Attempts to fake East African identification documents during registration of online financial service firms surged to a record high last year as fraudsters turned to digital identity fraud to swindle such companies.
A report by Know-Your-Customer (KYC) authentication firm Smile ID reveals that at least 16 percent of IDs uploaded for registration by users of various online financial services in East Africa in 2023 were either fake or stolen.
The fraudsters are using multiple techniques, including manipulating government-issued IDs and using stolen ones to exploit weaknesses in the onboarding process of digital businesses, with the aim of stealing or irregularly benefitting financially from online firms, the report suggests.
“The ultimate aim for every fraudster looking to compromise an onboarding system is usually financial gain. This objective manifests through various sophisticated tactics,” Smile ID said in the report.
Felix Macharia, the Chief Executive Officer of Kotani Pay, a financial technology (FinTech) company, says people may use fraudulent identification documents to steal from online firms, to launder money, or to bust sanctions against them, which is why it’s important to do proper KYC.
“Failure to do good KYC and extra due diligence while onboarding customers can seriously cost you as a FinTech business,” said Mr Macharia in an interview with The EastAfrican.
“First, you can attract huge fines from regulators for not doing proper KYC, and secondly your business may also fall victim to fraudsters if you don’t properly verify who they are.”
While not doing proper KYC works against a digital company, Macharia argues, some firms which should do it still fail because they don’t want to incur the costs, or they are themselves involved in fraudulent or illegal activities.
According to him, the surge in attempted identity fraud during KYC processes could be an indication of growing vigilance among companies or a growing prevalence of financial crime.
In the studied period, Tanzania had the highest attempted fraud rate in the region, with about 32 percent of identification documents, mostly national IDs, used to onboard into digital platforms last year found to be ingenuine.
Kenya had 26 percent of national IDs used for online on-boarding being fake, Uganda 25 percent, the Democratic Republic of Congo 23 percent, while Rwanda had only 13 percent in the period.
Identity fraud rates peaked at 30 percent in June last year, the highest ever recorded, pointing to a spike in digital identity fraud in East Africa, amidst a surge in financial transactions completed online as firms go digital.
The most common type of identity fraud in the region was spoofing, where fraudsters try to mimic the physical and biometric features of a legitimate ID holder, for example by using a photograph belonging to an ID holder to beat the selfie requirement of a KYC process.
Another common type is the intentional obscuration of a government issued ID by the legitimate holder or an identity thief in order to conceal their identities for multiple reasons.
Other fraudsters also used artificial intelligence to create non-existent identities to defraud firms online.
Across Africa, incidences of identity fraud surged one percent in 2023 to 29 percent, meaning that almost one in every 3 identification documents used to verify users online in Africa is either fake or stolen.
This paints a grim picture of the success of efforts to combat financial crime across the continent amidst the surge of financial technology (FinTechs) companies, casting doubt on the effectiveness of African countries’ anti-money laundering and combating the financing of terrorism (AML/CFT) laws.
Most jurisdictions across Africa today require FinTechs and other companies that offer any form of financial services online, including banks, digital wallets, mobile money, and e-commerce firms, among others to conduct a mandatory KYC process as part of the measures to combat money laundering and financing of terrorism.
Eight African countries, including Uganda, Tanzania, South Sudan and DRC, are currently in the Financial Action Task Force’s (FATF) ‘grey list’ due to weak AML/CFT laws. Kenya risks being grey-listed due to gaps in the laws.