Summary: Identity theft is a growing problem, it’s when someone steals personal information about an individual. Identity fraud is what happens when someone uses that information to commit fraudulent activity like money laundering and is a serious concern for many FI’s today. Let’s take a look at how AML solutions help prevent this.
Both offline and online transactions have their share of breaches and trust issues. That is to say, crimes are not limited to physical structures as they are possible through the internet. However, in online transactions, identity violations, data breaches, theft, among other irregularities, are referred to as cybercrime while the perpetrator is known as a cybercriminal. It is a statement of the fact that data breach is synonymous with identity theft and fraud. While identity theft is a compromise or unauthorized access to users’ identity, identity fraud uses the details obtained to perform unauthorized transactions. By implication, the perpetrators, hackers breach data to steal as much identity they want.
To protect online users, specific laws and regulations became necessary. These laws are referred to anti-money laundering laws; in some jurisdictions like India, they are called the Prevention of Money-laundering Act (PMLA). This article addresses how identity fraud affects money laundering.
Identity fraud and anti-money laundering act.
Let’s start by explaining identity fraud and AML through illustrations: a user, say a PayPal user who wants to receive or make payment somehow got some information licked. The hacker, who finds a way of compromising the account, starts to decrypt the account information. Upon having the required tools to gain access to the account, the hackers compromise the user’s identity. At this point, the hacker is committing identity theft.
If the hacker goes further to use the user’s details, say a credit card or wallet address of digital assets for economic gain, it becomes an identity fraud. In an attempt to help protect the user’s account, as in the case of the recent Twitter bitcoin scam where prominent persons, exchanges and some corporate accounts were hacked including Coindesk, Binance, Apple, Elon Musk, etc. a set of cryptographers, researchers or programmers set to track the destinations of the funds. Although researchers applied cryptography and cybersecurity countermeasures to track the destination of funds, the identity and even the funds weren’t recovered.
Likewise, a hacker with a bank customer’s sensitive data may defraud the victim using a few details like biometric verification number. However, before and during Twitter development, the network has some regulatory guidelines to meet to mitigate identity fraud in the future. Most cybercrimes are an attempt to launder money, evade tax, sanctions, etc., hence, making the state concerned with maintaining normalcy. The states and their associated institutions try to restore normalcy by enacting laws and regulations that will guide digital identities because once identity is compromised, there will be fraudulent transactions.
For identity fraud to occur, there must be identity theft, synthetic identity, or account takeover. It happens through Phishing, malware, blackmailing, among others. Identity fraud can come in Credit card fraud, Loan or lease fraud, Phone or utility fraud, and Government-issued documents or benefits fraud, etc. Below are broad classifications of identity theft:
Synthetic identities: when a hacker or a cybercriminal combines a real and fake identity to create a new account, it is called synthetic identities.
Account Takeover (ATO): there are many fake accounts, rewritten by hackers to defraud people. Consequently, the hacker goes a long way to perform fraudulent transactions with the victim’s identity. Simply put, account takeover happens when a cybercriminal steals and rewrite an account of their victim. For instance, in financial services, hackers can clone accounts to receive or solicit support on behalf of the victim.
Effects of identity fraud on AML measures
In online research conducted by The Harris Poll on behalf of NortonLifeLock among 10,063 adults (aged 18+) in 10 countries, including India, 4 out of 10 respondents are identity theft victims. Identity fraud effect AML acts in several ways, as listed below:
Difficulty in onboarding clients KYC
Know Your Customer, often called KYC is an AML compliant measure that helps compliant team and regulators file and onboard users’ identities on their network. Because of the complexities of identity fraud, the process becomes slow and ambiguous. According to the Thomson Reuters survey in 2017, it takes financial institutions up to 2-4 weeks to onboard new customers.
The delay is because the KYC team is taking due diligence to reduce identity fraud. For instance, many channels, including ransomware, and malware programs, make fake identities difficult to detect. The dark web comprises hackers and cybercriminals who falsify and sale identities. Consequently, dark webs and other ransomware and malware are frustrating KYC processing.
The increasing cost of AML acts
The time they say is money. If a simple KYC process that should take a few minutes takes weeks, the cost becomes high. In a commissioned Forrester report on the Total Economic Impact (TEI) of Regulatory Onboarding, it costs an average of $6,000 to onboard new customers, considering factors like risk rate, country regulations, etc.
Updating AML acts
New fintech solutions are evolving, for instance, Openfinance. Therefore, AML acts should include the emerging Fintech evolutions to enable an all-encompassing law that will include an Open finance network. That way, cybercriminals will not exploit the weak regulations to launder money.
Using big data, Blockchain, and other emerging technologies could further improve anti-money laundering acts. For instance, applying Blockchain will secure identity in a timestamp and transparent manner. Hence, improving AML compliance.