Digital identity verification and fraud: what should IAM teams change?

TL;DR: Fraud costs consumers and businesses $52 billion a year in the US and account takeovers have driven more than $11.4 billion in losses, according to Javelin Strategy & Research and Forbes. Identity verification is shifting from a login problem to a fraud-control and assurance problem that now affects consumer IAM, access assurance, and transaction trust.

NHIMG editorial — based on content published by 1Kosmos: digital identity verification and fraud trends for 2023

By the numbers:

• Fraud costs consumers and businesses $52 billion per year in just the US.
• Fraudsters pilfered more than $11.4 billion through account takeovers last year.
• The average additional cost to US-based organizations now tops $9.44 million per incident.

Questions worth separating out

Q: How should security teams reduce account takeover risk in digital identity programmes?

A: They should treat takeover as a lifecycle problem, not only an authentication problem.

Q: When does passwordless authentication reduce fraud risk?

A: Passwordless helps when it replaces weaker shared secrets with stronger, phishing-resistant assurance and is backed by device binding or biometrics.

Q: What do organisations get wrong about synthetic identity fraud?

A: They often focus on detection after the account exists instead of proofing before the account is created.

Practitioner guidance

• Harden identity proofing at account origination Require stronger evidence binding for new accounts, especially where synthetic identity risk is high.
• Review recovery and reset paths for takeover exposure Treat password reset, device replacement, and step-up flows as primary attack paths.
• Add transaction signing for high-value actions Bind approvals to the specific payment, transfer, or account-change event.

What's in the full article

1Kosmos's full article covers the operational detail this post intentionally leaves for the source:

• The article expands the six prediction areas into the underlying identity and fraud mechanics behind each trend.
• It gives additional context on passwordless adoption, verified identity, and transaction signing in consumer and enterprise settings.
• It discusses the policy and regulatory direction behind distributed identity and non-proprietary identifiers.
• It links the predictions to specific identity technologies that support stronger verification and fraud resistance.

👉 Read 1Kosmos's predictions on digital identity verification and fraud →

Digital identity verification and fraud: what should IAM teams change?

Explore further

View Full Forum →  |  NHI Foundation Course →