Identity Farming – The era of digitalization has made data a crucial asset that propels businesses and organizations towards growth and success. Every time we use the internet, we generate a vast amount of data that can help us make informed decisions, personalise our experiences, and spot patterns and trends. Among all types of data, identity data is the most valuable as it includes personal information like names, addresses, and social security numbers. With the help of identity data, companies and organizations can create a distinct digital identity for each individual, allowing them to make further informed decisions about product offerings, marketing, creditworthiness, and product experience. 

However, the collection and storage of identity data should be carried out securely and responsibly to safeguard individuals from the risks associated with identity farming. In this blog post, we will delve into identity farming and provide you with everything you need to know about protecting your identity data in the digital age. 

What exactly is Identity Farming? 

It is a form of fraudulent activity where an individual or group acquires and exploits the personal data of other people, often stolen, for fraudulent purposes. Allow us to illustrate this with a story. 

Meet John, a hard-working student who uses his smartphone to access social media platforms, online shopping sites, and various apps. One day, John received a text message that appeared to come from his mobile network provider, requesting him to update his personal information. Without thinking twice, John clicked on the link in the text message and entered his personal details, including his credit card information. Little did John know that his personal information had just been harvested by cybercriminals. The fraudsters behind this scam could use John’s personal information to conduct various criminal activities, such as making fraudulent purchases, applying for loans in John’s name, and even opening a new bank account. 

Identity farming is a popular strategy used by fraudsters because it allows them to bypass rigorous identity verification checks and conduct criminal activities anonymously. 9% of all fraud in 2022 leveraged identity farming. This type of fraud can be particularly difficult to detect because it involves a combination of both legitimate and fake identity credentials, making it challenging to trace and prevent. In this blog post, we will explain the intricacies of identity farming and share everything you need to know to safeguard your personal data in the digital age. 

This is How Identity farming works. 

Identity farming is a criminal activity that is carried out by stealing the personal information of unsuspecting individuals. Cybercriminals obtain this information using various tactics, such as phishing scams, social engineering, data breaches, and purchasing data from the dark web or other third-party sources. With access to the personal information of multiple individuals, fraudsters combine this data with falsified information to create new identities that are not associated with real people. This process involves using the name and address of one individual but using a different email address and BVN to create a new identity. They can repeat this process with multiple identities, depending on how much personal information they have. Once the new identities are created, they use them to create fraudulent accounts on digital banks to perform illicit transactions without being traced. 

How do fraudsters use farmed identities to carry out illicit activities? Here are some different industry use cases that illustrate how bad actors exploit identity farming. 

Lending Platforms 

Farmed identities are also used by fraudsters in lending platforms to carry out fraudulent activities, using a similar long-term strategy as in BNPL scams. They build their credibility by repaying loans on time and gradually gaining access to higher loan amounts. Once they reach a certain threshold, they disappear without repaying the final loan, making it difficult for lending platforms to detect these fraudulent activities. 

By using farmed identities, cybercriminals can pass identity verification checks and gain access to credit facilities, which can put lending platforms at risk. 

BNPL (Buy Now, Pay Later) Platforms. 

Cybercriminals use farmed identities to carry out fraudulent activities in the BNPL (Buy Now, Pay Later) space. They create multiple accounts using fake identities and start by making small purchases, gradually building trust in the system by successfully completing payments over time. Once they establish a good payment history, they become eligible for more expensive goods and make purchases using the farmed identities. Once they have obtained the expensive goods, they disappear without making future payments. 

This type of fraud is particularly difficult to detect because fraudsters create fake identities to make purchases, making it challenging to trace and apprehend them. This results in significant business losses, as fraudsters often disappear without a trace. 

Fintech Industry 

In the fintech industry, bad actors exploit businesses’ vulnerabilities by creating multiple accounts using farmed identities. They take advantage of referral bonuses and promotional campaigns, resulting in significant financial losses for the company. To prevent such fraudulent behaviour, fintech companies need to implement robust identity verification processes to verify the identity of each user and detect any suspicious activities. Monitoring user behaviour can also help companies identify and prevent fraudulent activities before they cause any harm. 

What is the adverse effect of identity farming on businesses? 

• One of the adverse effects of fraud and data breaches on businesses is the loss of trust and reputational damage. Customers tend to patronize businesses that are safe and secure, and any breach of security may result in customers being hesitant to transact with the business. The security of their money and personal data is crucial to customers, and they are always on high alert about whom they conduct transactions with. 
• Businesses operating in regulated industries must implement strict and robust KYC and AML measures to comply with legal and regulatory requirements. Those who fail to deploy the right security measures and fall victim to identity fraud often face severe legal and regulatory penalties, including steep fines. In extreme cases, business executives could even spend time in jail. 
• One of the most significant consequences of identity farming is financial loss, as cybercriminals sneak into businesses for financial gain. Every successful fraud attempt results in losses for businesses and their genuine customers. The fintech and banking industries are particularly vulnerable to financial losses because fraudsters often target them the most. 
• Identity farming can have a detrimental impact on businesses by misleading them into thinking that they have a larger user base than they do. Cybercriminals create fake accounts using farmed identities to inflate the user headcount of businesses, making it challenging for companies to assess their user acquisition efforts accurately. This can occur during user acquisition campaigns, such as referral programs or giveaways, where businesses experience a sudden surge in signups and account creation. Multiple accounts associated with one fraudulent user can result in a distorted view of user numbers, leading to misinformed business decisions. 

Employ Peleza’s intelligent AML solutions for fraud detection and prevention to outsmart Fraudsters’ schemes. 

Get started, visit dashboard.peleza.com