When everybody on the road is learning to drive, accidents are bound to increase. Add to this a few people with criminal intent behind the wheels, you can imagine the chaos that will result. What is happening in the cyber world is not very different when you think about it.
Digital transformation and data breaches
The digital transformation sweeping across the country has brought forth as many threats as opportunities. Perhaps more threats than opportunities, given the avenues fraudsters have to commit highly sophisticated identity theft fraud.
Also, the COVID-19 pandemic has forced individuals and the enterprise to operate primarily in the WFH mode. As a result, people are spending more and more time on the internet, uploading an incredible amount of personal data which can be easily manipulated by fraudsters. Data breaches have become a massive source of acquiring such data, especially in recent times.
What you ought to know about data breaches
Data breach is nothing new and people have been trying to tackle it by various means like tightening cyber security, enacting laws, sensitising citizens and others. But, they never seem to be enough and data theft does keep happening.
In one of the recent cyber attacks, as many as 25 lakh customers suffered a data breach in Upstox. The information which was leaked, contained names, email IDs, dates of birth, bank account information and about 560 lakh KYC documents.
User data have been compromised from a lot of other companies and are up for grabs on the dark web. 350 lakh user accounts along with fingerprint data were taken from Juspay in August 2020. BigBasket lost data which included even pin numbers and location details of close to 200 lakh customers in November. In the beginning of the previous year, as many as 30 lakh text messages, sent to customers, with their transaction and account balance details were stolen from India’s largest bank, SBI.
Identity theft and account takeover frauds are at an all time high, and the adage “prevention is better than cure” is perhaps more relevant than ever when it comes to your data security.
Identity Theft: Here’s how the fraudsters go about using stolen data
Looking at all the data breaches that are happening, two things stand out:
- One, there is an abundance of genuine data out there. Details such as phone numbers, usernames, email IDs, KYC documents, all belonging to real people, can be easily lifted off by fraudsters from the dark web.
- The other is the sophistication of the fraudsters who always seem to be one step ahead of all the cyber security establishments in terms of their practices.
The fraudsters use a combination of fake and genuine personal information of people to create authentic looking identities. For example, a fraudster might use a stolen Aadhaar Card number along with personal information of multiple people such as email IDs, phone numbers, etc., to form new identities.
When all these data points are combined, the identities could appear genuine given that individual details are real.
Over a period of months, they build good credit ratings for these fake identities. And when the time is right, they take out as many lines of credit as possible from different lenders and go bust.
To the lenders, these applications look genuine and hence such fraud go undetected at first.
Related read: Sharing of OTP is where fraud end. But where do they begin?
Data breaches and its impact on the financial industry
Like every other thing, data breaches entail a significant cost. One of the largest fraud schemes involving identity thefts led to confirmed losses for businesses and financial institutions totalling more than $200 million. The fraudsters fabricated more than 7,000 false identities, which were used to obtain thousands of credit cards.
It is imperative then for organisations to put in place and continually upgrade security measures covering all channels through which they interact on the web. There is a need for identifying and controlling these fraud as and when they emerge.
IDfy’s Email Validation API
Of all the fraudulent methods described above, identity theft and account takeover through emails easily take the cake. This is where the Email Validation API of IDfy comes into play. We identify and flag malicious emails as soon as they sign-up for any of the services you offer; be it credit cards, personal loans, or account openings.
It validates the email ID of your customer at the time of sign-up against questions such as:
- Is the email ID disposable?
- Has it been associated with data breaches in the past?
- Has it been associated with fraudulent behaviour in the past?
- How recently was it created?
As in many live crimes, there are discernible patterns in which fraudulent accounts operate. Our API can recognise and map those patterns and can provide an overall risk score for these IDs.
The fight against identity theft is far from over and owing to its high internet usage, India has turned into a hunting ground. In the first quarter of 2020 alone, we saw a surge of 37% in data breaches in India compared to 2019. With so many new users being added up on a daily basis, it is impossible to educate everyone on the nuances on data protection. But you can learn how to drive your car safer.
Are you a financial institution looking to protect yourself from such fraud? Come talk to us at IDfy…
Follow us on your preferred social media channels for regular updates.
