Share
Identity theft: What is it and how do we solve it?
How banks, fintechs, and credit unions can avoid identity theft risk by preventing fraudulent accounts
TLDR:
- Identity theft has evolved into a sophisticated, tech-driven threat that puts financial organizations and their customers at risk across various channels.
- Fraudsters use multiple methods to steal personal information, including phishing, hacking, data breaches, and social engineering.
- Preventative measures for banks, fintechs, and credit unions include implementing KYC and KYB processes, streamlining onboarding online and in-person, and leveraging advancements in artificial intelligence (AI) and machine learning (ML) for fraud detection.
- Customer education plays a crucial role in combating identity theft, with financial institutions, government agencies, credit bureaus, and even mobile service providers all contributing to awareness efforts.
- An identity-centric approach is key to stopping fraud at onboarding and throughout the customer lifecycle.
What is identity theft?
Identity theft (also known as ID theft) happens when someone unlawfully obtains PII belonging to another person, usually for financial gain. PII includes any data that is used to identify an individual, including their:
- Date of birth
- Home address
- Phone number
- Email address
- Social security number
- Taxpayer identification number
Once a fraudster has stolen someone's identity, they may attempt to open a bank account or take out a loan by entering the victim's personal information.
How do fraudsters commit identity theft?
Identity thieves targeting consumers and businesses for their personal data have many means of achieving their goal. Here are some examples of how someone might acquire the PII needed to steal an identity:
- Phishing attacks — Fraudsters may send their victims an email or leave a voicemail that appears to be reputable to convince someone to give up their information. Identity thieves have been known to impersonate a fraud representative from a bank, fintech, or credit union during phishing attacks on their customers.
- Dumpster diving — Bad actors may go through someone’s trash to steal papers containing PII, like old utility bills.
- Blue box theft — Similar to dumpster diving, this approach to identity theft involves stealing sensitive documents like checks or tax documents from the post office.
- Hacking — Fraudsters may hack into computer systems, networks, or devices such as smartphones to steal PII.
- Social engineering — Some identity thieves establish contact with a victim and then manipulate them into giving away their information, often using false promises.
- Skimming — A method for stealing card information using a storage device placed inside an ATM or point-of-sale terminal. Skimming costs financial institutions and consumers over $1 billion each year.
- Data breaches — Fraudsters may target corporations, government bodies, or healthcare providers to expose consumer and business PII.
- Dark web marketplaces — Hackers may sell the data they steal to other fraudsters on the dark web.
- SIM swapping — Also known as port-out scams, bad actors steal access to a person or business’ phone number. Like with other forms of identity theft, this often leads directly to account takeover (ATO).
- Shoulder surfing — This involves looking over someone’s shoulder and watching them enter PII into their device.
- Burglary and robbery — Identity thieves may commit break-and-entries to steal family documents like birth certificates or passports. They may also rob purses, wallets, phones, and other personal items that may contain PII.
In the past, identity theft often involved low-tech methods such as dumpster diving or stealing mail. However, new technology has made identity theft more sophisticated and challenging to combat. Advancements in AI, coupled with the widespread adoption of digital banking, have expanded avenues for identity theft.
Preventing identity theft in financial services
In 2023, the FTC reported over a million identity theft complaints, with financial losses exceeding $43 billion. COVID-19 further accelerated this trend, with a 45% increase in identity theft reports compared to pre-pandemic levels.
Banks, fintechs, and credit unions are also seeing an increase in applications with inconsistent PII: a 14% hike YoY according to Alloy’s 2024 Fraud Benchmark Report.
To effectively prevent identity theft, financial organizations must be proactive about implementing identity theft mitigation practices. We’ve outlined key tactics for detecting and preventing identity theft below:
Mind your KYCs and KYBs
Know Your Customer (KYC) and Know Your Business (KYB) processes involve collecting and verifying relevant information, assessing risk profiles, and conducting ongoing monitoring and due diligence. While KYC deals with personal information and individual risk, KYB examines business registration, ownership structure, and financial statements to prevent business identity fraud.
KYB is just as critical as KYC because businesses can make an ideal target for identity thieves due to their access to capital and credit. Business identity theft is where a fraudster takes out a loan, opens a bank account, or establishes credit by impersonating a business entity. Bad actors committing this type of fraud also have more possible points of entry: identity thieves may impersonate any number of business employees or owners to steal financial information. Once a fraudster is in the victim’s computer system, they can steal PII belonging to the business’ customers, even using it as collateral for extortion.
Regular KYB checks and fraud alerts can help financial institutions verify the legitimacy of a business’ identity at onboarding and throughout the customer lifecycle. By implementing a robust KYB process that includes continuous monitoring, banks, fintechs, and credit unions can detect any suspicious changes in ownership, structure, or financial behavior that might indicate identity theft or fraud over time.
Learn how to verify small businesses
Leverage data to find suspicious identity footprints early
Identity thieves often create false digital footprints by setting up email addresses and social media accounts for their stolen identities. Banks, fintechs, and credit unions can mitigate these identity risks by monitoring for anomalies in digital behavior, such as unusual patterns in email account creation, as part of their onboarding process.
Supplementing traditional data sources with alternative data can help you get a complete picture of someone’s identity beyond their credit, helping you achieve a more holistic view of who your prospective customers are — and are not. Ultimately, the more identity data sources you have, the easier it will be to reject suspicious accounts, or flag them for manual review.
Streamline your digital and in-branch onboarding processes
Years ago, in-branch banking was the safest way to open new accounts. However, after the pandemic, fraudsters took advantage of the increased investment in digital controls, setting their sights on vulnerabilities in in-branch banking.
Shifts in consumer preference can happen at any time. And these changes cause shifts in fraud patterns, too. By implementing a standardized approach to onboarding, banks, fintechs, and credit unions can make unified decisions about their new customer identity risk.
If your onboarding practices aren’t standardized, then in-branch and digital practices for approving customers may vary. But when you can apply prevention mechanisms like step-up document verification uniformly, then you can authenticate IDs against data providers to confirm identity no matter the channel a customer is onboarding from.
Use AI and ML to inform identity risk decisions
While some artificial intelligence (AI) and machine learning (ML) technologies actually help fraudsters commit identity theft, AI and ML can also enhance your security measures and help reject fraudulent identities at onboarding.
One of AI's key advantages is its ability to evolve and improve over time. As new fraud techniques emerge, ML models can quickly incorporate these changes and update their detection capabilities, ensuring that you remain one step ahead of identity thieves.
Incorporating ML into your security strategies can significantly enhance your ability to protect against identity theft. These technologies not only provide advanced threat detection and prevention capabilities but also offer scalability and efficiency that can stop identity theft in its tracks.
Share educational resources
Protecting consumers from identity theft requires a layered approach, where all parties — including financial institutions, government organizations, credit bureaus, and even mobile service providers — are involved in creating the solution.
- Government agencies like the FTC offer resources on identity fraud, including a personalized recovery plan, to anyone who files an identity theft report through identitytheft.gov.
- Credit bureaus like Equifax, Transunion, and Experian can help consumers stay aware of potential exploitation by producing credit reports that may reveal discrepancies in activity.
Banks, fintechs, and credit unions are incorporating consumer resources into their outreach campaigns and on their websites to help their customers safeguard their identities. Campaigns like Banks Never Ask are serving as an example for how industry leaders can get more involved in consumer awareness and education.
Adopt an identity-centric approach to fraud prevention and mitigation
Fraud detection occurs most commonly during real-time transaction monitoring. This is true, in part, because that’s where many banks, fintechs, and credit unions focus their fraud prevention efforts.
However, the best way to stop identity theft is to place identity at the center of your fraud prevention strategy. By focusing on identities rather than transactions alone, we can start to see a broader spectrum of patterns and behaviors emerge from the woodwork. This creates the ideal conditions for proactive risk assessment rather than reactive fraud detection. Instead of preventing identity thieves from transacting, banks, fintechs, and credit unions can act as greater foils, preventing fraudsters from using stolen identities to open an account or taking out a new credit card in their victim’s name.
Stay ahead of identity theft when you partner with Alloy.
Alloy’s omnichannel Identity Risk Solution unifies identity verification, credit decisioning, fraud risk management, and AML monitoring across channels. We work with an extensive ecosystem of global data partners to give you a complete view of customer risk in a single dashboard — no dev work required.
Our end-to-end data orchestration platform pulls from traditional and alternative data sources to help safeguard your bank, fintech, or credit union from identity risk at onboarding and throughout the customer lifecycle.
Don't let fraud hold you back
See why 75% of banks, fintechs, and credit unions are interested in adopting an Identity Risk Solution.