Dec 01, 2023
6 min read

Identity Theft Explained: How Businesses Can Detect and Prevent It

Learn about identity theft and how to protect your business and users from it.

According to Sumsub’s recent Identity Fraud Report, the rate of identity fraud has shown a significant increase, nearly doubling from 1.1% in 2021 to 2% in 2023. Moreover, this worrying figure is expected to increase in the future. ID cards appear to be the most commonly used documents for scams and falsification, while the most affected industries include online media, professional services, healthcare, transportation, and video gaming. 

Here you can see the fraud highlights  for 2023 by industry.

Indeed, businesses are often vulnerable to cyber attacks, and fraudsters will seize any opportunity to gather sensitive data to use for identity fraud. However, with the right anti-fraud controls in place, companies can avoid having to deal with false bank accounts, fake licenses, screaming headlines and police investigations.

In this article, we’re going to cover the most common identity theft types and how businesses and customers can protect themselves. 

What is identity theft?

Identity theft is when personal information—such as name, date of birth, address, bank account, emails—is stolen to make purchases, open accounts, withdraw money and get tax refunds. This allows fraudsters to use their victim’s identity for illicit purposes. 

How fraudsters steal personal data

Be it through cyber attacks or data leaks, identity thieves often target small and medium-sized businesses to scavenge personal data, which leads to significant reputational damage and losses. According to Statista, business email compromises alone amounted to around $2.7 billion in reported victim losses in 2022.

Fraudsters can target individuals directly by stealing mail or scavenging personal information on Facebook, Twitter or Instagram. They can also hack emails, bank accounts, or buy data from the “dark web”. 

Here are the most common identity theft methods:

  • Physical theft. Theft of documents that have a name, address, account number or any other sensitive information, such as credit cards or bank statements.
  • Phishing. Fraudsters send emails pretending to be a legit company, agency or organization, asking victims to share personal information, name, address, card or bank account details, passwords, etc.
  • Cold calling. Fraudsters call their victims posing as bank support or other service providers to trick them into sharing personal information.
  • Hacking. Criminals break into computer systems to steal identity and credit card details, banking data, etc.
  • Inside jobs. Sometimes people can abuse their positions at banks or other institutions to sell customer data on the dark web. 

7 common targets of identity theft

  1. Financial identity. Thieves use stolen personal data to access peoples’ finances, or create new accounts under someone else’s name. A syndicate in Melbourne used stolen personal data to open 70 accounts at various banking institutions. They later withdrew the money overseas and transferred it back to Australia through cryptocurrencies.
  2. Driver’s licenses. Thieves obtain a driver’s license in another person’s name for the purpose of traffic violations or vehicle theft. San Francisco-based luxury car-sharing service, HiGear, learned this lesson the hard way, when it was forced to shut down due to identity fraud related theft incidents.
  3. Social security numbers. A SSN number can be used to steal the social security benefits of other people. They can also be used to obtain sensitive documents,  take out loans or apply for credit cards. Cybercriminals used a fake Citibank website to steal debit cards and SSN in order to access bank accounts.
  4. Medical identity. Stolen medical records can be used for health insurance and medical coverage fraud. As a result of a massive cyber attack in Singapore, criminals stole the personal data of 1.5 million patients, including names, NRIC numbers, addresses, gender, race, date of birth, and medical history.
  5. Tax identity. Once criminals get hold of people’s tax information, they can use it to file false tax returns or refunds. Two Florida men used personally identifiable information to file fraudulent tax returns using their tax preparation services firm.
  6. Employment identity. Fraudsters can assume someone else’s identity to collect public benefits.  An unknown Massachusetts man used a stolen identity for 40 years.
  7. Child identity. Childrens’ personal data and SSNs can be used to obtain documents, apply for loans and even credit cards. In Portland, a nine-year-old’s identity was used to open a bank account and credit card.

Fortunately, fraudsters also make mistakes, and there are ways to stop them before they try to hurt customers and businesses.

Red flags of identity theft

  • Unfamiliar credit card charges or charges on bank statements
  • Unfamiliar or abnormal medical bills, files
  • Bills from unfamiliar companies 
  • Confirmation emails for purchases not made
  • Confirmation emails for accounts never created
  • Debt collectors contacting you about outstanding bills which are not yours
  • Receipt of credit cards which you didn’t order 
  • Notification of approval or rejection for credit cards you didn’t order
  • Suspicious login attempts to your online accounts, including social media
  • Fraud alerts from online services
  • Sudden drop in your credit rating
  • Credit or loan rejection despite clean credit history.

How to prevent identity theft

Being aware of blind spots and incorporating certain practices can considerably reduce the risks of fraud. Below we share some advice on  secure methods of identity theft prevention for businesses and their customers. 

1. Protect sensitive data

  • Encrypt data. Securely encrypt customer data before transmitting or storing it. This includes credit card, bank account and social security information.
  • Use a firewall, secure VPN and updated software. Install a firewall and a reliable VPN to fight off  hackers. Make sure to perform regular system updates to fix security issues.
  • Limit access to key personnel. Give access only to those employees that work with personal data; shred old business records.
  • Adopt new technology. This can include antivirus software, encrypted backups, or DDoS appliances.
  • Check the vendors you work with. Make sure you are putting sensitive data in the hands of companies that know how to protect it.

2. Establish data protection policies

Develop and incorporate guidelines on how your business handles and stores customer information—including how the business accepts payments and performs client identification.

  • Engineer a step-by-step protocol for data breaches. 
  • Appoint an information security officer
  • Set deadlines for record keeping, including how long the company has to store client information. 
  • Get rid of excess sensitive data that isn’t vital to the customer’s account. 
  • Do not store SSNs, driver’s licenses or birth dates online, if possible.

3. Set customer identification rules

  • Request ID. Ask for ID when customers pay by card. This allows you to compare their ID information with the name on the credit card. 
  • Recheck user IDs when there’s a change in payment data or the user profile to verify that the client’s account has not been taken over.
  • Use multi-factor authentication which combines several verification approaches.
  • Use Liveness Detection to ensure that the applicant is real and present during verification.
  • Don’t collect unnecessary data. If you are not going to use the customer’s address or birth date, there is no need to request it at all.
  • Establish fraud alerts and inspections. Use security freezes when the system detects suspicious activity. Manually review unusual transactions if necessary.

Fraud incidents lead to many consequences, including law enforcement investigations and chargebacks, meaning financial and reputational losses for the business.

Security is key to the success of any financial business—especially those that deal in the personal data of thousands or millions of people. Businesses should focus on their internal practices and study their security needs step by step as there is no defense that suits all.

Identity theft statistics for 2023

2023 saw a continuation of the trends established in prior years. In Sumsub’s Identity Fraud Report 2022, the top 3 fraud trends identified were deepfake usage, complex fraud patterns, and advanced forgeries. In 2023, these trends not only persist, 
but also continue to evolve dynamically. The most popular identity fraud types of the year include:

  • AI-powered fraud (mainly deepfakes)
  • Money mulling networks
  • Fake IDs
  • Account takeovers
  • Forced verification

Notably, AI-powered fraud has shown an increase of 1,000% in 2023 in comparison to 2022. In the EU specifically, we can see the  top 5 countries by deepfake growth (2022–2023) below: 

Identity fraud tends to target non-regulated industries more often. This is primarily due to a lack of strict regulations and verification requirements, which make it easier for fraudsters to exploit weaknesses. The online media sector saw the biggest rise in identity fraud, 
 growing from 1.56% to 4.27% between 2021 and 2023. 

Online media, which encompasses news websites, streaming services, social platforms, and digital advertising, faces an escalating risk 
of fraud. Large audiences and insufficient regulations create an environment susceptible to fake accounts, engagement manipulation, and the spread of misinformation. Experts anticipate companies in this sector to implement stricter rules such as mandatory identification, similar to measures already being taken in China.

More and more countries are becoming targets for fraudsters and identity thieves, with Bangladesh, Pakistan, Latvia, Hong Kong, and Tanzania witnessing the highest rates of identity fraud in 2023.

Bangladesh and Pakistan were already the most fraud-vulnerable countries 
in 2021 and 2022. They continue to top the list in 2023, although rates have decreased over the years. Remarkably, identity fraud rates in Latvia and Hong Kong have more than doubled this year compared to 2022, joining the top 5 countries most prone to fraud. 

In Europe, Latvia, Estonia, and Ukraine have seen
 a noteworthy increase in identity fraud rates between 2021 and 2023, with Latvia experiencing a significant jump from 1.70% to 4.05%.

The top 10 countries in Europe with the highest percentage
 of fraud in 2023 are: 

Meanwhile, the top 10 countries in Europe with the lowest percentage 
 of fraud in 2023 are:

How to prevent identity fraud:

  • Implement KYC protocols
  • Store data securely 
  • Implement strong authentication methods
  • Conduct regular  training and awareness programs
  • Implement transaction monitoring
  • Vet vendors
  • Update security systems
  • Implement incident response data
  • Employ physical security
  • Perform regular audit and reviews
  • Get feedback from  employees 

To learn about our predictions for 2024, download our latest fraud report.

Download the report

FAQ

  • What are the 7 common types of identity theft?

    • Financial identity theft

    • Driver’s license theft

    • SSN number theft

    • Medical identity theft

    • Tax identity theft

    • Employment identity theft

    • Child identity theft

  • What are the most affected sectors when it comes to online identity theft?

    E-commerce, finance (online banking) and social media.

  • How to prevent online identity theft

    If you are a business owner:

    • Use strong passwords, 2-factor authentication, and implement liveness, where possible

    • Use secure password managers

    If you are a client:
    • Use strong passwords

    • Use secure VPNs when logging in

    • Beware of phishing and spoofing

    • Beware of phone scams

    • Monitor your mailbox and check online accounts from time to time

    • Monitor your bank, tax and medical statements

  • What is the best way to protect your identity?

    The best way to protect your identity is to follow a set of everyday rules, including:

    • Protecting sensitive data

    • Creating different accounts and passwords

    • Using secure VPNs and updated software

    • Regularly checking credit reports and bank statements

  • What is the solution to preventing identity theft?

    It would be useful for clients to monitor credit and tax reports and banking statements, check medical information and beware of unusual account alerts. For business owners, a reliable KYC solution and biometric verification are must-haves.

  • What is the rate of identity theft?

    According to our internal statistics, the rate of identity fraud has shown a significant increase, nearly doubling from 1.1% in 2021 to 2% in 2023. Moreover, global account takeover incidents increased by 155% in 2023.

  • Where does identity theft happen the most?

    In 2023, Bangladesh, Pakistan, Latvia, Hong Kong, and Tanzania witnessed the highest rates of identity fraud. Bangladesh and Pakistan were already the most vulnerable countries 
to fraud in 2021 and 2022. They continue to top the list in 2023, although rates have decreased over the years. Remarkably, identity fraud rates in Latvia and Hong Kong have more than doubled this year compared to 2022, joining the top 5 countries prone to fraud.

  • How bad is identity theft in the US?

    According to our internal statistics, the US experienced a significant jump in identity fraud rates, from 1.04% in 2021 to 2.30% in 2022. However, there was a subsequent decrease in 2023, settling at 1.68%.

Subscribe to continue reading

Enter your email address to get access to the full article

By providing your email you consent to receiving our newsletter. For further information please see ourPrivacy Notice

See Sumsub in action

identity fraudidentity theft