Cybercrime: Online fraud: Increasing damage from false customers

According to cyber experts, the global wave of online crime will still gain force and dynamics in the coming years. A growing number of perpetrators succeeds in hiding their true identity behind invented personalities.

“Synthetic identities are an growing trend internationally,” says Stephen Topliss, specialist in fraud and identity at the US cyber security service provider Lexis Nexis Risk Solutions.

The Cyberfacheuer of the reinarian Munich Re assumes further increasing “damage frequency”, not least because artificial intelligence also facilitates criminal business. The trade association Germany reports on increasing risk of fraud for its companies.

The raw material invented identities: data leaks

But what is a synthetic identity anyway? “The perpetrators usually combine an invented identity with real data: real credit card numbers, postal addresses, email accounts or telephone numbers, also frequently stolen social security numbers in the USA,” says Topliss. The data comes from data leaks and are traded in the Darkweb.

In addition, there are two other methods with which the perpetrators get false identities: “There are – especially AI -driven – completely synthetic identities that are invented one hundred percent,” says Martin Kreuzer, cyber specialist at Munich Re and former investigator. And in the third version, “various existing identities are digitally stored and composed”.

However, the result is identical in any case: it becomes more difficult to discover the perpetrators. Since Corona pandemic, not only Lexis Nexis Risk Solutions has observed continuous growth in online fraud and other crimes on the Internet.

Stolen real identities for the perpetrators risky

A few years ago, many perpetrators had used completely stolen identities, says Topliss. “But now we see a lot more of these synthetic identities. These can be used in different ways and sages: to set up customer accounts in online trading or for applying for credit cards.”

For criminals, a stolen identity carries the risk that the associated real person will quickly notice when bought in his name or transferred money.

“In banking, the perpetrators use synthetic identities to set up” mule accounts “that are used for money laundering,” says Topliss. “At first there is no victim to stand out because the person who has set up the account does not exist at all.”

Most of the online retailers confronted with false customers

A large field of activity for the perpetrators is fraud in online shopping. “Identity fraud in various forms is one of the most common fraud stitches in online trading,” says a spokesman for the HDE trade association, referring to a survey by the CRIFT Economic Occupation.

According to this, 92 percent of German e-commerce companies had already confronted with the fact that a customer pretended to be false or foreign identity. “For example, fraudsters order with stolen data on account and have the goods deliver to parcel stations or vacant apartments.”

Often, a few real data fragments – such as the name and date of birth or chopped login data – are often sufficient to create a synthetic identity that works real when registering in the online shop. “For online retailers, the technical and financial effort to verify customer identities has increased significantly in recent years,” says the spokesman.

Field of activity for beginners

Fraud in online trading is the largest damage driver in the cyber insurance segment for private individuals, as Munich-Re expert Kreuzer says. “In the area of ​​cybercrime, identity theft and the associated fraud stitches are a kind of start. Beginners try out and sometimes buy instructions and tools from significantly more professional organizations.”

AI creates scale effects and can be used, for example, for the automated distribution of phishing emails. “Skalen effect” means that the more one product is produced for – in this case criminal – companies.

“AI can also be used to create new malware,” says Kreuzer. “That speaks for an increased damage frequency in the future.” The burdens could lead to bankruptcy for the companies that are affected by fraudulent customers. “Especially for companies that are already in economic imbalance, a cyber attack of the famous drops, which causes the barrel to overflow.”

Damage in billions of billions, and the trend is rising

The exact height of the damage caused by cyberters is unknown. Estimates go into the billions, and the trend is rising. In their statistics, the police and judiciary do not record separately whether an act was committed online.

The quota of fraudulent online orders in retail is also valued: an average of around three percent, as the spokesman for the trade association says. In the CRIFURM survey, 43 percent of German online retailers put their fraud-related damage to sums between 10,000 and 100,000 euros; A good fifth even suffered losses of over 100,000 euros.

There is no effective standard for identity examination

National borders blur in the area of ​​cybercrime, since the perpetrators often do not live in the country where they commit their actions. “A main problem is that there is no international standard for the authentication and verification of identities,” says Ralf Wintergerst, CEO of the Munich security technology manufacturer Giesecke+Devrient and President of the digital industry association Bitkom.

“If every country builds a small solution for itself, they are often not internate.” The financial flows, on the other hand, are international. “An agreement on a standard is difficult within the European Union, then all the more internationally,” says the top manager.