses. Trust is a cornerstone of the business-customer relationship, and any breach that compromises customer data erodes that trust. Customers are less likely to engage with institutions that have histories of security breaches, potentially leading to a loss of business and decline in new customer acquisitions.

Many sectors, especially financial services and healthcare, are subject to strict regulatory requirements designed to protect consumer information and prevent fraud. Cases of identity fraud can lead to regulatory penalties if it’s found the institution failed to implement adequate security measures. In financial services, compliance with regulations, such as the Fair Credit Reporting Act (FCRA), Gramm-Leach-Bliley Act (GLBA), and guidelines set by the Consumer Financial Protection Bureau (CFPB), is critical. In healthcare, providers are bound by strict regulations concerning patient information security, most notably the Health Insurance Portability and Accountability Act (HIPAA). Non-compliance can result in hefty fines, legal costs and the requirement to implement corrective measures — which can be very costly.

To combat identity fraud, businesses must continually monitor, evolve and improve their security measures. This includes deploying sophisticated identity verification tools, such as biometrics, machine learning algorithms for anomaly detection, and multi-factor authentication processes that add layers of security.

While strict security measures are necessary, they inevitably introduce some degree of additional friction to the customer experience. For instance, additional verification steps might complicate account access or slow down transaction processes, potentially frustrating customers.

Given the potential for such profound impacts, businesses must prioritize robust identity fraud detection and fraud prevention strategies.

What is identity fraud detection?

Identity fraud detection refers to the processes and technologies used to identify unauthorized use of individuals' personal information for fraudulent purposes. This critical security function involves analyzing patterns, behaviors and transactions to spot inconsistencies or anomalies that might indicate fraudulent activities. The goal is to catch these activities earlier to reduce damage and better prevent further exploitation.

What is identity fraud prevention?

Identity fraud prevention is one of the most effective ways to reduce the cost of identity fraud as it helps deter and block fraud before it happens. While identity fraud prevention practices include more robust data security, transaction and behavioral monitoring technologies, and customer and employee education, a more reliable factor in identity fraud prevention is identity verification.

What is identity verification?

Identity verification is a security measure used by businesses to help ensure a person claiming a particular identity is truly who they claim to be. In an age where digital transactions are predominant, identity verification is critical to better protecting businesses from various types of fraud and often required by certain regulations, such as know your customer (KYC).

How does identity verification help fight fraud?

It helps prevent fraud by:

  • Mitigating risks associated with online and mobile transactions. It reduces the chances of fraudulent transactions by helping confirm the identity of the person conducting the transaction.
  • Detecting and preventing unauthorized access: It better ensures only legitimate individuals can access services and accounts.
  • Enhancing regulatory compliance: It better enables businesses to meet legal requirements designed to prevent fraud; for example, KYC in the financial services sector.

How do businesses verify identities?

There are a variety of methods available to conduct identity verification, including:

  • Document verification: Analyzing government-issued IDs to help ensure they’re valid and have not been altered.
  • Biometric verification: Using unique biological traits, such as fingerprints or facial recognition, to help confirm identity.
  • Credit bureau-based verification: Utilizing data from credit bureaus to better verify information provided by the user matches what’s on file.
  • Behavioral biometrics: Assessing the way a person interacts with devices (typing speed, mouse movements) to help confirm their identity.
  • Knowledge-based authentication (KBA): Asking personal questions presumably only the individual would know.
  • Two-factor authentication (2FA): Requiring two forms of identification, typically something the user knows (a password) and something they have (a security token or smartphone app), to access an account.
  • Device intelligence: Also known as device fingerprinting, this plays a prominent role in assessing risk online, applying historical activity and consortium data to determine whether a device has been linked to fraud in the past.
  • IP geolocation verification: Uses IP location data to assess the risk of internet traffic inbound to a business, supporting geographic compliance and fraud prevention.
  • Synthetic identity fraud model: Assesses identity information provided in an online application or an existing customer file to help determine efficacy. 

 

Incorporating multiple identity verification methods into a layered security approach not only enhances effectiveness but also reduces the potential impact of any single point of failure in the security chain.

By understanding the complexities of identity fraud and implementing robust identity verification systems, businesses can better protect themselves and their customers from ever-evolving threats posed by fraudsters. This approach is vital for improved safeguarding of financial and personal information, maintaining a relationship of trust between businesses and the public, and better ensuring the stability of business operations across all sectors.

Get identity verification that’s right for you