October 30, 2024
Extending Your Digital Onboarding Process with Anonybit
The Power of Selfie Deduplication and Blocklist Checks to Prevent Fraud
In today’s fast-evolving digital landscape, businesses face an ever-growing challenge: fraud. While digital onboarding processes have streamlined customer acquisition and verification, they have also become an entry point for fraudsters exploiting weaknesses in identity verification methods. A 2023 survey by Javelin Strategy & Research revealed that identity fraud cost businesses $52 billion in 2022 alone, with over 42 million victims affected. What’s even more alarming is that many companies still do not take critical steps to fully prevent fraud during the onboarding process.
Why Current Onboarding Methods Fall Short
Most digital onboarding processes today rely on basic information such as name, social security number (SSN), and sometimes a simple selfie verification. Sometimes, they also validate phone numbers, email addresses and names against sanctions lists, but in all cases, they are matching users with records in centralized databases. Unfortunately, fraudsters have become increasingly adept at bypassing these safeguards by using synthetic identities or stolen credentials:
- Synthetic Identity Fraud: Fraudsters combine real and fake information to create new identities that can pass traditional checks. According to a report by McKinsey, synthetic identity fraud is the fastest-growing type of financial crime in the U.S., accounting for up to 85% of all identity fraud losses.
- Circumventing Device, IP Address, and Phone Number Checks: Many businesses implement fraud prevention measures that flag suspicious devices, IP addresses, or invalid phone numbers. While these methods are useful, fraudsters have become skilled at evading these checks. Here’s how they do it:
- Bad Devices: Fraudsters use device spoofing to disguise their actual hardware information. By leveraging virtual machines or emulators, they can manipulate the device’s fingerprint to make it appear new and legitimate, bypassing device-based fraud detection systems.
- IP Address Masking: Fraudsters often rely on VPNs, proxies, and Tor networks to hide their true IP addresses, making it seem like they are operating from different or trusted regions. This method helps them avoid geo-blocking or IP-based blacklists.
- Phone Number Fraud: Fraudsters are skilled in bypassing phone number verifications by using burner phones, VoIP numbers, or services that provide temporary phone numbers. More concerning, they also engage in SIM swapping, a method where they convince mobile carriers to transfer the victim’s phone number to a SIM card controlled by the fraudster. Once successful, the fraudster gains control of the phone number, enabling them to intercept one-time passwords (OTPs) and SMS-based two-factor authentication (2FA) codes. This allows them to access accounts, reset passwords, and bypass security systems using the stolen phone number.
- Duplicate Accounts: Another way fraudsters game the system is by creating multiple accounts under the same or slightly modified personal details, allowing them to bypass limitations, exploit promotions, or engage in more sophisticated fraudulent activities.
While there are measures to help block some malicious attempts, they are not foolproof. In fact, up to 85% of synthetic identities successfully bypass traditional fraud detection systems, according to a report by McKinsey, making it clear that name, SSN, device checks, and phone verifications alone are not enough. A determined fraudster can easily create duplicate accounts or circumvent traditional verification mechanisms. The only real way to stop these bad actors is by preventing duplicate or fake identities is by checking a selfie (verified for liveness of course) against an existing repository — during the onboarding process itself, blocking bad actors at the source.
Why Doesn’t Everyone Check for Duplicates?
Despite the clear advantages, many companies have yet to adopt these types of biometric fraud prevention methods. The primary reason? Fear of data breaches. After all, storing biometric data makes them a prime target for hackers. Anonybit addresses this issue head-on by not storing biometrics in any central database. Instead, it uses decentralized technology, breaking biometric data into encrypted fragments that are stored and processed across multiple locations. This approach ensures that even in the event of a breach, the biometric data remains unusable, protecting both users and businesses from potential harm.
A second reason is increased concern for regulatory compliance. With growing oversight on data privacy (e.g., GDPR, CCPA), businesses must ensure that any personal data they collect—including biometrics—is handled with the utmost care. Anonybit’s privacy-centric approach not only complies with stringent privacy laws but also provides peace of mind to users, knowing their biometric data is safeguarded. (For related reading on how Anonybit helps to comply with privacy laws, see here.)
Another reason companies hesitate is that biometric deduplication has been seen as complex and resource-intensive. But with solutions like Anonybit, which seamlessly integrates with existing workflows, and provides different options for streamlined management of key results, implementing this technology is now easier than ever.
Selfie Deduplication and Blocklist Checks: How Does It Work?
For Selfie Deduplication, Anonybit compares a user’s selfie during the onboarding process with previously submitted selfies. If the system detects a match—indicating that the user has already created an account—it flags the potential fraud attempt. This deduplication process ensures that no user can create multiple accounts using the same identity, even if they try to alter their personal information.
For Blocklist Checks, Anonybit integrates real-time blocklist checks into the onboarding workflow. If a selfie matches one in the fraud blocklist (e.g., flagged due to suspicious activity or past fraud attempts), the system can take immediate action, either by stopping the onboarding process or requiring additional verification.
Tailoring Selfie Deduplication and Blocklist Checks to Different Digital Onboarding Processes
When it comes to digital onboarding, companies typically fall into two categories: those that conduct document verification and those that rely more heavily on device fingerprinting.
- Onboarding with Document Verification: Many digital onboarding processes today include document verification (e.g., verifying a government-issued ID), where users are required to upload a selfie to match their face with the document. In these cases, the captured selfie can be seamlessly ingested into Anonybit’s system. This biometric data is then used for selfie deduplication and blocklist checks, which ensure that the user has not previously enrolled under a different identity and is not using a flagged biometric in known fraud databases. By integrating directly with systems that already capture selfies, Anonybit enhances the onboarding flow without requiring additional user steps, providing an added layer of fraud protection.
- Onboarding Without Document Verification: In other cases, businesses focus primarily on device checks, such as device fingerprinting and IP address validation, for identity verification. In such situations, after the device is verified, the system prompts the user to capture a selfie as an additional verification step. This selfie is then subjected to the same deduplication and blocklist checks as in the document verification process, providing strong biometric validation and preventing fraudsters from exploiting weaknesses in device-only checks.
How Anonybit Compares Selfies and Delivers Fraud Detection Insights
Depending on the requirements of the business, Anonybit can return different types of responses, offering flexibility in how fraud detection insights are utilized. For example:
- Binary Match Response (Yes/No): In cases where businesses only need a straightforward confirmation, Anonybit can return a binary response indicating whether or not a match exists between the new selfie and any previously enrolled biometric data.
- Threshold-Based Matches: The system can also provide results based on a similarity threshold, returning only those matches that exceed a certain confidence level. This allows businesses to customize the strength of the verification depending on their risk tolerance.
- Top N Matches: For more granular fraud detection, Anonybit can provide the top 1, 3, or 5 matches for manual review or adjudication, allowing human analysts to examine the potential matches and assess whether fraud is likely. This can be particularly useful for high-risk transactions where additional scrutiny is necessary.
- Velocity Checks and Fraud Correlations: Beyond simple identity matching, Anonybit can perform velocity checks, tracking how frequently a given biometric is being used across different onboarding attempts or within a short timeframe. It can also provide insights by correlating biometrics with known fraud patterns or cross-referencing against other databases, enhancing fraud detection by identifying suspicious behaviors early.
This level of flexibility ensures that businesses can configure Anonybit’s fraud detection capabilities to meet their specific needs, whether they are looking for automatic decision-making or more detailed insights for manual intervention.
The ROI of Implementing Biometric Fraud Prevention
The financial and reputational risks of failing to prevent identity fraud are immense. According to a 2023 study by Lexis Nexis, every $1 of fraud now costs businesses $3.75 in direct and indirect costs. These costs include chargebacks, penalties, lost customers, and reputational damage. By integrating selfie deduplication and blocklist checks into your digital onboarding process, you can significantly reduce these risks while achieving a substantial return on investment (ROI).
Consider these benefits:
– Fraud Reduction: Reducing fraud not only cuts down on direct losses but also saves time and resources spent on investigating fraudulent claims. Early detection through deduplication and blocklist checks can stop fraud before it happens, reducing fraud costs by as much as 50%.
– Increased Customer Trust: When customers know their biometric data is secure and that you’re actively preventing fraud, they are more likely to trust your platform, resulting in higher customer retention rates.
– Streamlined Compliance: Ensuring compliance with data protection laws is critical, and non-compliance can lead to costly fines. Anonybit’s privacy-first biometric handling makes it easier to comply with regulatory requirements.
Conclusion
Fraudsters are becoming more sophisticated, and businesses need to evolve their defenses accordingly. While name and SSN checks are a start, they are no longer enough. By extending your digital onboarding process with Anonybit’s selfie deduplication and blocklist checks, you can stop fraudsters in their tracks—without compromising user privacy or compliance.
The cost of fraud is too high to ignore, but the ROI of investing in these advanced fraud prevention tools is clear. With Anonybit, you can enhance security, build customer trust, and stay ahead of evolving fraud tactics, all while ensuring that your users’ privacy is preserved.
Isn’t it time you took your onboarding process to the next level? Contact us to learn more.