How Combining Physical/Personal Identity with Digital Persona can Prevent Fraud

This Article was written for Voice&Data by Shivraj Harsha, Co-founder, TrustCheckr

Today, in the age of the internet, the virtual world has intertwined and evolved to become an extension of the real world.  With its character of an ‘enabler’, we can literally do most of the activities online. It is as real as the real world itself. Yet, in a sense, we are living two parallel lives. In the real world, there is a well-established framework to check and verify who a person is; and what they can access.

This physical identity acts as a unique identifier for a host of transactions. These include opening of bank accounts, availing government credits, etc. However, the utility of the unique identifiers of the real world becomes limited while operating in the virtual world. They assume a very different nature.  These are made of email addresses, social profiles, usernames, passwords, to name a few. Due to the inherently flexible nature of the digital world, they can be created and destroyed with minimum effort. While, in general, everyone is aware of how to safeguard their physical identity, it is not the same with digital identities. It becomes challenging by way of its characteristic dynamic nature and the challenge is further amplified with the expansion of an individual’s digital footprint. This essentially gives identity hijackers the opportunity to launch phishing attacks on unsuspecting, vulnerable users to part with credentials to access their digital identities.

The information thus obtained is pieced together with fictitious information to create completely new digital identities for fraudulent activities, known as Synthetic Identity Fraud. For example, these fraudulent IDs are used to traverse a company’s digital journey as genuine customers. Oblivious of the origination of these IDs, unsuspecting companies onboard them as genuine new customers, only to be left stranded with non-performing accounts.

The COVID-19 Pandemic has unleashed a torrent of digital frauds. Offline business came to a standstill, primarily due to the lockdown, forcing people to quickly adjust to the new normal of transacting online only. Naturally, this ushered a new segment of vulnerable and not-so-savvy tech customers online. Responding to the forces of changing business dynamics, many companies also quickly transitioned to take their business digital, even if it meant with a ragtag security system in place. This provided a field day for fraudsters to launch phishing attacks on users and organizations alike.  Actress Shabana Azmi recently tweeted that she had lost money in an online scam. She, too, was a victim of a form of phishing scam. In the fight against fraud arising from synthetic identities, the key is to leverage personal and digital intelligence.

The three important pieces of armour in safeguarding digital identities are Mapping, Storing and Tokenisation.

Mapping of Data

Mapping and triangulating personal and digital identity data can show suspicious patterns in the origination of identities. For example, a mapped device can check if an unusual number of digital identities are created through it; if yes, what is the time stamp of its origination. etc. Hence, mapping the various attributes of a digital identity such as name, its vintage, time stamp, usage history, etc. across its web foot print against physical identity intelligence device details and IP address will establish the authenticity of a digital identity. In turn, when the mapping of a device details is further extended to the government-issued KYC documents like Aadhaar number, it can create a better triangulation. Since, stolen devices are most often used to commit synthetic fraud. In fact, mapping should start from the point of sale.

Storing of Digital Identities 

Most companies have ad-hoc policies on the storage, access, retrieval, usage and deletion of Digital Identity on their platform. It is a cause of concern as their central repositories are often hacked and private data is leaked. This then leads to identity theft, security theft, etc. There have been heaps of high profile leads of sensitive data, the latest one being the Dominos data from India. Many a time, storage of data in central repositories managed by third party intermediaries have caused havoc; it is often difficult to completely shield attacks in cyberspace.

Tokenisation for Security

Even with the best of the security measures in place, repositories are vulnerable to cyber-attacks. In such an event, fraudsters getting access to mapped unencrypted data is like serving highly valuable sensitive information on a platter. Hence, encrypting the mapped data on blockchain will ensure that it is tamper-proof from hackers. It also allows data tracking and everything that happens to it. It not only enhances the element of trust for organisation who have consumer data for verification and other purposes but also for people, who can now be relieved that their digital data is safe and secure.

For the users, here are four simple to steps to secure your digital identity:

•  Always use a password manager
• Take a few extra seconds before you click a post or link and before you like or comment on a post.
• Never believe if a caller claims to be calling from your bank. The Jamtara Series on Netflix will give good insights on the modus operandi of fraudsters.
• Have a secondary password for a mobile subscription account