Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Mobility fraud in mobility services: what IAM teams are missing


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11936
Topic starter  

TL;DR: Mobility fraud is shifting from simple account takeover to ghost drivers, fake IDs, money laundering, and QR-code scams in vehicle services, according to SumSub’s podcast with Tesla Financial Services. The governance problem is less about one-off abuse than proving who or what is entitled to operate a service at booking, payment, and handoff time.

NHIMG editorial — based on content published by Sumsub: Fraud on Wheels: Fighting the Growing Threat of Mobility fraud

Questions worth separating out

Q: How should mobility platforms reduce fake identity abuse without slowing legitimate users?

A: Use risk-based identity assurance instead of one-time verification.

Q: Why do mobility services need more than standard account authentication?

A: Because the business risk is not only account access.

Q: What do security teams get wrong about fraud in vehicle services?

A: They often treat fraud as a back-office exception instead of a lifecycle problem.

Practitioner guidance

  • Re-check identity at service handoff points Require additional verification when the transaction moves from app usage to vehicle pickup, rental handoff, or payout approval.
  • Correlate device, payment, and account behaviour Treat repeated bookings, mismatched devices, unusual refund paths, and rapid profile changes as one risk picture rather than separate alerts.
  • Tighten recovery and exception processes Review how account recovery, manual overrides, and customer support interventions are approved, because fraudsters often exploit these paths after initial enrolment succeeds.

What's in the full article

Sumsub's full podcast covers the operational detail this post intentionally leaves for the source:

  • The guest’s first-hand examples of how fake identities and ghost drivers show up in mobility operations.
  • Discussion of the payment and compliance controls used to detect laundering patterns in vehicle services.
  • The podcast format gives the conversational context behind the fraud patterns and how practitioners are seeing them in the field.

👉 Read Sumsub's podcast on fraud trends in mobility services →

Mobility fraud in mobility services: what IAM teams are missing?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11491
 

Mobility fraud is an identity governance problem, not only a fraud problem. The article shows how services can be abused when platforms verify an account but do not continuously verify entitlement across the transaction lifecycle. That shifts the control question from simple user admission to whether the identity remains credible at each trust boundary. Practitioners should treat mobility services as governed identity journeys, not isolated sign-in events.

A few things that frame the scale:

  • 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to Ultimate Guide to NHIs.
  • Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.

A question worth separating out:

Q: Who is accountable when a mobility platform is used for fraud or laundering?

A: Accountability usually sits across identity, fraud, payments, and operations, because the abuse path crosses all four. If identity assurance, support override rules, and payout controls are owned separately, the platform needs explicit governance for escalation and review. That shared accountability is what closes the gap between policy and execution.

👉 Read our full editorial: Mobility fraud is expanding beyond account takeover



   
ReplyQuote
Share: