United States government-issued identification cards are replete with anti-fraud measures such as ultraviolet ink markings and holographics. These are intent on stemming the reproduction of phony IDs. That, however, has not stymied a growing underground economy of sites servicing criminals wishing to obtain and use fraudulent US ID cards.
Relatively few sites can deliver quality fraudulent reproductions. However, there are some sites with high ratings and positive reviews within illicit communities. These can deliver cards that will bypass the security measures protecting legitimate government-issued cards.
This poses a threat to facilities that scan IDs to allow entry, for example, or to businesses such as banks and other financial institutions that rely on Know Your Customer requirements to verify the identity of customers and put up barriers to synthetic identity fraud, for example.
Vendors Advertise Bypasses of Security Features
Legitimate identification cards in the United States use a mix of techniques to prevent fraud. Complex fraud-protection measures include the stars on REAL ID-compliant driver’s licenses or properly formatted scannable barcodes. They also use specific materials that are durable and transmit light in order to support these measures.
Vendors running some of the highest-rated illicit shops will advertise their capabilities around replicating these security features on identification cards, such as the correctly formatted barcode, certain micro-printing, or laser perforations. A proper barcode, for example, is often enough to allow entrance into access-controlled facilities. This is a significant risk to and facility such as government buildings, schools and corporate offices where entry is controlled by some sort of access mechanism attached to an ID card.
The availability of high-end printers is one factor facilitating these fraudulent reproductions by threat actors. A typical office photo printer has the capability to reproduce quality products, while laminating machines and plastic card printers can also facilitate these reproductions. Supplies such as ultraviolet ink are available on the open market as well. It’s unknown whether some fake ID producers are obtaining the actual blanks used by agencies, this likely includes the laminate that contains the holograms.
Vendors within illicit communities bulk sell supplies used by high-end ID manufacturers to create advanced security features. Some forums and markets advertise “holos,” “perf sheets,” “cardstock,” “OVI sheets” and more for relatively low prices; OVI stands for optical variance ink. Cryptocurrency is used for transactions to maintain a measure of privacy throughout the transaction. Deliveries also relatively quick—anywhere from five days to three weeks. Flashpoint analysts have also seen some advertisements where payment methods such as prepaid credit cards or wire transfers are accepted.
Detection of high quality fake IDs is difficult
Even the highest quality fake IDs will likely be detected once checked against law enforcement and-or Division of Motor Vehicle databases. However, many of these IDs will reportedly pass the inspection of untrained security personnel and numerous off-the-shelf (OTS) barcode readers/verifiers. For commercial retailers such as liquor stores, or office or school building access control systems that aren’t able to verify government IDs against a database, it is difficult to identify a professionally crafted fake. This increases the threat to physical safety and enhances the risk of fraud.
Retailers that sell alcohol and tobacco, for example, may be especially vulnerable to employees accepting fake IDs based on the multiple states and forms of ID they may be presented with during transactions, particularly in locations near college campuses. Fraudsters may also use fake identification to gain entry into student events or take advantage of student discounts.
Those vendors who deliver higher quality products are rated upon not only their product quality (look, feel, durability, and acceptance rate of the ID card), but also upon their trustworthiness, and the security features included in the cards. Customers rank vendors on several advertised security features, including the quality of their templates (similarity between legitimate and phony templates), quality of the hologram and use of optical variance ink, ultraviolet ink, and their ability to incorporate microprint into ID templates. Ratings also include price, discretion of shipping packages, and shipping turnaround times.
Assessment and Mitigations
Entities can take steps to protect themselves from threat actors selling or using fraudulent identification.
Organisations operating in sensitive industries, for example, could mandate background checks through a law enforcement agency for new employees, or for employees with access to sensitive materials or data.
Employee training can also help retailers or public-sector organisations spot phony IDs. Various government agencies, for example, offer training that explains security features employed by the different states and how they work off of one another.
Retailers, in particular those selling alcohol and tobacco, could institute a policy where a second form of identification is required. This could be a credit card or school identification, for example.
In the meantime, threat actors will continue a frustrating cat-and-mouse game with defenders. They will continue attempting to bypass new security features as they’re implemented in order to service a growing underground economy built around phony identification documents.
Flashpoint delivers Business Risk Intelligence (BRI) to empower organisations worldwide with meaningful intelligence and information that combats threats and adversaries. The company’s sophisticated technology, advanced data collections, and human-powered analysis uniquely enables large enterprises and the public sector to bolster cybersecurity, confront fraud, detect insider threats and build insider threat programs, enhance physical security, improve executive protection, and address vendor risk and supply chain integrity. Flashpoint is backed by Georgian Partners, Greycroft Partners, TechOperators, K2 Intelligence, Jump Capital, Leaders Fund, Bloomberg Beta, and Cisco Investments. For more information, visit https://www.flashpoint-intel.com/ or follow on Twitter at @FlashpointIntel.