How To Protect Your Business From Digital Identity Fraud
Protecting your business against digital identity fraud has always been a moving target. As phishing tactics have evolved, security experts have seen a steep rise in levels of fraud. That’s especially been the case since the start of the Covid 19 pandemic as businesses have been facilitating digital transformation.
As the global spread of the virus saw governments impose mitigation measures such as stay-at-home orders, digital payments sharply increased and in-person customer interactions went remote. Cybercriminals took advantage of this rise in digital transactions. A recent FTC report found that consumers alone have lost more than $300 million in Covid 19-associated fraud since early 2020.
While digital identity fraud is on the rise, there are now more progressive ways to protect you and your business.
What is digital identity fraud?
Digital identity fraud is a process in which a threat actor exploits weaknesses in security to illegally obtain personal information — such as social security numbers, credit card numbers or PINs, or dates of birth, which contributes to your digital identity. They then use this information to open new lines of credit, such as applying for loans, and other services.
While offline identity theft has long been prevalent in some form (think stealing a wallet, posing as a legitimate business to extract personal information, looking through trash to obtain personal financial documents), online identity theft can be much harder to prevent and potentially gives cybercriminals access to much more sensitive information.
There are common warning signs with which most of us are now sadly familiar, including receiving bills from unknown service providers, finding rogue accounts opened in your name, being notified by the IRS that more than one tax return has been filed on your behalf, or simply noticing odd transactions on personal or company bank statements. Each of these tactics is deployed by fraudsters to gain access to vulnerable accounts.
What is the business impact of digital identity theft?
Unfortunately, businesses are under near constant threat of digital identity theft. A recent study by PWC’s Global Economic Crime and Fraud Survey revealed that 46% of businesses had reported experiencing fraud, digital identity theft, or other economic-related crimes in the previous 24 months.
The business impact of these cases can be severe. Among companies with global annual revenues of more than $10 billion, one in five reported a fraud incident with a financial impact of more than $50 million. And new threats continue to emerge. For instance, supply chain fraud has risen as Covid 19 disrupted trading patterns.
Asset misappropriation, unauthorized trading, intellectual property (IP) theft, money laundering, and tax fraud are also devastating businesses of all sizes.
What types of digital identity fraud are affecting businesses?
Understanding the types of digital identity fraud that criminals are using to target businesses is essential in protecting your perimeter:
- Financial identity theft: This most common type of digital theft happens when a bad actor obtains financial details and uses them to apply for new lines of credit, loans, and services.
- Tax identity theft: This occurs when false tax returns are filed to claim and collect a refund.
- Identity cloning: In which a cybercriminal illegally obtains personal information to impersonate a victim and conceal their own identity.
- Social media identity theft: A form of identity cloning in which a social media account for an individual or a brand is imitated to defraud online friends and contacts.
- Synthetic identity theft: A type of theft in which a bad actor creates a new identity using real and fabricated personal details, such as an actual social security number and fake date of birth, to remain unexposed to anti-fraud systems.
11 common digital identity theft tactics
With many tactics at cybercriminals’ disposal, it can be challenging to identify when they are targeting you or your business for digital identity theft. Businesses must keep watch out for these common practices:
1. Phishing
The sending of fraudulent messages to trick a victim into divulging sensitive information.
2. Credential stuffing
The collection of usernames and passwords, most often exposed from a data breach, that can be used as credentials to access user accounts.
3. Malware attacks
A cyberattack in which unauthorized, malicious software is deployed onto an individual or business system.
4. Malicious links
URLs that are created and distributed through spam or phishing practices to deploy malware on a system.
5. Keystroke recording
Also known as keylogging, this is a cyberattack in which a fraudster captures and records the keys struck on a keyboard to steal passwords and other sensitive information.
6. Spyware
Malicious software deployed on a system that gathers sensitive information and sends it to another individual.
7. Open-source intelligence
Most often used in national security and law enforcement, OSINT sees the collection of information from publicly available sources.
8. SIM jacking
Using two-factor verification or bribing an employee at a cell phone carrier to gain control of a victim’s phone number.
9. Pretexting
A cybercriminal uses a made-up scenario to trick a victim into turning over personal information. A common example would be calling someone and impersonating an individual in power to obtain information.
10. Email hijacking
In which cybercriminals gain access to an email account by directing a victim to malicious login pages or via keylogging.
11. Fake social media friend requests
Created to access personal data or share malicious links.
9 ways to protect your business from digital identity fraud
Many new tools and strategies exist to protect businesses from digital identity fraud. Here are some ways to remain vigilant about protecting your business.
1. Track online accounts
Dormant accounts can leave your sensitive information exposed. Keep a record of all your usernames, monitor your saved logins in Chrome, Firefox, and Safari, or use username and security sites to locate old accounts.
2. Invest in a password manager
Password managers make it easy to recall passwords and allow users to create hard-to-crack logins to protect from data breaches. Invest in a password manager like LastPass, Dashlane, or Keeper to maintain all your sensitive logins in one place.
3. Utilize multi-factor authentication
Setting up multi-factor authentication on your most sensitive accounts adds a layer of security to your login process. Even if your password is stolen, two-factor authentication can make it much more difficult for a cybercriminal to access your account.
4. Switch to online notarization
Businesses can deter fraud in notarizations by adopting an online notarization process. Tools like Notarize use multiple types of verification that go beyond the traditional notarization process that is limited to the notary’s discretion of ID verification.
5. Monitor bank statements
Keeping a consistent eye on your account activities can help you spot any irregularities and fraudulent activity.
6. Adjust privacy settings for social media accounts
It’s up to users to indicate what they want to keep private from their social media accounts. Use your privacy settings to safeguard personal information and location services, and regulate your visibility.
7. Avoid downloading apps outside of official app stores
There are risks to downloading apps from third-party stores. Outside Google and Apple app stores, many third-party providers do not feature testing for potential malware.
8. Backup important files
There are few things as heartbreaking as losing important files and businesses need to consider having a cybersecurity recovery plan. Investing in external hard drives and cloud-based backups to ensure all your most important data is secure.
9. Update software applications on your devices
Device manufacturers and app developers regularly update software applications on phones and computers to combat cybercriminals. Keep your devices updated every time a new software patch becomes available.
How Notarize helps protect businesses from cybercriminals
Today businesses are turning to Notarize to help deter fraud. With notaries available 24/7, Notarize has made the process of signing, notarizing, and storing documents simpler, safer and more secure. With cloud-based hosting and a full audit trail of transactions, Notarize ensures that online notarizations are protected and verifiable.
As digital identity theft techniques become more advanced, it has never been more important to strike a proper balance between client experience and fraud protection. Tools like Notarize make it simple and safe to provide a great user experience while also preventing identity fraud.