- Identity Illustrated
- Posts
- Issue 4—Beyond the Numbers: Unpacking Africa's Most Vulnerable IDs
Issue 4—Beyond the Numbers: Unpacking Africa's Most Vulnerable IDs
In this issue we unpack what ID vulnerability means, its causes, and how businesses can balance accessibility and risk management.
Last week, we launched the first Identity Fraud Report in Africa, a document that has sparked multiple conversations around the continent. One of these conversations, and perhaps the most controversial, has been one around the list of most-attacked documents on the continent.
Everyone loves a good list, we love it even more when it’s a ranked list, as it can communicate everything from urgent concerns to bragging rights. However, when it comes to sensitive topics like identity fraud, a simple list, such as our list of most attacked documents, can provide useful, actionable insights for businesses.
In this edition of Identity Illustrated, I will attempt to break down what the list really means, ID vulnerability and its causes, and how businesses can balance accessibility and risk management.
The top ten most-attacked documents in Africa
How was the ID ranking generated?
The ranking of the most attacked document is calculated using the ratio of recorded fraudulent identity verification attempts using a specific ID type to the total number of identity verification attempts using that same identity type. It’s a simple formula that gives us insight into the likelihood that a document will be used for fraud. The attempted fraud rate of an ID type communicates the risk level associated with the use of different ID types and can be useful in helping businesses decide what ID types to prioritize in different countries.
Why do fraudsters prefer some ID types to others?
Illicit gain is the ultimate driving force behind all kinds of fraud. At Smile ID, we’ve observed that absolute volumes of fraud are often highest in countries with stronger digital economies. However, the average fraud rate of documents can vary significantly within the same country for different reasons.
Over the last few years, we’ve observed that ID popularity is a significant determinant of fraudulent ID choices. IDs that are widely accepted and used for various purposes are usually more targeted because they are easy to obtain. This trend is clearly observed across Africa, where National IDs account for nearly 80% of fraudulent ID verification attempts.
National IDs are the most attacked IDs in Africa
Other reasons fraudsters choose one document type over the other include:
Perception of high value: ID types that are typically linked to financial information, e.g., Nigeria’s Bank Verification Number (BVN) or Ghana’s Social Security and National Insurance Trust (SSNIT), are regarded as high value by fraudsters and typically attract more attention than other ID types.
Ease of Forgery or Alteration: Some IDs, especially older ones, are easier to forge or alter than others due to the complexity of their security features. IDs with basic security features, such as simple photo IDs without holograms, watermarks, or micro printing, might be more susceptible to forgery.
Ease of Access to Personal Data: IDs that require less personal information to counterfeit or can be easily obtained through phishing or social engineering might also be targeted more frequently.
Regulatory and Enforcement Gaps: IDs issued by countries or organizations with less stringent regulatory frameworks or enforcement mechanisms might be easier to exploit, making them more attractive to fraudsters.
The ICAO and Document Security
The International Civil Aviation Organization (ICAO), an agency of the United Nations that sets global standards and regulations for aviation safety, has, over the years, set standards for ID documents worldwide. In 1980, it released the first edition of Document 9303, which defined the standards for machine-readable travel documents like passports. Those standards have, over time, been adopted by other ID types to ensure that they have the highest level of security.
An ID-document that meets Document 9303 standards
A high-level overview of Document 9303 prescribed the following standards for ID documents:
Biometric Data Integration: Documents must contain biometric information for identity verification, including facial recognition, fingerprints, and iris scans. This information is stored in a contactless chip within the document.
Machine-Readable Zone: Documents must contain a Machine-Readable zone that carries critical information about the document holder in a standardized format.
Document Security Features: The physical integrity of the document must be preserved by the use of proper materials and printing techniques, while digital integrity must be protected by watermarks, holograms, security threads, and intricate patterns.
Data Protection and Privacy: Emphasizes the importance of protecting personal data, including guidelines on the secure storage, processing, and transmission of sensitive information.
Although the standards prescribed by Document 9303 are not mandatory for other ID types apart from international passports, many countries have started adopting them for common ID types like national IDs, driver’s licenses, etc. For instance, South Africa’s move from the Green Book to the Smart ID card signaled a shift to a more ICAO-compliant document.
How should businesses verify high-risk documents?
Risk monitoring is becoming an increasingly crucial tool for African businesses as they strive to keep fraud rates down while serving customers. It’s not just a one-time activity but an ongoing assessment of customer accounts to adapt to emerging trends, especially those around ID vulnerability.
One way businesses can potentially reduce fraud risk is to give priority to higher-security ID documents that already meet ICAO standards. This could be implemented in various ways, including the use of a tiered verification system where IDs with known higher security features are processed differently than those with fewer or less advanced security features. IDs lacking advanced security features can either trigger additional verification steps or grant users limited access to the product.
Finally, businesses will have to adopt artificial intelligence and machine learning algorithms capable of detecting anomalies and patterns indicative of fraud in real-time. By leveraging these technologies, businesses will be able to identify suspicious additional activities outside of the use of high-risk documents that might be indicative of fraud.
Enjoying the Newsletter? Invite your friends to read it too
In The News:
Inside the disputed territory of Bakassi, most inhabitants lack a legal ID- Biometric Update
18 years after the signing of the Green Tree accord that officially handed over control of the Bakassi region to Cameroon, residents there continue to live in identity limbo.