Skip to content
digital security

Sep 20, 2024

Dear Business, Don’t Accept Stolen Identities

The issue of personal data breaches has resurfaced in Indonesia. However, this data can be prevented from being misused. This is where the role of financial service providers comes in.

Personal data breaches have once again made headlines. Information such as ID card numbers, photos, addresses, phone numbers, and other personal data are circulating online and freely traded. Even if not sold, leaked personal data is at risk of being used by fraudsters to open bank accounts or take out online loans without the knowledge of the data owner.

Once personal data is leaked, it is difficult to keep it confidential again. When someone's personal data is compromised, the risk of it being misused for illegal activities increases significantly. Cybercriminals can use this stolen data which can result in significant financial losses for the actual owner of the data.

However, there is still hope to save leaked data from misuse. This is where financial service providers play a role. These companies can reject account applications or other financial services using stolen data.

The key lies in a layered identity security system. This system ensures that only the rightful owner of the data is opening accounts or conducting financial transactions.

How do financial services reject stolen identities? Here’s an explanation.

Three Layers of Security to Reject Fake Identities  

A rigorous and layered identity verification process ensures that the identity presented truly belongs to the rightful user. However, identity verification is not the only security layer.

According to Gartner, identity verification is just one aspect of the Know Your Customer (KYC) process. KYC includes several important elements, such as customer identification (Customer Identification Program/CIP), due diligence (Customer Due Diligence/CDD), and ongoing monitoring, all of which relate to anti-money laundering (AML) efforts.

Here are the security layers that can prevent the misuse of personal data:

1. Identity Verification  

Identity verification occurs during user registration to ensure that the personal data provided truly belongs to the rightful individual.

This is the first stage of the identity security layer. During verification, a series of technologies, such as biometrics and document verification, are used to ensure that the data entered is not manipulated or stolen.

With the increasing risk of data breaches and personal data theft, companies must have systems capable of detecting and preventing the use of unauthorized data. Secure verification ensures that the data received comes only from the original user, not from leaked or stolen data.

2. User Authentication  

User authentication acts as the next layer of protection, ensuring that the user conducting activities within the system is the legitimate account owner.

An example of secure authentication is biometric-based authentication. This can be implemented for various activities, such as updating personal data, transferring money, or resetting passwords.

Multi-factor authentication (MFA), which uses two types of authentication—device authentication and facial authentication—ensures that transactions only occur on the user’s locked device with Public Key Infrastructure (PKI) and are performed by the user who was registered during identity verification.

With strong authentication, companies can eliminate the risk of transactions being conducted by individuals impersonating others using stolen data.

3. Fraud Detection  

Fraud detection ideally operates in real-time as the user transacts. For instance, fraud detection systems can analyze KYC transactions in real-time by checking the authenticity of photos or videos submitted by users.

In the context of leaked data, if someone attempts to use stolen data to create a fake identity, fraud detection equipped with deepfake detectors will recognize that the biometric verification process was not performed by a real person.

Deepfake Shield, one of VIDA’s products, performs fraud detection by preventing injection attacks. Deepfakes or photo manipulation can also occur through injection, such as replacing camera APIs or using virtual cameras.

Building a Good Corporate Reputation

These three layers of security work together to ensure that the server only accepts and processes genuine identities from their rightful owners. By implementing these systems, companies can reject fake data while protecting business operations from data misuse risks.

Cases of data misuse involving banks and fintech companies often raise concerns among users when choosing financial services. Companies that fail to maintain data security will be perceived as lacking integrity and a good reputation. Therefore, even if data breaches from other sources have occurred, financial service companies can play an active role by rejecting the use of such data on their platforms, preventing further misuse.

Using solutions like VIDA Identity Stack, companies can ensure that every transaction, registration, or service provided is only granted to individuals who are truly legitimate.

VIDA Identity Stack combines a series of advanced technologies to combat fraud in the form of data misuse, such as account takeovers and AI-generated fraud.

Here’s how VIDA Identity Stack protects legitimate user data and rejects fake data:

1. Face Liveness and Document Liveness during the identity verification process to prevent spoofing and face morphing, as well as rejecting fake ID cards.
2. PhoneToken and FaceToken lock users’ identities to their devices, preventing unauthorized account access.
3. Fraud Scanner and Deepfake Detector block fake biometric data, while Deepfake Shield provides protection from injection attacks.
4. VIDA Digital Signature secures digital transactions by requiring users to authenticate their identity before signing documents.

VIDA Identity Stack ensures that the data used within financial service systems comes from legitimate data owners, not stolen data. These efforts help minimize the likelihood of misuse from already leaked data.

The good news is that identity security systems like VIDA Identity Stack are not only proactive measures against data misuse. These systems are also designed to ensure that personal data registered on financial service platforms is protected from threats like social engineering, account takeovers, and deepfake fraud, thereby helping to prevent data breaches from the start.

When the public knows that their data is protected by advanced and trusted systems, they will feel safer transacting digitally. This is crucial for boosting financial inclusion in Indonesia.

Read more about VIDA Identity Stack on our latest whitepaper!

VIDA - Verified Identity for All. VIDA provides a trusted digital identity platform.

Latest Articles

Digital Signature as An Easy Way to Sign Documents
signatures

Digital Signature as An Easy Way to Sign Documents

Signatures in the digital era use unique key pairs to ensure signer authenticity and document integrity. Here’s what you need to know about...

November 17, 2024

Why Wet Signatures May Not Be Enough to Stop Document Forgery
digital signatures

Why Wet Signatures May Not Be Enough to Stop Document Forgery

Do you feel safe placing a wet signature on important documents? Can a wet signature truly protect documents from forgery?

November 01, 2024

Don’t Ignore the Risk of Document Forgery in Your Business
digital signature

Don’t Ignore the Risk of Document Forgery in Your Business

Learn about the risks of document forgery, the methods used, and how this threat can harm your business financially and damage its reputati...

October 31, 2024