the short story | episode 1

Top takeaways on the state of identity-related exploitation

In January, the Financial Crimes Enforcement Network (FinCEN) released a highly anticipated report on identity-related suspicious activity. Join Daniel Flowe, our Head of Digital Identity Strategy, as he delves into the report findings and highlights threats that are unique to money service businesses.

You will learn about: 

  • Common attack vectors encountered by financial institutions 
  • Tactics employed by scammers and money launderers
  • Proactive measures your organization can take to to spot and exploit potential weaknesses in identity verification

Watch the video

Hi, my name is Daniel Flowe.It is my absolute privilegeto welcome you to a new video series we're calling The Short Story.So just last month, FinCEN released a highly anticipated reporton identity-related suspicious activity.The biggest revelation from this report is that almost half the totalnumber of BSA reports files with FinCEN in 2021 were in some way related to identity.Those reports were 1.6 million in quantity,but they totaled 212 billion dollars in value.That is a staggering amountof suspicious activity that can be directly linked to identity.Reminding all of usjust how widespread identity-related exploits areand how important it is for us to get identity right.The report categorizes the three common waysthat attackers defraud institutions and individuals.Number one is impersonation.Most attackers used impersonation.Impersonation issimply, when you take steps to conceal your true identityand attempt to transact as someone else.So number two was compromise.Compromise is when attackers use compromised credentials or gainillicit access to systems in order to bypass identity verification processes.Interestingly, compromise is the most costly form of attackbased on the data in their report. In third is circumvention.Circumvention was the least common identity exploit,but it certainly happened well represented in the data.Circumvention is when an attacker or fraudster takes stepsto bypass, to circumvent or otherwise work around an identity verification process.One of the things that I found most interesting in the whole reportare the data points related to MSBs, or money service businesses.Now, almost every financial institution contained in the report saidthat their number one most common attack vector was impersonation.This makes sense.We just detailed that impersonation is the most common attack vectorexperienced by financial institutions except for by money services businesses.So MSBs reported circumvention as comprising not justmore than any other type of attack, but more than half their total attacks.MSBs were incredibly well represented in the data.So the number two reporter of identity related suspicious activity.(Inaudible)This is more of a small anomaly.This is a really interesting outlier for us.So what this suggests is that the circumvention attacksare primarily composed of using straw men for third party money launderingand circumventing standards,uniquely focused on MSBs as a type of a file.MSBs obviously covers a broad swath of institution types,and they're all subject to the sameAML requirements as any other financial institution.But it does imply that scammers and moneylaunderers are probing and investigating different MSBs.They're trying to find weaknesses they can exploit.Jimmy Kirby, the deputy director of FinCEN, said"To get financial services right,we've got to get identity right."I'll read his words here, but that means implementingidentity solutions that preserve privacy, promotefinancial inclusion, protect the integrity of the financial system.To me, this report serves as a really important baseline on thestate of identity-related exploitation with a ton of good data behind it.If you're an organization at risk of identity related exploitsand I would go so far as to say that based on the data in this report,if you're a financial institution, you're by definition an organization at risk ofidentity-related exploits.We encourage you to take a look.Maybe start with the NIST Digital Identityguidelines that FinCEN used as a framework for this report.NIST really does a fabulous job of laying outthe different options for identity verification.How to combine them for different levels of assurance,and how you can be confident that you risk profileand the steps that you're taking verify identity match and that you'reputting a good solution in place. For all the consumers out there,Please take steps to protect your information.Thankyou for tuning in to this first episode of The Short Story.We really hope to see you around for future episodes.Thank you. Goodbye.

Get in touch

Help & Support

Already a customer?

Office locations

Contact LSEG near you