Industry

Trust and safety survey insights: Fighting identity fraud in the age of GenAI

Persona’s trust and safety survey reveals that although many fraud fighters feel effective, few have the tools to proactively mitigate identity fraud at the scale generative AI has introduced.

Illustration of a fraudster broken up into panels of different lengths (like a bar chart)
Read time:
Share this post
Copied
Table of contents
⚡ Key takeaways
  • Identity fraud is a top priority for most organizations, and one of the most challenging types of fraud to prevent. 
  • Most survey respondents feel they can effectively protect their organization when reacting to fraud attacks, but they’re not as confident about proactively getting ahead of the fraudsters.
  • Generative AI accelerates both known and unknown fraud types, so balancing reactive and proactive solutions may become increasingly challenging when resources are limited.

Trust and safety teams are increasingly asked to do more with less, which is why having the right tools and the support of other departments can be important. 

In August 2023, Persona fielded a survey targeting trust and safety, fraud, and risk professionals to better understand the current state of identity fraud. In reviewing the results and discussing the findings with six industry experts, two things became clear: Identity fraud remains a priority, and most people don’t feel that their fraud tech stack helps them proactively fight fraud.

You can find the complete survey results, analysis, and suggestions in our Trust and safety report: Tamping down identity fraud in the GenAI age. Here are a few key takeaways that you can use to benchmark your approach and spark ideas on how to fight identity fraud in the age of generative AI.

Fraud survey
Trust and safety report: Tamping down identity fraud in the GenAI age
Read the report

Identity fraud is a top priority across departments

In addition to hearing from members of trust and safety, risk, and fraud departments, survey respondents came from product, finance, sales, and operations. The good news for fraud fighters is that the majority of all respondents (80%) say fraud is a priority for their organization — almost half (50%) say it’s a top priority. 

This isn’t surprising, as new regulations, such as the INFORM Consumers Act in the U.S. and the Digital Services Act (DSA) in the EU, make identity verification a requirement for online platforms and marketplaces. Additionally, people are recognizing how important it is to establish and maintain users’ trust, which can be permanently lost with a single fraud event.

Heidi Landenberger, lead fraud investigator at the online learning platform Udemy, highlights another reason you need to prioritize fighting identity fraud. “Identity fraud is a critical building block for many other types of fraud,” she says. “Tackling the identity fraud component can weaken or entirely prevent other kinds of fraud attacks.”

AI-powered attacks aren’t a completely new threat

Generative AI and large language model (LLM)-driven attacks are top of mind for many fraud fighters, and bad actors are certainly using and experimenting with these tools.

For instance, almost half of organizations (49%) have suffered from identity fraud attacks involving fake or stolen documents, fake images, or fake voices in the past 12 months. We don’t know how many of those involved AI, but there have been countless cases of fraudsters using deepfaked videos and images, including AI-generated selfies, for identity verification. 

Organizations also reported high levels of phishing attacks (27%), which might have involved generative AI-written emails or texts.  

One important thing to remember is that defending against attackers who use AI won’t necessarily require you to start from scratch. As the examples above demonstrate, AI might enhance or expand existing attacks, but even if we see some novel AI-powered fraud in the future, incremental improvements in existing tools and policies may be enough to stop many of today’s AI-powered attacks. 

Passive signals remain popular among fraud fighters

Passive signals can help you detect bad actors without interrupting a good user’s experience, making them an effective tool for scaling fraud defenses with limited resources. Perhaps that’s why the top preferred fraud solutions were database verifications (40%) and email risk signals (33%). 

Other types of passive device and behavioral signals may include the user’s IP address, location data, device fingerprint, browser fingerprint, phone risk reports, VPN usage, mouse movements, and typing speed. 

To fight fraud more effectively, many respondents (50%) said they’d invest in web application firewalls (WAFs) and network security. These can be particularly helpful at stopping high-volume attacks — which may become more prevalent as fraudsters increasingly use AI. 

They also recognized that it’s not possible to completely bypass adding friction. About a third of respondents (31%) said government-issued ID verifications were their most effective tool at detecting potential fraud attacks. You can use these during KYC when onboarding users, or as a step-up verification based on other risk indicators. 

Arjun Ramakrishnan, head of risk at GoDaddy Payments, shares that the ability to dynamically change the user experience on its platform is a core aspect of its fraud detection and mitigation strategy. “Identity verification is one piece of fraud detection/mitigation at GoDaddy Payments, albeit a critical one. At GoDaddy Payments, IDV is used as a step-up friction for applications and transactional activities that are deemed higher risk.” 

Finding a balance between reactive and proactive responses

The majority of survey respondents (82%) felt their organization effectively addressed fraud attacks. However, there were outliers in some industries, such as e-learning (29%) and gaming (58%). 

In addition to the passive signals, many use various tactics to combat fraud, including working with internal and external experts, offering fraud-specific employee training, selectively adding friction, and communicating with users. 

Missing from the list is technology that helps you stay ahead of fraudsters. In fact, the majority (64%) said that their current fraud tech stack doesn’t help them proactively fight fraud. 

Proactive approaches could include:

  • Using link analysis to uncover relationships in raw data and improve fraud models. Link analysis can help you stop fraud-connected users before they get into your system and remove fraud-linked accounts before they can strike.
  • Gathering industry-specific intelligence to learn about new fraud tactics, techniques, procedures, and trends before they reach your organization. 
  • Creating dynamic flows that add or remove friction to stop fraudsters while minimizing the impact on good users. 
  • Enlisting your users in the fight. Jas Randhawa, founder and managing partner at StrategyBRIX, says reading and analyzing user complaints can be exceptionally useful in revealing unique fraud patterns. “Proactively let users know how they can keep your platform and community safe by filing complaints — these can be a gold mine for understanding fraudsters’ behavior and getting ahead of them.”
  • Working with solution providers that continually ask for feedback and invest in new functions and features to address novel attacks you’re experiencing. 

Some proactive approaches will involve other departments. For example, you may want to update policies and procedures — 47% of respondents recommended doing so — and this could require buy-in from customer service, legal, security, IT, or growth. 

“Whenever we're dealing with fraud attacks, usually the first thing we do is try to scope the attack and get a handle on exactly what's happening,” Heidi says. “Based on what's happening, what we do varies in response. Some things our fraud team can clean up ourselves. Some things we may need to ping application security or information security for because we may need to make use of different tools that they have access to or get their sign-off for changes we can make. But we’re able to move fast, even cross-functionally, because we’ve developed good relationships with those teams.”

Being able to explain the ROI of fraud prevention can help align goals and make fighting fraud a higher priority at your organization. If you’ve already done this work, making an ask could be much easier. 

Persona empowers fraud fighters

At Persona, we know that fraud looks different at every company, and what works in one organization may not work for another. Some organizations may need to invest in new fraud technology. Others may get more immediate results by reconfiguring their existing identity verification and fraud prevention tools. 

That’s why we offer the building blocks you can use to create and customize your identity, fraud, and compliance processes. Our no-code integrations can help you consolidate existing tools onto a single platform, streamlining processes and enabling teams to efficiently and effectively investigate suspicious activity. 

You can read more of the key takeaways and expert insights from the survey in the Trust and safety report: Tamping down identity fraud in the GenAI age. Or connect with Persona to find out how we can help you proactively fight fraud. 

Frequently asked questions

No items found.

Continue reading

Continue reading

Identity challenges in the travel industry: How hospitality businesses can fight fraud
Identity challenges in the travel industry: How hospitality businesses can fight fraud
Industry

Identity challenges in the travel industry: How hospitality businesses can fight fraud

Identity fraud in the travel industry has become increasingly common. Here are some common identity challenges and potential solutions businesses need to know about.

How digital health apps can overcome four barriers to converting users
How digital health apps can overcome four barriers to converting users
Industry

How digital health apps can overcome four barriers to converting users

New patients might abandon onboarding if they’re confused, frustrated, or overwhelmed. Here are four ways digital health apps can improve conversion.

How to create scalable and compliant international KYB processes
How to create scalable and compliant international KYB processes
Industry

How to create scalable and compliant international KYB processes

Industry experts discuss international KYB and debunk common myths while sharing how to build a scalable global KYB process.

How to protect your business against generative AI fraud
Industry

How to protect your business against generative AI fraud

Even ChatGPT’s founder is concerned about generative AI fraud. See why and learn how to fight deepfakes.

Generative AI in the world of trust and safety
Industry

Generative AI in the world of trust and safety

LLMs and other types of generative AI have the potential to destroy customer trust in your marketplace or platform. Learn more about the risks and solutions.

How to combat AI-generated selfies in verification processes
Industry

How to combat AI-generated selfies in verification processes

Learn how fraudsters are using AI-generated selfies to slip past verification systems — and what you can do to protect your business from this new threat.

Ready to get started?

Get in touch or start exploring Persona today.