Why It’s Becoming More Difficult to Tell Fake From Real IDs

Consumers and fraudsters are more alike than different online. That is a revelation by New York-based Socure in its Aida’s Insights on Identity report on the leading fake digital identity indicators.

The report, using data gathered from actual Socure customer transactions (banking, payments, ecommerce, etc.) by ID verification robot Aida, investigated the most common signs of fraud as well as the differences between authentic, stolen and fake identities.

The study found fraudsters have virtually eliminated any single reliable indicator for detecting fake identities online. Data gathered revealed when considering common signs of fraud the difference between authentic and fake identities is nuanced at best.

“After processing billions of data points, we confirmed that consumers and fraudsters are far more alike than different when it comes to digital identities,” Sunil Madhu, chief strategy officer for Socure, said. “While differences in fraudster behavior certainly remain, they have become subtle enough that relying on a handful of variables is no longer sufficient; the complex and subtle relationships between multiple variables must be analyzed to get an accurate result.”

The study assessed hundreds of fraud indicators to determine how reliable they are for detecting fake identities. Following are eight of the most interesting indicators:

1. Fraudsters avoid mobile numbers. Two thirds of the numbers provided by legitimate applicants registered with one of the top four U.S. carriers (AT&T, Verizon, T-Mobile, and Sprint (67%), while just over half of fraudsters (52%) did so. This is most likely due to fraudsters’ propensity for using so-called burner (pre-paid) phones and/or SIM cards to keep expenses down.
2. Names. Fraudsters typically use the most common male names, like John, James, David, or Michael, which, according to the Social Security Administration, has held the top spot for most popular male name 44 years out of 100.
3. Social media accounts. Approximately 80% of fraudulent identities have no associated social media accounts. “While the absence of social media has a high correlation with fraud, note that some legitimate applications also have no social media presence,” the report noted.
4. Device location. Most fake IDs use IP addresses inconsistent with their actual location. The device used is less likely connected from the address provided (-9.8%) and more likely to connected through a proxy (+9.7%).
5. Age. When it comes to filling out online applications, fraudsters rarely input a birthdate if it’s not required. When required, fraudsters are more likely to present themselves as 25 to 45 years old.
6. Street Address. Like IP addresses, fraudsters use inconsistent information, like an incorrect zip code or house number. Meanwhile, the name and address submitted with fake IDs only match 50% of the time while there’s a 5.6% greater likelihood that the house number is missing or incorrect.
7. Valid email address. Virtually all legitimate applications include a valid email address (97%). The report admitted, “But it’s interesting (and troubling) to note that 87% of fraudulent applications also now include a valid email address (meaning it’s a valid domain and the inbox accepts email).”
8. Name to email match. Fraudsters use made-up email addresses where they can receive a confirmation and evade detection by the identity theft victim. A strong name to email match covered 60% of legitimate customer applications, yet for only about 32% of fraudulent applications.