As today’s in-person meetups and traditional first dates come with the risk of COVID-19 exposure, online dating has become the preferred way to get to know potential matches amid the pandemic. Hinge messaging increased by 30%, Tinder had over 3 billion swipes in just one day last March, and virtual dates on OKCupid surged 700%.
iStock
While online dating may be a COVID-19 safe way to meet potential matches, online social sites are not as safe as they seem. On most social sites, anyone can make a profile under a false identity where they can then catfish another user and solicit personal information to commit fraud and account takeover. This makes it impossible for users to truly know the person they are connecting with is who they say they are, resulting in users falling victim to scams far too frequently. In the first six months of 2020, people reported a record high of losing almost $117 million to scams that started on social media. Despite this, most social sites and dating apps do not have a process in place to verify user identity when setting up an account or logging in to an existing account.
As individuals look online to form connections to avoid the COVID-19 risks associated with public meetups, social sites are responsible for keeping users safe on their platforms. This involves having an identity verification process in place to confirm all users are who they claim to be online. The below explores why this identity verification is essential to combatting romance scams and ensuring users can trust one another while interacting on the platform.
Romance Scams: A Rising Crime with a Cost
Romance scams led to losses of $201 million in 2019, making it the second highest crime reported to the FBI that year. Cybercriminals execute these scams by pretending to be someone else on an online dating site, where they gain another user’s interest and trust only to then solicit them for money and personal information. Armed with this user’s personal data, cybercriminals can then access user accounts including banking, social media, email and more. Once logged in, they can transfer funds, send emails on behalf of the user, and lock the real user out of their account. The potential for fraud is skyrocketing amid the pandemic as users gravitate to online services, and online dating and social sites need to protect users by verifying identities. This will ultimately inhibit the ability for cybercriminals to make fake accounts using someone else’s likeness.
Passwords, Security Questions and Other Traditional Authentication Methods Fall Short at Fighting Fraud
Social media has become a huge vessel for fraud – about half of all romance scam reports to the FTC since 2019 involved social media, usually on Facebook or Instagram. With most dating sites and social sites verifying identity through other social media apps like Facebook, cybercriminals are increasingly and easily creating fake Facebook profiles and assuming the same identity on other sites and applications. Since anyone can make a Facebook profile under a false identity, dating sites are verifying users who are not actually who they claim to be. With 36 billion records breached in 2020 alone, personal information is also readily available on the dark web which can be used by cybercriminals to commit credential stuffing attacks on a massive scale. In these attacks, bots are used to attempt to access accounts with stolen usernames and passwords. Because accounts can be easily accessed with breached information, traditional authentication methods such as usernames and passwords cannot be trusted to verify user identity. And by relying on them or using other apps to verify identity, dating and social platforms are putting users at an increased risk to fall victim to a romance scam or experience fraud.
The Need for Stronger Authentication
To reduce the potential for users to be scammed or catfished by a user assuming a fake identity, authenticity badges (similar to Twitter’s blue badge) can help users confirm another platform user is 100% verified. This means the site would have taken steps to confirm a user is who they claim to be in the real world, such as comparing a government-issued ID to a real-time selfie (document-centric identity verification). This would allow platform users to then decide if they want to interact with an unverified user or someone who has earned an authenticity badge for taking extra steps to verify their own identity.
As the COVID-19 pandemic escalates the use of online services and in turn, the potential for fraud, we expect social platforms to make this shift toward stronger identity and age verification.
To verify identity, users will likely follow a process of uploading a photo of their government-issued ID and then taking a corroborating selfie via a webcam or a phone. The two will then be compared to ensure the users are the same. Users will be asked to take a new selfie each time they log in to ensure the account is being operated by the true user, not a fraudster or bot trying to access the account with stolen credentials. Requiring a real-time selfie is likely to deter fraud as cybercriminals are not willing to expose their fake identity on camera. This process ensures accounts can only be accessed and operated by the real user, without sacrificing the user experience.
As virtual socialization is here to stay amid the pandemic and beyond, social sites need to keep their users safe from fraud. To fulfill their intended purpose of creating successful and true connections, they must first verify all users on their site are who they say they are. Document-centric identity verification is a proven tactic to verify online identity, which will ultimately keep user accounts protected while eliminating fraudulent profiles.
