Digital identities are vital, but come with risks

While digital identities are key to protecting people and institutions from financial fraud, these can also be abused in a ‘Big Brother’ manner.

While digital identities are key to protecting people and institutions from financial fraud, these can also be abused in a ‘Big Brother’ manner.

Published Jun 9, 2024


By: Nicola Mawson

WHILE digital identities are key to protecting people and institutions from financial fraud, these can also be abused in a “Big Brother” manner.

Astrid Ludin, Financial Sector Conduct Authority deputy commissioner, says although there are great opportunities for a cohesive digital identity thanks to digitisation, which can be good for society and an economy, there are associated risks. Cybercrime is the digital thread that runs through all of this, an issue that companies and people must deal with globally.

Speaking at the recent Southern African Fraud Prevention Service International Fraud Summit, she says it is vital to authenticate and verify the people transacting on both ends of the deal. “It’s never been more important than it just now.”

As a result, says Ludin, digital identities are key for providing the certainty that you are transacting with the right person, whether that’s as a consumer or an industry perspective.

A digital identity is generally a collection of people’s data that is stored on computer systems that relate to individuals, organisations, applications or devices. It lets digital systems manage interactions between different parties.

Ludin explains that a digital identity provides certainty that makes it possible for consumers to access services efficiently, quickly, conveniently and securely. “It’s foundational for social and economic inclusion in our country; it’s particularly important.”

Yet, digital identities also introduce risks in terms of violations of human rights, as there is the potential for political interference and such identities need to be safeguarded in much the way that money is protected. “It’s the whole big brother kind of idea.”

“When we talk about governance, we are talking about those frameworks that are necessary to ensure the responsible, secure development, maintenance, and use of digital identities,” says Ludin. “It’s very important, not only at a national level, that frameworks are in place, but even at an entity level, at a financial service provider level. How you use those technologies internally is equally important.”

South Africa, says Ludin, has smart documents – such as the smart ID card – as well as privacy laws in place such as the Protection of Personal Information Act. What we lack, she says, is a national framework and real clarity about who’s responsible for what beyond the Privacy Regulator.

“There’s a lack of clarity around this. And until we’ve got that clarity, it could potentially, hamper full development of trust in these in digital identities.”

Trust is vital, says Ludin. She cites the OECD recommendations, which are based on three principles. “The first is that digital identity systems need to be user-centric and inclusive. The second one is that there’s a need to strengthen the governance of digital identity. And the third one is that it needs to enable cross-border use.”

Ludin also points to a trust deficit in government, which raises questions around the role that the national government should play.

“When we talk about digital identity, it’s about the responsible use of it and protections.”

Meanwhile, Mark Courtney, chief product officer at UK-based Cifas, said the fraud monitoring group had seen much more fraud in the UK, with a new case been logged on its database every few minutes.

Courtney was another speaker at the Southern African Fraud Prevention Service International Fraud Summit. He said fraud in the UK accounted for 40% of all crime, and the police were woefully understaffed to deal with it.

“It's an enormous problem,” he said.

CIFAS, a not-for-profit organisation working to reduce and prevent fraud and financial crime, has the UK’s largest cross-sector fraud-sharing database. It’s most recent Fraudscape report notes that in 2023, its 750 members prevented more than £1.8 billion (R43 billion) in fraud losses.

Courtney says the cost of living and the growth in hybrid working in the UK has “provided a rich seam of opportunity for criminals to exploit”. Hybrid working often meant that networks were less secure than they would be in the office.

“These circumstances have also increased incentives for those who may be struggling financially to commit fraud to generate additional income. The fraud trends we identified in 2023 continue into 2024, with an increased risk of identity theft, first party fraud, and internal fraud.”

Courtney said identity fraud was still the main problem, with around 64% of all its data relating to identity fraud. In 2023, the organisation saw a 40% increase in what it calls “facility take over”, which Courtney described as “bad actors trying to get control of existing accounts, whether that be the application of new services or taking loans out on top of existing facilities”. This was also happening in the telecoms sector, where criminals fraudulently took out mobile contracts.

The Fraudscape report also notes that given that much of the fraud is linked to people who have been in their jobs for less than a year, it’s possible this could be an early indication that employees are more willing to risk engaging in dishonest conduct in the early stages of employment. Courtney said this may mean criminals are specifically targeting job roles where they have the chance to steal.

He said that at the same time, many fake identities were being created by AI and looked authentic. AI was also being used to generate phishing attacks and get hold of people’s personal information. Social engineering and brand impersonation was also becoming more widespread.

“We used to see a lot of spelling mistakes and errors in phishing emails. I think, probably with the use of things like ChatGPT or other AI tools, they are becoming much more professional looking and much harder to detect.”

More fraud kits, which provide tools to enable fraud through sending emails or taking money, were becoming available, said Courtney. However, he noted that law enforcement has had some success in closing down this line of criminality.

Courtney also pointed to more payment evasion, in which criminals buy an asset such as a car, make a few payments, and then sell the item.

“We think that's driven by economic pressures. More and more people in the UK are looking for those first party fraud ways to make money and make ends meet.”

More people under the age of 21 are also being persuaded to allow the use of their bank accounts for money laundering, said Courtney. As a result, he said, the non-profit organisation was working with schools to educate students about these sorts of crimes.