How Fraudsters Can Use Stolen Identities for Ghost Loans and Mule Accounts
As careful as we are, we end up leaving traces on the internet as in the physical world.
Representative image. Reuters
There’s no denying that our digital economy has taken off massively over the past two years. Over 80% of Indians now have a bank account. This is the very reason why we can make payments online almost anywhere we want, whether it’s on Amazon or your rickshaw wala.
Market regulators like the Reserve Bank of India (RBI) and the Securities and Exchange Board of India (SEBI) have moved quickly to spur this growth by enabling new digital modes of customer onboarding.
On the other hand, it also means that scenarios like waking up with a loan you never applied for are possible. These result from the digitization of processes, and therefore of our identities. Or rather the lax treatment of our identities, allowing fraudsters to access them and commit identity theft.
Identity theft occurs when someone steals your identity and impersonates you to commit a financial crime, such as applying for credit or opening bank accounts. Here are some of the most common ways your stolen identities are used:
Ghost loans: Ghost loans are loans taken out by fraudsters using stolen identities with no intention of repaying. Let’s see how fraudsters can use them on your behalf using stolen documents.
In order to verify your credentials, a typical KYC process checks three things: proof of identity (POI), proof of address (POA), and photo proof.
Lending companies ask you to present your PAN card as proof of identity. This is to confirm that you are who you say you are. Let’s say the scammers manage to get a copy of your PAN card. They then replace your photo on the PAN with their own using sophisticated software.
These cleverly falsified documents tend to go undetected in cases where the verification process is highly manual in nature. Similarly, scammers also falsify the photo on proof of address such as your Aadhaar card or driver’s license.
Photographic evidence is required to confirm if it is the same person applying for the loan as the one whose documents are being submitted. Having already falsified POI and POA documents, fraudsters willingly submit their own photo as part of this last step.
Buy Now Paid Apps Later
Most Buy Now Pay Later (BNPL) companies only need a PAN card and a selfie for KYC purposes. Here, instead of tampering with the photo, the scammers simply submit the stolen PAN card as it is. Indeed, the only level of authentication here is a facial comparison check between the photo on the PAN card and the selfie.
Upon submitting the selfie, the scammers will scour your social media profiles to find an image that looks like a selfie. Now, if the underlying facial recognition solutions aren’t sophisticated enough, some attempts end in success. And now you have a BNPL account in your name without your knowledge.
Another way to misuse your stolen documents is to open bank accounts in your name. These accounts are called “mule accounts”. They are usually used as springboards to transfer money from criminal activities.
Remember all those times you would go to your local stationery store to have your documents photocopied? Chances are your sensitive information has been saved on their machines. People with malicious intentions can use it to open bank accounts using offline channels.
This type of scam usually occurs during the month-end period when bank branches are already overloaded with work to achieve their goals. Fraudsters simply show up and submit the required documents to open a normal savings account. These documents are manipulated in such a way that the photo they contain is sufficiently blurred to avoid any suspicion. The month-end frenzy allows them to escape closer scrutiny from bank clerks.
A constant risk
As we can see, it is surprisingly easy to have your identity stolen and used fraudulently in the digital world. As careful as we are, we end up leaving traces on the internet as well as in the physical world. If our identity hasn’t been compromised so far, it’s not so much about being safe as about being lucky. Ultimately, life really is a game of chance.
The author is product manager, IDfy. Views are personal.