How blockchain can prevent identity theft

Article Originally Posted by BlockchainTechNews

By Ankit Kumar, digital strategy manager for banking and payment, Gemalto

April 1, 2019

Our identities are perhaps our most valuable asset and should be treated as such. Unfortunately, that also makes them prime targets for nefarious actors ranging from the most two-bit con artists all the way up to experienced, organized, skilled cybercriminals. With so much of our financial data, property and everyday access to services inextricably tied to those identities, it almost goes without saying that we should roll out the best defenses at our disposal to thwart the threatening individuals looking to steal and abuse them. But do we?

I’d posit that blockchain has to play a more integral role in the prevention of various flavors of identity theft or identity fraud. As a quick, over-simplified refresher on how blockchain works, it’s essentially a record-keeping digital technology based on a “distributed ledger,” thereby allowing blockchain participants (and their associated computer “nodes”) to collectively verify transactions and eliminating the need for a centralized authority. Confirmed records or transactions are part of the ledger forever, and fraudulently altering them is pretty near impossible. That’s the level of assurance we want when dealing with a digital identity, which is comprised of many dynamic components that cannot afford to be altered or applied in ways that aren’t accurate or trustworthy.

By hitching digital identities to the blockchain, there would be a heightened degree of confidence, certainty and trust in answering these core questions:

  • Is this person actually who they claim to be?
  • Is this person receiving the services, approvals or privileges that they ought to be?

To illustrate, let’s look at three examples of how digital identities on the blockchain could aid in common identity theft/fraud scenarios.

Synthetic identity theft, new account origination/application fraud

Synthetic identity theft, where criminals leverage pieces of fictional and real (although stolen and unreliable) personal information to fabricate an entirely new identity, is the impetus for the new account origination (sometimes called credit card application) fraud that banks regularly have to deal with. In assuming these false identities, fraudsters can open, use, reap benefits from and close savings and checking accounts, loans or credit cards before banks can detect or be alerted of their duplicity. This often leaves legitimate Social Security numbers and names with credit card debt, red flags or credit score hits attached to them.

Blockchain offers a trusted source of information to which multiple ecosystem players can contribute and read from, thus verifying the authenticity of digital identities and corresponding attributes. With blockchain involved, pieces of a holistic digital identity — like a date of birth, SSN or address — that a fraudster may try to use but isn’t verified as aligning with other pieces can be more easily detected and automatically signaled, thus putting the transaction on ice until a second-factor authentication process is triggered or a human can intervene.

Card not present fraud

Perhaps the most rampant form of fraud since the mass distribution of EMV cards in the U.S., crooks who have stolen a credit card number, expiration date and maybe even a CVV number can navigate the wide web of ecommerce masquerading as that cardholder, making online purchases at will, no ID checks required (or even possible, currently).

If payment credentials were merged into digital identities and then all online purchases were forced to pass through the blockchain as transactions that become an extension of one’s permanent identity, not only would every purchase be verified as legitimate and initiated by the proper buyer, but there would be a cumulative record to establish patterns from and make future risk assessment and verification even more seamless whenever the blockchain identity is called upon. In parallel, online retailers could verify customers’ identities up front from one set of trusted universal credentials, rather than the customer having to re-authenticate themselves over and over or maintain separate accounts with each merchant. In an ideal world, payment transactions would be as simple as identifying yourself to merchants.

Tax ID fraud

During tax season, there’s always a looming threat that fraudsters could intercept a W-2, file someone else’s taxes, have the return sent to them, deposit it into an account (potentially even a fraudulently opened one) and withdraw the funds before the original taxpayer even sits down to address their annual filing. It happens every year.

If the IRS was able to lean on a blockchain-based digital identity, which would likely include employer and paycheck details, the identity of the person filing could be verified (again, up front) and every year’s tax returns could be made a part of identity attributes backed by the immutable blockchain.

It shouldn’t go unsaid that it would take a tremendous amount of collaboration, innovation and initiative across industries and technology providers to make any of these envisioned scenarios a reality. On the flipside, however, not only does blockchain stand to help mitigate these forms of fraud (and others), but it also keeps any one entity – government agencies, banks, credit bureaus, tax prep services, etc. – from bearing the brunt of brokering, storing and constantly verifying digital identities. That’s a job perfectly suited for blockchain, and it just might be the solution our priceless identities deserve.

Image via

Posted by Zak Kennedy