TL;DR: Mobility fraud is shifting from simple account takeover to ghost drivers, fake IDs, money laundering, and QR-code scams in vehicle services, according to SumSub’s podcast with Tesla Financial Services. The governance problem is less about one-off abuse than proving who or what is entitled to operate a service at booking, payment, and handoff time.
At a glance
What this is: This is SumSub’s podcast discussion of growing mobility fraud, focusing on how criminals exploit vehicle services through fake identities, ghost drivers, money laundering, and QR-code scams.
Why it matters: It matters because mobility platforms now sit at the intersection of customer identity, payment risk, and fraud operations, so IAM and trust controls need to handle both human users and service-side entitlement checks.
👉 Read Sumsub's podcast on fraud trends in mobility services
Context
Mobility fraud is the abuse of digital identity, payment flows, and service access in ride-hailing, rentals, and related vehicle services. The core governance problem is proving that the person, credential, or device using the service is actually entitled to complete the transaction.
For IAM and fraud teams, the lesson is that identity controls cannot stop at account creation. They have to continue through booking, payment, handoff, and exception handling, because attackers increasingly buy or manufacture profiles rather than breaking systems outright.
Key questions
Q: How should mobility platforms reduce fake identity abuse without slowing legitimate users?
A: Use risk-based identity assurance instead of one-time verification. Stronger checks should appear when behaviour, device history, payment patterns, or location context change. The goal is not to block every edge case, but to make it hard for bought or synthetic identities to move from signup into real service use without triggering additional scrutiny.
Q: Why do mobility services need more than standard account authentication?
A: Because the business risk is not only account access. A user can authenticate correctly and still be a fake driver, a mule account, or a fraudster exploiting a QR-code flow or payout path. Mobility platforms therefore need controls that cover identity proofing, transaction monitoring, and service handoff assurance together.
Q: What do security teams get wrong about fraud in vehicle services?
A: They often treat fraud as a back-office exception instead of a lifecycle problem. In mobility, the same identity may be abused at onboarding, payment, service delivery, and refund stages. If those stages are owned separately, attackers can move through the cracks between teams and controls.
Q: Who is accountable when a mobility platform is used for fraud or laundering?
A: Accountability usually sits across identity, fraud, payments, and operations, because the abuse path crosses all four. If identity assurance, support override rules, and payout controls are owned separately, the platform needs explicit governance for escalation and review. That shared accountability is what closes the gap between policy and execution.
Technical breakdown
Fake identity onboarding in mobility services
Mobility fraud often starts before a ride or rental is ever completed. Criminals create or purchase synthetic profiles, fake IDs, or mule accounts to pass onboarding checks and establish a trusted-looking account. Once that account exists, it can be used to request vehicles, move money, or support laundering activity. The technical challenge is that the abuse is not always a login failure. It is often a successful identity proofing event followed by misuse of the resulting account. That means the risk sits at the boundary between verification, fraud scoring, and entitlement to service.
Practical implication: tighten proofing and post-enrolment monitoring so account legitimacy is re-evaluated when behaviour changes.
Ghost drivers, QR-code scams, and service handoff abuse
Service handoff is a weak point because the platform must trust that the driver, passenger, or renter present at the vehicle matches the recorded identity. Ghost drivers exploit this by using accounts they do not own, while QR-code scams redirect a user into a fraudulent flow that captures credentials or payment details. In both cases, the system may authenticate the account but still fail to verify the real-world actor behind the transaction. This is an identity continuity problem across digital and physical steps, not just a fraud filter issue.
Practical implication: add step-up checks at handoff points where the platform hands control to the physical world.
Money laundering through mobility platforms
Mobility services can be used as payment or transaction channels for laundering because they combine fast onboarding, distributed locations, and high-volume low-value activity that can look normal at a glance. Fraudsters may use stolen payment methods, layered accounts, or repeated bookings to obscure source of funds and cash out through refunds or driver payouts. The mechanism matters because the platform is not just verifying a user. It is also managing risk across payment identity, beneficiary identity, and behavioural pattern recognition. That requires closer integration between fraud operations and access governance.
Practical implication: correlate payment, device, and account signals so suspicious activity is detected before payouts or refunds complete.
NHI Mgmt Group analysis
Mobility fraud is an identity governance problem, not only a fraud problem. The article shows how services can be abused when platforms verify an account but do not continuously verify entitlement across the transaction lifecycle. That shifts the control question from simple user admission to whether the identity remains credible at each trust boundary. Practitioners should treat mobility services as governed identity journeys, not isolated sign-in events.
Ghost-driver and fake-ID abuse expose a trust gap between digital identity and physical presence. A platform can authenticate a user and still fail to establish that the person at the wheel, curb, or terminal is the approved actor. That gap is especially relevant where digital onboarding, remote payment, and real-world fulfilment happen in separate steps. The practical conclusion is that identity assurance has to extend beyond the login screen.
QR-code fraud and account buying create a reuse problem for trust signals. Once a profile is purchasable, the platform’s historical checks become less meaningful because the account no longer represents a stable person or device relationship. That is a governance failure mode rooted in weak continuity of identity assurance. For practitioners, the lesson is to look for signals that account legitimacy has detached from the original enrolment event.
Mobility platforms need cross-functional governance, not isolated verification controls. The fraud patterns described here span identity proofing, payment risk, and service operations, so no single team can own the full control plane. IAM, fraud, and compliance functions need shared thresholds for when identity confidence drops below acceptable risk. The field implication is that mobility providers should design for shared accountability across the transaction lifecycle.
From our research:
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
- That lifecycle gap matters because shared-service and partner integrations often outlive the business relationship, so readers should also review Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs.
What this signals
Mobility fraud teams should treat identity confidence as a moving threshold, not a static control outcome. When onboarding, handoff, and payout each carry different abuse patterns, one verification pass is not enough to establish trust for the whole journey. Teams that align fraud rules with IAM and support workflows will detect misuse earlier and reduce manual exceptions.
Profile-purchase markets create reusable identity shells that weaken the value of historical trust signals. Once an account can be bought or handed over, past good behaviour no longer proves current legitimacy. That is why platforms need monitoring that combines identity, device, and payment context rather than relying on account age or signup success alone.
For practitioners
- Re-check identity at service handoff points Require additional verification when the transaction moves from app usage to vehicle pickup, rental handoff, or payout approval. That is where ghost-driver and impersonation risk becomes operational.
- Correlate device, payment, and account behaviour Treat repeated bookings, mismatched devices, unusual refund paths, and rapid profile changes as one risk picture rather than separate alerts. This helps expose laundering and purchased-account abuse earlier.
- Tighten recovery and exception processes Review how account recovery, manual overrides, and customer support interventions are approved, because fraudsters often exploit these paths after initial enrolment succeeds.
Key takeaways
- Mobility fraud is increasingly about abusing identity continuity across the service journey, not just stealing an account.
- Ghost drivers, fake IDs, QR-code scams, and laundering patterns show that authentication alone cannot prove entitlement to use a vehicle service.
- Practitioners should connect identity proofing, fraud monitoring, and handoff controls so risk is re-evaluated at each transaction stage.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
NIST CSF 2.0, NIST SP 800-63 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-4 | Identity assurance must persist across service handoff and payment flows. |
| NIST SP 800-63 | Identity proofing and session binding are central to fake-ID abuse. | |
| NIST Zero Trust (SP 800-207) | AC-2 | Continuous verification is needed when identity and physical fulfilment diverge. |
Treat each mobility transaction stage as a new authorization decision, not a one-time trust event.
Key terms
- Identity Proofing: Identity proofing is the process of establishing that a person or account really is who it claims to be before access is granted. In mobility fraud contexts, weak proofing lets synthetic users, purchased profiles, and fake IDs pass as legitimate customers or drivers.
- Service Handoff: Service handoff is the moment when a digital transaction becomes a real-world action, such as a vehicle pickup, rental release, or payout. It is a critical trust boundary because the platform must rely on the identity already established in the app.
- Fraud Lifecycle: Fraud lifecycle describes the full path from account creation through abuse, payout, and dispute handling. It helps practitioners see fraud as a sequence of linked stages rather than a single alert, which is especially useful in services with multiple teams and control points.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
This post draws on content published by Sumsub: Fraud on Wheels: Fighting the Growing Threat of Mobility fraud. Read the original.
Published by the NHIMG editorial team on 2026-06-08.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
