Recent fraud investigations revealed another tactic attackers use to defeat identity checks: harvesting motor vehicle record (MVR) data. As verification controls improve, fraudsters increasingly rely on high-confidence personal data to pass weaker flows.
If a fraudster uploads an ID with perfect matching data except for the weight off, it could be a red flag that the ID is not original. These steps can show you how in-depth fraudsters will go to bypass a security system. They know the ins and outs to pull the right lever for approvals. The fraudsters have automated the MVR lookup process with Telegram bots and self-service websites to make matters worse. Now the scale is that much more prominent, making it a trivial data point for identity theft. This type of scaling can be achieved by fraudsters setting up fake/spoofed business accounts with legitimate sellers of MVRs.
Trust Swiftly uncovered this fraud while working on a case to prevent this abuse. In the end, the fraudsters were relentless in creating fake businesses as the operation was highly lucrative to resell MVRs. One aspect to note is these lookups cost a significant amount compared to other data such as SSNs, so they will be usually reserved for high payout thefts like loans. Unfortunately, to defeat this fraud comes with no simple solution. At Trust Swiftly, we take a layered and dynamic approach to each user, allowing us to keep bad actors on their toes. It is necessary to stay ahead of each new fraud attack as fraudsters learn and adapt, as seen in the case of MVR fraud.