Identity Theft Explained: How Businesses Can Detect and Prevent It

According to Sumsub’s recent Identity Fraud Report, the rate of identity fraud has shown a significant increase, nearly doubling from 1.1% in 2021 to 2% in 2023. Moreover, this worrying figure is expected to increase in the future. ID cards appear to be the most commonly used documents for scams and falsification, while the most affected industries include online media, professional services, healthcare, transportation, and video gaming. 

Here you can see the fraud highlights  for 2023 by industry.

Indeed, businesses are often vulnerable to cyber attacks, and fraudsters will seize any opportunity to gather sensitive data to use for identity fraud. However, with the right anti-fraud controls in place, companies can avoid having to deal with false bank accounts, fake licenses, screaming headlines and police investigations.

In this article, we’re going to cover the most common identity theft types and how businesses and customers can protect themselves. 

What is identity theft?

Identity theft is when personal information—such as name, date of birth, address, bank account, emails—is stolen to make purchases, open accounts, withdraw money and get tax refunds. This allows fraudsters to use their victim’s identity for illicit purposes. 

How fraudsters steal personal data

Be it through cyber attacks or data leaks, identity thieves often target small and medium-sized businesses to scavenge personal data, which leads to significant reputational damage and losses. According to Statista, business email compromises alone amounted to around $2.7 billion in reported victim losses in 2022.

Fraudsters can target individuals directly by stealing mail or scavenging personal information on Facebook, Twitter or Instagram. They can also hack emails, bank accounts, or buy data from the “dark web”. 

Here are the most common identity theft methods:

7 common targets of identity theft

1. Financial identity. Thieves use stolen personal data to access peoples’ finances, or create new accounts under someone else’s name. A syndicate in Melbourne used stolen personal data to open 70 accounts at various banking institutions. They later withdrew the money overseas and transferred it back to Australia through cryptocurrencies.
2. Driver’s licenses. Thieves obtain a driver’s license in another person’s name for the purpose of traffic violations or vehicle theft. San Francisco-based luxury car-sharing service, HiGear, learned this lesson the hard way, when it was forced to shut down due to identity fraud related theft incidents.
3. Social security numbers. A SSN number can be used to steal the social security benefits of other people. They can also be used to obtain sensitive documents,  take out loans or apply for credit cards. Cybercriminals used a fake Citibank website to steal debit cards and SSN in order to access bank accounts.
4. Medical identity. Stolen medical records can be used for health insurance and medical coverage fraud. As a result of a massive cyber attack in Singapore, criminals stole the personal data of 1.5 million patients, including names, NRIC numbers, addresses, gender, race, date of birth, and medical history.
5. Tax identity. Once criminals get hold of people’s tax information, they can use it to file false tax returns or refunds. Two Florida men used personally identifiable information to file fraudulent tax returns using their tax preparation services firm.
6. Employment identity. Fraudsters can assume someone else’s identity to collect public benefits.  An unknown Massachusetts man used a stolen identity for 40 years.
7. Child identity. Childrens’ personal data and SSNs can be used to obtain documents, apply for loans and even credit cards. In Portland, a nine-year-old’s identity was used to open a bank account and credit card.

Fortunately, fraudsters also make mistakes, and there are ways to stop them before they try to hurt customers and businesses.

Red flags of identity theft

• Unfamiliar credit card charges or charges on bank statements
• Unfamiliar or abnormal medical bills, files
• Bills from unfamiliar companies 
• Confirmation emails for purchases not made
• Confirmation emails for accounts never created
• Debt collectors contacting you about outstanding bills which are not yours
• Receipt of credit cards which you didn’t order 
• Notification of approval or rejection for credit cards you didn’t order
• Suspicious login attempts to your online accounts, including social media
• Fraud alerts from online services
• Sudden drop in your credit rating
• Credit or loan rejection despite clean credit history.

How to prevent identity theft

Being aware of blind spots and incorporating certain practices can considerably reduce the risks of fraud. Below we share some advice on  secure methods of identity theft prevention for businesses and their customers. 

1. Protect sensitive data

• Encrypt data. Securely encrypt customer data before transmitting or storing it. This includes credit card, bank account and social security information.
• Use a firewall, secure VPN and updated software. Install a firewall and a reliable VPN to fight off  hackers. Make sure to perform regular system updates to fix security issues.
• Limit access to key personnel. Give access only to those employees that work with personal data; shred old business records.
• Adopt new technology. This can include antivirus software, encrypted backups, or DDoS appliances.
• Check the vendors you work with. Make sure you are putting sensitive data in the hands of companies that know how to protect it.

2. Establish data protection policies

Develop and incorporate guidelines on how your business handles and stores customer information—including how the business accepts payments and performs client identification.

• Engineer a step-by-step protocol for data breaches. 
• Appoint an information security officer
• Set deadlines for record keeping, including how long the company has to store client information. 
• Get rid of excess sensitive data that isn’t vital to the customer’s account. 
• Do not store SSNs, driver’s licenses or birth dates online, if possible.

3. Set customer identification rules

• Request ID. Ask for ID when customers pay by card. This allows you to compare their ID information with the name on the credit card. 
• Recheck user IDs when there’s a change in payment data or the user profile to verify that the client’s account has not been taken over.
• Use multi-factor authentication which combines several verification approaches.
• Use Liveness Detection to ensure that the applicant is real and present during verification.
• Don’t collect unnecessary data. If you are not going to use the customer’s address or birth date, there is no need to request it at all.
• Establish fraud alerts and inspections. Use security freezes when the system detects suspicious activity. Manually review unusual transactions if necessary.

Fraud incidents lead to many consequences, including law enforcement investigations and chargebacks, meaning financial and reputational losses for the business.

Security is key to the success of any financial business—especially those that deal in the personal data of thousands or millions of people. Businesses should focus on their internal practices and study their security needs step by step as there is no defense that suits all.

Identity theft statistics for 2023

2023 saw a continuation of the trends established in prior years. In Sumsub’s Identity Fraud Report 2022, the top 3 fraud trends identified were deepfake usage, complex fraud patterns, and advanced forgeries. In 2023, these trends not only persist, 
but also continue to evolve dynamically. The most popular identity fraud types of the year include:

• AI-powered fraud (mainly deepfakes)
• Money mulling networks
• Fake IDs
• Account takeovers
• Forced verification

---