Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Digital identity verification and fraud: what should IAM teams change?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Fraud costs consumers and businesses $52 billion a year in the US and account takeovers have driven more than $11.4 billion in losses, according to Javelin Strategy & Research and Forbes. Identity verification is shifting from a login problem to a fraud-control and assurance problem that now affects consumer IAM, access assurance, and transaction trust.

NHIMG editorial — based on content published by 1Kosmos: digital identity verification and fraud trends for 2023

By the numbers:

Questions worth separating out

Q: How should security teams reduce account takeover risk in digital identity programmes?

A: They should treat takeover as a lifecycle problem, not only an authentication problem.

Q: When does passwordless authentication reduce fraud risk?

A: Passwordless helps when it replaces weaker shared secrets with stronger, phishing-resistant assurance and is backed by device binding or biometrics.

Q: What do organisations get wrong about synthetic identity fraud?

A: They often focus on detection after the account exists instead of proofing before the account is created.

Practitioner guidance

  • Harden identity proofing at account origination Require stronger evidence binding for new accounts, especially where synthetic identity risk is high.
  • Review recovery and reset paths for takeover exposure Treat password reset, device replacement, and step-up flows as primary attack paths.
  • Add transaction signing for high-value actions Bind approvals to the specific payment, transfer, or account-change event.

What's in the full article

1Kosmos's full article covers the operational detail this post intentionally leaves for the source:

  • The article expands the six prediction areas into the underlying identity and fraud mechanics behind each trend.
  • It gives additional context on passwordless adoption, verified identity, and transaction signing in consumer and enterprise settings.
  • It discusses the policy and regulatory direction behind distributed identity and non-proprietary identifiers.
  • It links the predictions to specific identity technologies that support stronger verification and fraud resistance.

👉 Read 1Kosmos's predictions on digital identity verification and fraud →

Digital identity verification and fraud: what should IAM teams change?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Identity verification has become a fraud control, not a login feature. The article shows that the real value of verification is no longer confined to authenticating a user once. It now has to resist account takeover, synthetic identity creation, and transaction manipulation across the full lifecycle of an interaction. That means IAM teams should treat identity assurance as a business-loss control, not a front-door convenience feature.

A few things that frame the scale:

  • 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation, according to Ultimate Guide to NHIs.
  • Only 5.7% of organisations have full visibility into their service accounts, which shows how often identity oversight stops at the human layer.

A question worth separating out:

Q: Who should own identity verification when fraud and IAM overlap?

A: Ownership should be shared, but governance must be explicit. IAM teams control assurance design, fraud teams monitor abuse patterns, and risk or compliance teams define acceptable thresholds for onboarding and recovery. If those groups operate separately, attackers exploit the gaps between their controls rather than the controls themselves.

👉 Read our full editorial: Digital identity verification is becoming a fraud control problem



   
ReplyQuote
Share: