How stronger identity verification could have prevented the Tinder Swindler

Security tips
 | 
February 10, 2022

Netflix’s latest true-crime documentary “The Tinder Swindler” has taken the internet by storm.

The documentary chronicles the dating horror stories of three women who were defrauded by Simon Leviev, the alleged son of a billionaire and diamond tycoon. Leviev wined and dined his Tinder matches and shared his lavish lifestyle – private jets, caviar-filled meals, and luxurious getaways.

But as a powerful diamond dealer, Leviev had enemies. As love manifested, Leviev was under physical and financial attack. After surviving an assassination attempt, Leviev’s security team cut off his financial resources to keep him safe. To the financial rescue came his unsuspecting girlfriends, who did not hesitate to help. Each of his victims added Leviev to their credit cards, purchased plane tickets, and took out multiple loans to keep him afloat. His situation was temporary, he promised. But as weeks turned to months, the repayments never came. All in all, Leviev scammed dozens of women for an estimated $10 million.

As you probably suspect, Simon Leviev did not exist. The real person behind the scam was Shimon Hayut. Simon Leviev was a synthetic identity, a combination of real and fabricated credentials where the implied identity is not associated with a real person. Hayut was able to exploit Tinder’s identity verification protocols to create a fake, synthetic account on their platform.

Synthetic identity fraud is on the rise

According to McKinsey, synthetic identity fraud is the fastest-growing type of financial crime in the United States, and financial losses grew to more than $20 billion in 2021. Seemingly every week, there’s a new headline about Personal Identifiable Information (PII) being leaked to the dark web. In fact, just about everyone – 9 out of 10 people – have been a victim of credit card fraud, identity theft, or a data breach. The result is billions of names, emails, addresses, credit card numbers, social security numbers, and more available to purchase cheaply. A social security number costs as little as $4. Typically, fraudsters use these stolen credentials and target financial institutions to secure loans and lines of credit. The “The Tinder Swindler” demonstrates another nefarious way to wreak havoc using a synthetic identity.

While Hayut’s case was a sophisticated and extreme example, fake accounts are still a growing and costly problem. A few years ago, it was estimated that 10% of dating profiles were fake. In 2020, the FTC estimates that U.S. consumers lost $304M to dating app scams – a 50% increase compared to 2019.

Synthetic identities and fake accounts are also synonymous with social media. The Association for the Advancement of Artificial Intelligence estimates that 9% to 15% of active Twitter accounts are fake – or approximately 48 million accounts. Meta estimates that 5% of its profiles are fake – or more than 90 million accounts. And every year, Meta removes an astonishing 5 to 6 billion fake accounts from the platform. The FTC reported that U.S. consumers lost about $770 million to fraud initiated on social media – an 18x increase from 2017.

Synthetic identity fraud is a multi-industry problem that impacts enterprises and consumers alike.

The importance of identity verification  

So how do you stop synthetic identify fraud before it’s too late? How can Tinder prevent the Shimon Hayuts of the world from creating a fake profile and scamming their legitimate customers? Or how do banks detect when a real social security number is being used by a synthetic identity to open a line of credit? It all starts with verifying the identity of every new user.

But relying on a single identity factor is not enough. Creating an account and authenticating via an email address is useless, as a new email address can be created in seconds. Even mobile number authentication is exploitable by obtaining a free VOIP number. While social security numbers are tied to individual identities, we know they’re a flawed trust anchor. In today’s data breached world, a multi-layered identity verification framework is required. And with vast, global identity datasets at your fingertips, deploying a comprehensive defense is achievable.

How Telesign protects and defends your business and your customers

With more than 2,200 digital attributes and a fraud consortium representing the largest internet properties in the world, Telesign’s digital identity and risk assessments deliver accuracy, speed, and global reach you can count on. Drawing on the insights from more than 5 billion unique phone numbers and 15+ years of historical data patterns and supporting analytics, our machine learning algorithms deliver continuous performance improvements.

Without increasing end-user friction, Telesign dynamically assesses risk while verifying the identity of every new account. Within milliseconds, our dedicated Onboarding model delivers a risk assessment score to help you block, flag, or allow new user registrations. Telesign’s Onboarding model empowers you to answer:

How risky is the user? Do they display fraudulent traits? We evaluate:

  • Phone number velocity
  • Traffic patterns
  • Fraud database consortiums
  • Phone data attributes

Who is this user? Are they a real person? We confirm:

  • Contact match
  • Address match
  • Porting history
  • Deactivation status
  • Subscriber status

Effective onboarding is complex and difficult to get right. Telesign helps the world’s most trusted companies end the tradeoff between friction and fraud. We’ve prevented billions of fake users from creating accounts and execute more than 200 million Know Your Customer checks each year. Telesign helps connect, protect, and defend you and your customers from bad actors, scams, and hackers so you can create safe, trusted, and human experiences anywhere in the world.

Related posts