Cybercriminals can create complete identity packages that bypass Know Your Customer (KYC) systems.
A dark web criminal enterprise specializing in farming facial ID images and genuine identity documents has been exposed. This sophisticated operation signals a concerning evolution in identity fraud, leveraging genuine user data willingly exchanged for monetary gain.
The iProov Q4 Threat Intelligence Update for 2024 has detailed how the unnamed threat group has established an extensive repository of genuine identity documents coupled with corresponding facial images, characterized as a systematic bypass of identity verification processes.
"The collection of biometric data matched with authentic IDs gives criminals a dangerous tool. We are witnessing the construction of 'complete identity packages,' designed to defeat Know Your Customer (KYC) systems," he explained.
These KYC protocols are foundational to preventing identity fraud in banking, fintech, and other financial institutions. Yet, this operation undermines such safeguards by presenting a perfect match of authentic documents and biometrics -- a combination that traditional verification methods are ill-equipped to detect.
Unlike typical identity theft, this scheme does not rely on hacking or stolen data leaked from breaches. Instead, it appears individuals have willingly sold their biometric images and ID documents for financial incentives.
While the exact figures being paid remain unclear, this trend reveals a distressing willingness to trade away personal security for short-term benefits.
While advancements in AI and machine learning have fortified some identity protections, this scheme bypasses such technologies by presenting no artificial anomalies to detect. This new wave of identity fraud demonstrates the urgent need for enterprises and institutions to adopt more robust and multi-layered identity verification measures.
Meanwhile, China started beta-testing cyberspace IDs using facial recognition and real names, with over 80 apps signed up, including government and private apps.