Onboarding intelligence vs identity fraud
Laura Barrowcliff
In today’s digital economy, identity verification at customer onboarding is much more than a box-ticking exercise for regulated businesses. With the increased threat of identity fraud, all companies are well advised to trust-test identity data and documents that appear on their platforms claiming to be new customers. We call this the ‘onboarding intelligence’ test.
Onboarding intelligence is a collective term for a rich combination of identity data references, history and behavioural insights from multiple commercial and government sources. These insights help brands recognise good customer prospects and spot fraud signals from suspicious identities, blocking fraud before it’s onboarded to their business.
Identity fraud what to do
Fraud doesn't recognise business boundaries. Criminals can quickly deploy fake identities for maximum return across businesses and industries.
of fraud prevention professionals believe cross-sector identity intelligence can be a strategic differentiator in beating fraud
If digital identity fraud is a common and increasing problem for businesses, it follows that solutions should not be sought in isolation. Connecting identity verification checks to a network of shared onboarding intelligence at customer onboarding is a powerful weapon against GenAI fakery, synthetic identities and other identity fraud.
Eighty-one per cent of fraud prevention professionals we surveyed for our Global Fraud Report 2024 believe that cross-sector identity intelligence sharing can be a strategic differentiator in the fight against fraud across all industries.
GBG Trust network
GBG Trust is a unique identity data network that provides powerful onboarding intelligence insights into digital identity attributes and behaviour.
Identity data network representing 600+ businesses
Covering 25 sectors in 80+ countries
Containing 52 million+ data records (and counting)
Complete data privacy preserved
How much can you trust this digital identity?
This is a great question to aim at new arrivals to your business platform at the first point of contact; a measurable Trust score is a great answer, helping to block or re-route onboarding journeys to manage the fraud threat.
Here are a few real-life examples of fake IDs and synthetic identity scams caught out by a low Trust score in an onboarding intelligence test.
How much can you trust this [ID document]?
One iGaming company had a run of bad luck with a prolific fraudster who was fabricating dodgy driver's licences.
The trickster had manufactured a template in a popular AI image generator and was running off copies, substituting a new name and address each time. These fake IDs repeatedly failed to raise a red flag at onboarding because the business was running only basic document checks, without biometric authentication or liveness testing.
The best way to catch fake IDs is with advanced identity-proofing methods. A simple way to catch fake identity documents is to run an onboarding intelligence test; spoof-proofing the data that appears on the ID to ensure the [name, address, identity document number and other data] all match up and don’t set off any alarms.
When this iGaming platform plugged the document data into the GBG Trust network, it appeared that licences with the same issue and expiry date but different name and address details were being submitted up to 30 times a day. That suspicious pattern of activity was enough to set the Trust scores tumbling and close the book on a bonus abuse scam.
How much can you trust this [person]
Among the many colourful characters who have attempted to sign up for services in the GBG Trust network, we have an illustrious list of names. Bart Simpson, Donald Duck and Luke Skywalker have all made several (failed) attempts to create accounts, with repeated applications from Messrs Santa Claus, Merry Christmas and even Mr Happy Easter.
While fictitious names leap out at us, it’s the data inconsistencies revealed in instances of Person identity attributes [forename, surname and date of birth] that are indicative of synthetic identity fraud and trigger network anomaly rules resulting in a low Trust score.
The Global Fraud Report 2024. Get the facts about fraud.
How much can you trust this [address]?
Among the identity fraudsters caught in the act by GBG Trust are the serial synthetic identity scammers attempting to open accounts using a phoney address.
Believe it or not, there is one 25-square-metre address in Central Manchester in the United Kingdom that is home to 348 people. This extremely popular one-room residence would be a little cosy (and a sign of an escalating housing crisis) if it really were providing accommodation to so many people. In fact, it’s a mailbox address. In the last year, GBG Trust screened and stopped applications made to thirty different organisations from this one, anonymous address, sometimes as many as eight applications per day!
Of course, there are many legitimate reasons for using a mailbox, but proof of address is not one of them. In the UK, credit reference agencies typically run searches on an applicant’s address data attributes [street number, street, town, postcode] to complete KYC checks, so identity fraudsters need to use a genuine address to try to circumvent customer due diligence and get inside an unsuspecting business.
How much can you trust this [behaviour]?
Dubious names and addresses associated with a digital identity will often appear even more fishy when they pop up alongside suspicious patterns of behaviour.
Challenging the aforementioned Mr Criminal at the top of the identity fraud world rankings, Ms Fraudster (not her real name) is a prolific Canadian synthetic identity scammer and promotion abuser. Her apartment building in Mississauga, Canada was detected 3,857 times over one month in repeated attempts to sign up to a popular iGaming platform and claim a new player bonus. That’s over 100 application attempts every single day!
How shared onboarding intelligence helps to build trust
This spike in sign-up activity quickly shows up as increasing [application velocity] at that address and a rapidly diminishing GBG Trust score for Ms Fraudster. Once alerted to the threat, the iGaming platform can route further applications for advanced identity verification – more than a match for any unsubtle attempt to blend fake names with a genuine address.
How much can you trust this [mobile number]?
The virtual mobile number is to digital identity fraud what the prepaid or ‘burner’ mobile is to street crime – a cheap, easily accessible aid to anonymity.
A ‘tester’ or virtual [mobile number] is not tied to a SIM card or mobile device. Designed for legitimate software testing applications, these numbers have leaked and spread across the internet, openly for sale on many eCommerce and classified platforms. Now shockingly simple to acquire, there are hundreds of thousands of these disposable numbers out there, ready to circumvent one-time passcodes in identity fraud attacks.
One UK mobile number – 07488****** – has to date been detected by the GBG Trust network 132 times in online applications to 16 businesses. The number has been associated with 109 individuals at 102 addresses. This is a clear identity fraud security risk for any organisation relying on multi-factor authentication at customer onboarding.
Trust-tested identity data
As GenAI accelerates the production of synthetic identities, deepfakes and counterfeit documents, businesses need to trust-test the identity data and documents that appear on their platforms.
In an interconnected digital economy in which fraud doesn’t discriminate, trust testing at the point of customer onboarding will increasingly be a common concern and a collective endeavour for brands that rely on identity confidence to do business. We believe that onboarding intelligence and identity data networks are an important part of a multi-layered defence against identity fraud and a smart way to make better onboarding decisions.
Frequently Asked Questions
What is onboarding intelligence?
Onboarding intelligence is a collective term for a rich combination of identity data references, history and behavioural insights from multiple commercial and government sources. These insights help brands recognise good customer prospects and spot fraud signals from suspicious identities.
What is an identity data network?
An identity data network, often referred to as an identity data consortium, is a collaborative network of businesses seeking to improve fraud prevention and detection by pooling resources and sharing transaction data insights. Such networks help to identify known fraud perpetrators and techniques while maintaining a positive customer experience.
What is GBG Trust?
GBG Trust is a unique identity data network combining millions of consumer attributes gathered from a cross-sectoral consortium of hundreds of global businesses. Powerful consumer trust insights are made possible from the presence of positive data matches or suspicious anomalies in the network while preserving complete data privacy.
Is my customer data shared on the GBG Trust network?
No, complete data privacy is preserved. Trust insights and fraud signals derived from the data are shared to produce a GBG Trust score – the data itself is not shared. No data is disclosed to network participants that is not already known and no indication of the origin of data records is ever revealed.
How do I join GBG Trust?
Access to GBG Trust is simple to set up through a web-based solution, batch process or a single integrated API, with GBG Trust scores easily activated alongside your existing checks. If you’re ready to stop fraud and fast-track great customers at the first point of contact, get in touch with our Trust experts to join the network.
Sign up for more expert insight
Hear from us when we launch new research, guides and reports.
