At Zenpli, we're committed to staying ahead in the battle against identity fraud. In our first post in our series of Identity Fraud Trends (see comment), we uncovered the 'why' behind fraudsters' actions. Now it's time to explore the 'how' by diving into the use of generative AI by for fraudsters and how these tools make it easier and cheaper to bypass standard KYC and fraud checks.
Background
In Q4 2023, our Market Intel team studied the feasibility of creating synthetic identities in large numbers through an automated process. The aim was to develop a process that utilized publicly available AI tools (such as LLMs) to generate 1,000 fake identities in 1 week with a budget of less than USD $500.
Key Findings:
9️ Tools
The team conducted various tests on a number of AI tools and concluded that a fraudster can create a 'factory' capable of generating complete synthetic identities at scale by using only 9 tools that can be strung together. This process requires less than 2 years of coding experience.
Difficulty Level 2
Creating a complete fake identity is surprisingly simple, scoring a mere 2 out of 5 on our difficulty scale. Phone numbers that can be validated by one-time passwords are the easiest domains to create and liveness tests requiring the most work. However, with some practice fraudsters can reduce the work required to pass liveness tests by following guides available online - including Git-type libraries and recent articles in Techcrunch. (see comment for links).
Cost-effective fraud $0.20 - $0.50 per identity
Freemium versions of most AI tools suffice, making the cost virtually zero per new identity. However, a few paid subscriptions to AI tools can enable the creation of a ‘factory’ for synthetic identities operating programmatically at an overall expense that remains shockingly low ($200 to $500 spent per month).
Takeaway
The reality is that identity fraud is on the rise. AI tools are not just widely accessible for fraudsters, but also highly effective and inexpensive. This fact is making it imperative for companies to see digital identity differently and to stop relying on silver bullets (e.g., ID and liveness test, only) or verifying identity data independently (e.g. phone = ok, email = ok) as their standard KYC and fraud prevention checks.
Attacking the Problem
As shown, silver bullets and 1-1 verifications are not enough. At Zenpli, we have taken-up the challenge to evolve KYC and fraud prevention with unmatched data depth and connections to make it harder and more complex for fraudsters, yet easier and more cost effective for businesses. Get in touch to learn more about our solutions.
Disclaimer
All research and activities conducted by our Market Intel team were purely for R&D purposes. The synthetic identities generated were not used beyond the defined scope.