The rise of digital services provides a convenience for consumers – and also a honeypot for fraudsters looking to steal personal data. Alongside digitization, there's more need for better data security. An increase in data breach incidents means that the threat of fraud looms large, impacting businesses and individuals alike. This blog post explores how data leaks are aiding fraudsters, and how businesses can protect themselves.
Understanding the link between data breaches and fraud
Data breaches expose sensitive information, which fraudsters can exploit for identity theft, financial fraud, and other malicious activities. The 2021 Facebook data leak, for instance, compromised the personal data of over 500 million users. This breach included phone numbers, full names, locations, and some email addresses, offering a goldmine of information for cybercriminals.
The numbers show that data breaches are on the rise. According to data from the Identity Theft Resource Center, there were 2,116 data compromises through September 2023 — a 17% increase from the 1,802 total compromises tabulated in 2022.
But what value does this data hold for fraudsters and bad actors? When it comes to identity fraud, perpetrators often create synthetic identities using genuine personal identifying information (PIII) that they steal or buy from the dark web.
Or, fraudsters can use photos of genuine documents obtained via a data leak in order to access accounts and services through an identity verification check.
Now due to the availability of PII and images of identity documents on the dark web, businesses are turning to biometrics to provide additional layers of security. Biometrics are much harder to forge or steal because of the sophistication required to fool verification systems. However, as more businesses leverage biometrics as a means of defense, fraudsters have turned their attention to advanced methods they can use to attempt to bypass biometrics, including deepfakes. This is contributing to a rise in biometric fraud attempts. According to the latest Onfido research, the 2023 average biometric fraud rate (1.31%) is 2x what it was in 2022 (0.68%). Increasingly, fraudsters use a genuine document (obtained via a data leak) for the document verification check, and then change their face for the biometric check.
Recent high-profile data leaks
In 2023 alone, thousands of data breach incidents hit companies in all sectors. Among the most high-profile data breaches were MOVEit, a file transfer tool, which impacted more than 200 businesses and 1.75 million individuals including federal agencies and other sectors. T-Mobile, ChatGPT, and MailChimp also made the list of 2023 top data breaches.
In June 2023, a massive hack of the Oregon state DMV records exposed about 90% of driver’s license and ID card data, or an estimated 3.5 million people.
The impact on businesses and consumers
The repercussions of these leaks are far-reaching. For businesses, it means an increased risk of fraud, loss of customer trust, and potential financial and reputational damage. For consumers, the threat of identity theft and financial loss is a constant worry.
Mitigating risks in the wake of data leaks
It's crucial for businesses to strengthen their security measures and for individuals to be vigilant about their digital footprint. Regularly updating passwords, monitoring bank statements, and being cautious about sharing personal information online are some ways to mitigate these risks.
Data leaks are inadvertently making fraudsters' lives easier by providing them with the tools they need to commit crimes. It's a wake-up call for businesses to prioritize data security and protect against the growing threat of digital fraud.
Considering the obstacles that biometric verification can place against identity fraud attempts that use stolen or leaked data, businesses should prioritize layering document verification with a biometric verification solution – to ensure that not only is the document genuine, but that the person presenting it is live and the real owner of the document.
The Onfido Real Identity Platform offers businesses a suite of fraud detection and compliance tools that can built into custom no-code workflows. With coverage of more than 2,500 documents in 195 countries, Onfido helps businesses around the world prevent fraud. In the 12 months until November 2023, Onfido protected businesses from $3.9 billion in fraud losses.
Download our 2024 Identity Fraud Report to get the latest research on fraud trends, predictions, and recommendations on how to protect your business. Or hear how to stay ahead of sophisticated fraud, direct from the experts, in our on-demand webinar Fraud Predictions for 2024.