In 2020 the US Government signed the CARES Act, which made an enormous amount of money available to those who had lost their job as a result of the COVID-19 pandemic. Sadly a lot of this money was claimed by criminals using stolen identities. In some cases this led to the victims getting unjustly fined for the malicious practices of the criminals. The worst part is that most victims were not even aware that their identity had been stolen in the first place.
This enormous vulnerability in the system, which allows fraudsters to claim benefits, was made possible by the availability stolen digital identity documents and the lack of strong verification in the application process. At the same time this scheme had little to no risk as it was possible to almost completely obfuscate any digital trace of your real identity and location using VPNs and location faking.
Identity theft victims must be protected, as most victims are not even aware of their identity being stolen. Applications that could lead to significant fines or costs should be adequately protected. Sadly identity theft is extremely hard to prevent as hackers always look for the weakest point in digital infrastructures.More effort should be made to strengthen digital forms of identification using untransferable attributes of a persons physical identity.
Authentication systems are already adopting the use of physical attributes of a persons identity. This is called multi-factor authentication and makes use of one of 5 categories of attributes. Location is considered one of the more secure attributes and has recently started being used more often for security systems. Reapplying the knowledge from the security domain to identity verification is not only sensible but also very necessary.
The majority of the identity fraudsters are based overseas, with the hotspots being West Africa and South America. This presents both a problem and an opportunity. The problem is that it is very difficult to prosecute criminals in other countries as local enforcement is not always keen to cooperate, however it does create an opportunity for location based risk profiling. Any application being made from overseas can immediately be flagged and investigated further.
To understand why so many criminals could so easily apply for benefits with stolen identities it is important to understand the process of digital identity verification. These applications require proof of multiple personal attributes as well as personal information. The underlying idea is that only the owner of the identity would be able to reproduce all this data. Sadly gathering a complete data profile has become very easy with many data leaks. Documents that used to be a secure method of identification in person are trivial to fake in a digital format.
Preventing malicious use of stolen identity data lies in utilizing multiple hard to fake security layers. Attributes that are hard to fake, time sensitive and unique to you are ideal. Proof of location using GPS measurements is a great example of this as it is very hard to fake, very time sensitive (down to the nanoseconds) and unique to where you are. When this is combined with other strong methods of verification we can protect ourselves from identity fraud.