Bad actors are increasingly turning to identity exploitation, gaining access to personally identifiable information (PII) in record amounts to drive money laundering, fraud, and cybercrime. A recent Financial Trend Analysis from FinCEN has illustrated how criminals are exploiting a variety of identity-related processes for illicit activity, with approximately 1.6 million, or 42% of the total BSA reports reviewed for the report being related to identity — equivalent to $212 billion in suspicious activity. Understanding how criminals are exploiting identity processes for their gain is imperative for financial institutions to confront these disturbing trends.
Exploiting the Three Identity Processes
Identity processes during account creation and access are part of everyday life at financial institutions, playing a key role in determining if a customer’s identity is real, unique and that accompanying evidence is authentic and accurate. This process occurs across three steps:
- Validation — a customer presents evidence to confirm their identity, such as a driver’s license.
- Verification — the financial institution ensures the validated identity evidence belongs to the customer, such as by comparing the driver’s license to other identification
- Authentication — the financial institution confirms the customer’s identity using a passcode, fingerprint, or other valid authenticator.
From validation, to verification and authentication, FinCEN found that criminals frequently exploit these steps, such as by fabricating a synthetic identity to bypass validation, using third-party credentials to evade verification, and account takeover to circumvent authentication with real credentials. A successful exploitation at any stage weakens an institution’s ability to confirm the veracity of a customer’s identity and creates opportunity for criminals to commit financial crime using several typologies.
Fueling Financial Crime Typologies
“The top five typologies account for 88% of the identity-related BSA reports and 74% of the total identity-related suspicious activity amount during the Review Period.”
Source – Identity-Related Suspicious Activity: 2021 Threats and Trends
In their analysis, FinCEN determined that identity-related BSA reports centered around over 14 typologies — with general fraud being the most frequently reported suspicious activity at 1.2 million instances. This equated to approximately $149 billion in suspicious amounts as reported by FinCEN. Among the most common forms of fraud reported were check fraud, and credit and debit card fraud. Other common typologies included 423,000 reports of false records, 222,000 BSA reports of identity theft, 154,000 reports of third-party money laundering, and 110,000 reports related to circumventing standard processes.
FinCEN reported depository institutions were the most impacted, with 54% of identity-related BSA reports coming from these institutions. This represented $201 billion in suspicious activity, underscoring the need for a decisive response from financial institutions.
Establishing a Robust Defense
As criminals continuously evolve their tactics and focus on exploiting identity, financial institutions must be prepared to respond decisively to the resulting typologies, such as fraud. Having an effective fraud solution in place is crucial for institutions to manage the growing problem of identity exploitation and prevent loss.
Verafin offers a multi-faceted, collaborative approach to fraud detection and management that uses the collective intelligence of our network of thousands of financial institutions to help your institution uncover fraudulent activity quickly and effectively. Our robust platform also includes powerful detection for identity-related crimes such as online account takeover, helping you detect unusual online activity and discover potentially compromised online accounts before cybercriminals attack, saving both your customers and institution from loss.