the short story | episode 2

How will content-based ID verification survive the AI evolution?

Get in touch
  1. Overview
  2. Episodes
Get in touch

The landscape of financial security is rapidly changing, and generative AI is at the forefront of this transformation. In this episode of The Short Story, we delve into an investigation that is both fascinating and alarming. Join Daniel Flowe, a leading voice in digital identity strategy, as he unpacks the complexities of AI in the financial sector, discussing:

  • The startling ease of creating synthetic identities and bypassing traditional security measures
  • The need to complement content-based verification with data-based methods
  • How authoritative data sources can bolster confidence in user identity verification

Watch the video

Hi, my name is Daniel Flowe.It is my absolute privilegeto welcome you to a new video series we're calling The Short Story.So just last month, FinCEN released a highly anticipated reporton identity-related suspicious activity.The biggest revelation from this report is that almost half the totalnumber of BSA reports files with FinCEN in 2021 were in some way related to identity.Those reports were 1.6 million in quantity,but they totaled 212 billion dollars in value.That is a staggering amountof suspicious activity that can be directly linked to identity.Reminding all of usjust how widespread identity-related exploits areand how important it is for us to get identity right.The report categorizes the three common waysthat attackers defraud institutions and individuals.Number one is impersonation.Most attackers used impersonation.Impersonation issimply, when you take steps to conceal your true identityand attempt to transact as someone else.So number two was compromise.Compromise is when attackers use compromised credentials or gainillicit access to systems in order to bypass identity verification processes.Interestingly, compromise is the most costly form of attackbased on the data in their report. In third is circumvention.Circumvention was the least common identity exploit,but it certainly happened well represented in the data.Circumvention is when an attacker or fraudster takes stepsto bypass, to circumvent or otherwise work around an identity verification process.One of the things that I found most interesting in the whole reportare the data points related to MSBs, or money service businesses.Now, almost every financial institution contained in the report saidthat their number one most common attack vector was impersonation.This makes sense.We just detailed that impersonation is the most common attack vectorexperienced by financial institutions except for by money services businesses.So MSBs reported circumvention as comprising not justmore than any other type of attack, but more than half their total attacks.MSBs were incredibly well represented in the data.So the number two reporter of identity related suspicious activity.(Inaudible)This is more of a small anomaly.This is a really interesting outlier for us.So what this suggests is that the circumvention attacksare primarily composed of using straw men for third party money launderingand circumventing standards,uniquely focused on MSBs as a type of a file.MSBs obviously covers a broad swath of institution types,and they're all subject to the sameAML requirements as any other financial institution.But it does imply that scammers and moneylaunderers are probing and investigating different MSBs.They're trying to find weaknesses they can exploit.Jimmy Kirby, the deputy director of FinCEN, said"To get financial services right,we've got to get identity right."I'll read his words here, but that means implementingidentity solutions that preserve privacy, promotefinancial inclusion, protect the integrity of the financial system.To me, this report serves as a really important baseline on thestate of identity-related exploitation with a ton of good data behind it.If you're an organization at risk of identity related exploitsand I would go so far as to say that based on the data in this report,if you're a financial institution, you're by definition an organization at risk ofidentity-related exploits.We encourage you to take a look.Maybe start with the NIST Digital Identityguidelines that FinCEN used as a framework for this report.NIST really does a fabulous job of laying outthe different options for identity verification.How to combine them for different levels of assurance,and how you can be confident that you risk profileand the steps that you're taking verify identity match and that you'reputting a good solution in place. For all the consumers out there,Please take steps to protect your information.Thankyou for tuning in to this first episode of The Short Story.We really hope to see you around for future episodes.Thank you. Goodbye.

More episodes

View all episodes

episode 4

Crypto Spring: can we foresee a new era for crypto?

As the crypto industry blooms into what’s being called the ‘Crypto Spring’, we’re here to dissect the complexities and opportunities that lie ahead.

episode 3

How to make corporate registries effective tools against financial crime

Garbage in, garbage out. In this episode of the Short Story, Daniel Flowe, our Head of Digital Identity Strategy, takes a hard look at the vulnerabilities within corporate registries that are exploited for financial crimes.

episode 1

Top Takeaways on the State of Identity-Related Exploitation

In January, the FinCEN released a report on identity-related suspicious activity. Join us as we delve into the report findings and learn about threats that are unique to money service businesses.

Get in touch

Help & Support

Already a customer?

Get help through MyAccount
external

Office locations

Contact LSEG near you

Find your nearest LSEG office