New data from Jumio reveals that new account fraud based on ID verification declined 23.2% worldwide YTD in 2020, compared to 2019 results. At the same time, selfie-based fraud rates were five times higher than ID-based fraud. This illustrates the growing number of stolen ID documents available on the dark web for purchase and, more importantly, the growing need to determine if an ID is authentic and belongs to the user.
The fourth edition of Jumio’s Holiday New Account Fraud Report examines fraudulent attempts to open a new account using a manipulated government-issued ID and a corroborating selfie. Selfie-based fraud describes fraudulent attempts to use a picture or video (e.g., deepfake) instead of a genuine selfie to corroborate a digital identity. In fact, selfie fraud rates were significantly higher than fraud based on just a government-issued ID. The fraud associated with the selfie averaged 7.15% globally in 2020, compared to 1.41% for ID-only verifications.
The report is based on the analysis of tens of millions of transactions from a variety of industries and geographies around the globe. It targets the period of January through October each year and the month of November to cover the holiday shopping period.
“This year’s Holiday Fraud Report unearths a number of interesting global fraud trends that enterprises adopting biometric-based identity verification should carefully consider as they architect the new account journey,” said Philipp Pointner, Jumio’s chief product officer. “It highlights the critical importance of requiring a selfie to corroborate the remote user’s digital identity. By including both ID verification and identity verification with live selfies and liveness detection during the account onboarding process, organizations can more effectively deter fraudsters and better protect their ecosystems.”
Key findings include:
- Despite widely reported increases in fraud, Jumio customers saw fraud rates actually drop in 2020.
- By adding a selfie requirement as part of the identity proofing process, organizations caught 80% more fraud than if they just required a government-issued ID. Moreover, this finding only reflects detectable fraud attempts and does not include the chilling effect that the selfie requirement has on would-be fraudsters who abandon the process before taking the selfie.
- New account fraud using a driver’s license is significantly lower than other document types (e.g., passports and ID cards).
- When identity verification is embedded within an SDK, the fraud rates are significantly lower than other channels (e.g., API and web). Higher fraud rates are associated with channels where users have the ability to upload their own ID images and can manipulate a legitimate ID or use an image of an ID found on the dark web or from a Google Image search.
- In developed countries, the fraud rate tends to be 1% or less. While globally the fraud rates stayed fairly flat throughout 2020, the UK experienced a sharp increase in November, whereas the Philippines and India saw a dramatic reduction during that same month.
- Financial services, crypto and gaming all had healthy drops in fraud rates, even though these industries tend to have higher fraud overall because the financial reward tends to be greater.
These findings are especially timely as more and more organizations are migrating from legacy methods of identity verification, which are not equipped to detect sophisticated methods of new account fraud. According to Gartner’s 2020 Market Guide for Identity Proofing and Affirmation, 80% of organizations will be using document-centric identity proofing as part of their onboarding workflows by 2022 — an increase from approximately 30% today.