Preventing document fraud in a world built on digital trust

All digital markets are built on trust and that trust has been reduced to an algorithm driven by proof of identity, which currently remains heavily reliant on formal documents such as a passport or driving license. Anyone looking to misrepresent who they are, where they live or what they’re paid would need their documentation to reflect this false version of their status.

Highly automated workflows used by financial services are particularly vulnerable to this type of manipulation. Bank statements that are used to support lending applications, “know your customer” (KYC) procedures and other identity-driven financial purposes worldwide are regularly tampered with. In addition, “know your user” (KYU) processes, which include merchants, fintech companies and the B2B ecosystem, among others, are also subject to fraud.

A range of challenges
The challenges facing fraud prevention teams are significant. In the physical world, trust develops over time and generally begins with an introduction – a process that can be accelerated when accompanied by a recommendation or via a source who is already trusted. From that point onwards, the value of the relationship is determined by the way that people subsequently behave towards each other.

In the digital context, however, trust can’t be based on a feeling – it must be represented by the data contained in documents and the rules attached to that data. What’s more, the sheer number of transactions (i.e., behaviors whereby the value of the relationship is determined) being processed across today’s complex financial networks, means this digital trust must be assessed at an appropriate pace. To meet these needs, automation has replaced manual human involvement, and while these technologies have brought many benefits to the process, they also present opportunities for people looking to commit fraud.

What are organizations, their fraud prevention teams and automation technologies up against?
Among the various methods used by those committing criminal fraud, an alarmingly common and effective tactic designed to defeat many existing automated technologies is the use of “synthetic identities.” This is where real and fictitious identity fragments are combined specifically to evade fraud detection processes.

The approach is increasingly sophisticated, with criminals employing complex, long-term strategies to build a credible credit history over time – sometimes over a period of years. With this in place, their aim is to carry out perhaps one major fraud before abandoning the identity entirely. As a result, this kind of activity is contributing to online payment fraud losses which are expected to exceed $206 billion cumulatively from the period between 2021 and 2025.

Next-generation automation
In working to prevent fraud, however, organizations have an important balance to strike: they have to reduce losses by protecting automated workflows, while simultaneously not making the experience inconvenient for customers.

Recent advances in artificial intelligence (AI), especially machine learning (ML), are giving fraud prevention teams the opportunity to meet the challenge head on. For example, digital signature verification can be implemented using open-source software for machine learning.

However, detecting fraud within documents that have been digitally altered with graphics editors or “print-manipulate-scan” evasion techniques requires more sophistication. Often undetectable to human fraud specialists, building an automated solution requires specialist knowledge of the metadata and digital footprints left by scanning and printing devices.

While these more advanced ML techniques work with most document types, they will typically deliver somewhere between 75% and 80% accuracy. This is a step in the right direction, but still not at a level where automation is reaching its potential. Instead, more specialized modelling is generally required.

Even more sophisticated and bespoke visual and structural modelling can be used to assess the look and feel of specific types of documents provided by third parties. This process compares them against examples of authentic documents provided by document originators, such as those from banks, utility companies, and government agencies.

Context-aware machine learning
The most recent and powerful generation of risk management and monitoring systems also employ context-aware machine learning. Instead of making decisions in isolation, each new customer interaction or transaction is assessed by considering all previous interactions between all other counterparties. The more data the system has to work with, the more accurate the assessments become.

The same contextual approach can be applied to document intake. Looking beyond single documents for signs of manipulation across multiple documents at once can reveal patterns indicative of serial or organized fraud.

By concurrently using different models across a variety of use cases, including fraud (identities, account takeover, hoarding, basket switching) and money laundering (layering and integration), contextual analysis scores customers across a risk spectrum whose tolerance can be set to reflect an organization’s appetite for risk.

For example, when an account is first opened, KYC checks establish customer identity, and that customer is assessed as “medium” risk by default. From that moment on, their behavior is continuously monitored and their risk rating adjusted accordingly based on the models’ understanding of the characteristics and impact of different types of risk.

Fraudulent activities continue to evolve as criminals seek to evade detection to exploit the limitations of many current systems and processes, undermining the trust on which digital markets are built. If automation is going to play a full role in allowing organizations to balance fraud prevention against the customer experience, they will need to draw on next-generation, AI and ML powered solutions. Those that do so will be ideally placed to minimize the costs they are forced to incur daily due to fraud. Help Net Security