Navigating Asia Pacific’s Identity Fraud Landscapeby Frederic Ho, VP of APAC, Jumio March 29, 2023
Have you ever watched the chilling cult classic “Invasion of the Body Snatchers”? The 1950s alien takeover movie is best remembered for evoking paranoia about the faceless evil lurking within society.
Now, 70 years later, this invasion may be more real than reel. People who are not who they claim to be are silently and insidiously stealing identities — all to perpetrate fraud. And they are seemingly unstoppable. As the movie’s protagonist hauntingly warns, “They’re here already. You’re next!”
Not If, But When
Identity theft statistics reveal that the chances of falling prey to digital fraud are much higher than one believes. A recent report found that at least one in four consumers in Asia Pacific have been victims of online fraud.
These numbers are expected to continue growing, thanks to the rapid rise of digital services. In 2021 alone, online scams made up 57% of all cybercrimes, driven by the sharp increase in pandemic-led digitalisation and online transactions. Favorite techniques included scams and fraud (57%) and phishing (18%).
Phishing attacks have, in fact, been targeting the region with impunity. Small and medium-sized businesses (SMBs) in countries such as Indonesia, Malaysia and Vietnam are especially vulnerable. Popular tactics include fraudsters masquerading as trusted entities or authority figures and sending spoofed emails/text messages to their victims. These trick the latter into opening malicious documents, clicking on links that lead to fake websites or even handing over personal information.
Once these scammers have hold of their victims’ personal data, they can use this to commit a number of fraudulent activities — from synthetic identity fraud to account takeover. Synthetic identity fraud is on the rise as this combines both fake and real ID information, making this type of identity theft especially difficult to detect.
Southeast Asian banks are one of the most targeted sectors in the world, accounting for 21% of phishing attacks globally in 2020. Yet insights from Jumio research found that consumers are not confident businesses are doing everything they can to protect their online accounts. One potential reason for this lack of confidence could be that businesses lack the ability to identify attacks quickly before they escalate.
So how can organisations begin to protect their customers and themselves?
Combating scams will require the effort and cooperation of everyone. For instance:
- On the regulatory front, measures must be taken to stay one step ahead of the fraudsters. Recent steps have included banning clickable links in emails or SMS messages sent to customers in countries such as Singapore and the Philippines. Businesses in some countries are also provided access to national digital identity databases as a means to verify the customer’s identity.
- For businesses, due diligence must be taken to deploy not just the right mix of technologies, but also multiple verification techniques. Database checks alone are no longer enough as fraudulent activities get increasingly inventive. Countries such as the Philippines and Malaysia, for instance, are already advocating for a combination of ID verification, biometrics and liveness detection. This is to ensure that a fingerprint or face is from a live person at the point of capture.
- Consumers, too, must be discerning enough to spot tell-tale signs of scams to avoid being victimised. Towards this end, both governments and businesses have been raising awareness through public education initiatives on popular tactics fraudsters use to trick their victims.
This identity verification and authentication journey is part of the mandatory Know Your Customer (KYC) process to verify customer IDs and assess the risk each customer poses. Further due diligence checks are required for customers that have higher risk factors, such as political exposure, appearing on sanctions or watch lists, or operating from high-risk locations, among others.
Fraud can happen throughout the customer journey. The same biometric authentication methods can be used to prevent identity fraud. Periodic customer screening and ongoing transaction monitoring are necessary to ensure that onboarded customers do not eventually become risks, and organisations can block suspicious activities in real time.
Considering these complex requirements, more businesses are turning to end-to-end identity proofing platforms with orchestration. With fraudsters constantly evolving, and when a new fraud pattern emerges, orchestration can provide the ability to adjust workflows and rules quickly to adapt to the changing business needs and remain agile to changing fraud threats.
In the face of escalating digital fraud, businesses need to be more effective than ever to close the gaps in fraud security. But they must also ensure the customer experience remains as frictionless as possible — or they risk losing business.
The market for identity proofing has exploded, and new solution providers have rushed in to help fill the void. If you’re in the market, you’ll soon discover that not all solutions are created equal in terms of fraud detection and deterrence, compliance, and user experience. In this increasingly cluttered marketplace, it’s difficult to separate the pretenders from the contenders.
As you look for the right online identity verification solution for your customer ID proofing, it’s critical to perform rigorous tests and ask the right questions to ensure the solution you choose is accurate, meets compliance requirements, and offers a positive user experience. The last point is key, as online identity verification is found to be a critical deciding factor as to whether customers complete a sign-up process.
That’s why Jumio has put together the “Buyers Guide to Online Identity Verification Success Kit” which features resources that will help you evaluate your options, understand what to look for and make the right choice in vendor selection.