Identity fraud is a rapidly growing problem that affects individuals and organizations across the globe, with financial institutions being particularly vulnerable to these types of attacks. A recent international survey showed the cost of identity fraud varying widely among several types of financial organizations, with smaller banking institutions being hit the hardest. The survey’s findings highlight the urgent need for financial organizations to take proactive steps to protect themselves and their customers from identity fraud.

The Impact of Identity Fraud

The survey polled 1,069 fraud detection/prevention decision-makers across several sectors and countries in December 2022 and January 2023. Findings include:

  • Every fourth bank reported experiencing over 100 identity fraud incidents in the past year (26% of organizations), while this number is lower (17%) for the fintech sector.
  • The banking sector was found to be the most severely impacted, with a median cost of over $310,000 per incident of identity fraud. For 31% of banking organizations, the cost of such incidents was about half a million dollars or more. In contrast, the median cost of fraud for fintech organizations was lower, at around $120,000 per incident.

The disparity between bank and fintech impacts stood out in the survey, conducted by Sapio Research for Regula, a vendor of identity theft protection solutions. This difference could be attributed to factors including the greater size and intricacy of banks’ operations, as well as their legacy systems, regulatory mandates, and reputational risks, according to the survey’s authors.

While larger financial institutions may have more resources to invest in security measures, it is important not to overlook the vulnerability of smaller banks and fintech companies to identity fraud. These organizations may have fewer resources to invest in advanced fraud detection technologies and processes, which can make them more vulnerable to attacks from fraudsters. Another challenge that smaller institutions face is the limited ability to share data and collaborate with other institutions. This can limit their ability to detect and prevent fraud, since they may not have access to the same level of relevant skills and resources as larger institutions.

The survey found widespread use of falsified or altered physical documents, such as passports, ID cards, and driving licenses, in addition to online identity scams. The fraudsters use stolen personal information to carry out a range of criminal activities, including opening bank accounts, applying for credit, and making purchases. Banks are among the businesses that are most affected by identity fraud, and they face significant challenges in protecting themselves and their customers from this threat. Their direct financial losses from fraud can be large, with banks often having to reimburse customers for fraudulent transactions.

Current Trend: Synthetic Identity Fraud

A recent trend that has affected financial institutions and government agencies is synthetic identity fraud. What makes this form of fraud different from traditional identity fraud is that real consumer information is combined with fictitious information to create a new identity rather than using the full identity from a compromised consumer. This new type of fraud is typically perpetrated against children or young adults with minimal credit history and is carried out using the following steps:

  • The fraudster purchases personally identifiable information on the “dark web.”
  • Applications for credit cards, loans, and benefits rewards programs are submitted.
  • The fraudster may build credit history to increase the largest amount of credit they are eligible for.
  • Once the fraudster opens large credit lines, they will start to maximize the balances, buying easily sellable products to convert to cash. This leaves the creditors with large outstanding balances with no one to pursue collections.

A good example of this type of fraud and how difficult it may be for a bank to find is a scenario where a fraudster takes a social security number of a child or young adult who may have little to no credit history and combines it with a fictitious name and address to create a new consumer profile. From there, the fraudster may open bank accounts, credit cards, personal loans, or even apply for government benefits. Since few parents may think to check their child’s credit report, it can take years for the perpetrated fraud to be uncovered.

The Fight Against Identity Fraud

Preventing identity fraud in the digital era requires organizations to adopt reliable and secure identity verification processes. This involves using advanced ID verification technologies and document security features. In today’s rapidly evolving digital landscape, fraudsters are becoming increasingly sophisticated, making the following approaches increasingly important in the fight against identity fraud:

  • Artificial Intelligence-powered fraud detection algorithms: Machine learning algorithms can analyze vast amounts of data to find patterns and anomalies that show a fraudster may be lurking. AI-powered solutions can also adapt to changing fraud patterns and continuously learn from new data to improve accuracy and effectiveness.
  • Digital identity solutions: Some companies offer digital identity solutions that use advanced technologies like biometrics, blockchain, and machine learning to verify the identity of customers. These solutions can help financial institutions reduce fraud and improve the customer experience.
  • Real-time data platforms: Using real-time data can help banks quickly verify the authenticity of new users while preventing fraudsters from slipping through the cracks. Data platforms can process large volumes of data in real-time to find potential fraudsters and stop them in their tracks.
  • Multilayered identity verification: This approach combines various techniques to verify the user’s identity, such as device fingerprinting, geolocation, and behavioral biometrics. Geolocation matches the user’s location to their IP address and compares it against where they are most seen, while behavioral biometrics analyze the user’s typing speed, mouse movements, and other behavioral patterns to create a unique identifier for the user.
  • Document verification systems: These systems are designed to verify the authenticity of physical documents quickly and accurately. They use sophisticated algorithms to compare a document against a database of known authentic documents and flag any discrepancies or anomalies. This helps to prevent fraudsters from using fake or modified documents to gain access to sensitive information or financial resources.

The Takeaway

Identity fraud poses a grave threat to both banks and their customers. The scale of the problem is staggering, with millions of people falling victim to this type of crime every year. For banks and fintechs, the consequences of a successful attack can be severe, ranging from financial losses and reputational damage to security breaches that can put sensitive information at risk. By implementing security measures, they can reduce the risk of identity fraud and keep the trust of their customers. In an era of heightened cybersecurity threats, it is more important than ever for banks to prioritize the protection of their customers’ identities and financial assets.


Daniel Lane

Dan Lane, a Director with Treliant, is an accomplished professional in corporate accounting, financial auditing, forensic accounting, regulator-directed monitorship, and financial crimes compliance. He has worked with financial institutions, publicly-traded companies, and state government agencies. Dan has a history in financial crimes compliance stemming from his experience at the global…

Kari Trautvetter

Kari Trautvetter, a manager at Treliant, has over four years of experience and advises clients worldwide on anti-money laundering (AML) matters and other aspects of compliance programs. She has experience across a broad range of compliance-related projects, including fraud investigations, AML compliance, cryptocurrency regulatory compliance, sanctions review, and related litigation.