Identity/biometrics/technology marketing and writing services
In reality, job applicant deepfake detection is (so far) unable to determine who the fraudster really is, but it can determine who the fraudster is NOT.
Something to remember when hiring people for sensitive positions. You don’t want to unknowingly hire a North Korean spy.
Who is applying for your job?
Know your job applicant.
(Picture designed by Freepik.)
I’ve previously discussed the difference between Identity Assurance Level 2 (IAL2) and Identity Assurance Level 3 (IAL3). The key differentiator is that IAL3 requires either (1) in-person identity proofing or (2) remote supervised identity proofing.
Who can provide remote supervised identity proofing?
“NextgenID Trusted Services Solution provides Supervised Remote Identity Proofing identity stations to collect, review, validate, proof, and package IAL-3 identity evidence and enrollment data for CSPs operating at IAL-3.”
And there are others who can provide the equivalent of IAL3, as we will see later.
How do you supervise a remote identity proofing session?
“The camera(s) a CSP [Credential Service Provider] employs to monitor the actions taken by a remote applicant during the identity proofing session should be positioned in such a way that the upper body, hands, and face of the applicant are visible at all times.”
But that doesn’t matter with me now. What matters to me is WHEN we need remote identity proofing sessions.
Mitek Systems’ Adam Bacia provides one use case:
“IAL3 is reserved for high-risk environments such as sensitive government services.”
So that’s one use case.
But there is another.
Governments aren’t the only entities that need to definitively know identities in critically important situations.
What about banks and other financial institutions, which are required by law to know their customers?
Now it’s one thing when one of my Bredemarket clients used to pay me by paper check. Rather than go to the bank and deposit it in person at a teller window (in person) or at an ATM (remote supervised), I would deposit the check with my smartphone app (remote unsupervised).
Now the bank assumed a level of risk by doing this, especially since the deposited check would not be in the bank’s physical possession after the deposit was completed.
But guess what? The risk was acceptable for my transactions. I’m disclosing Bredemarket company secrets, but that client never wrote me a million dollar check. Actually, none of my clients has ever written me a million dollar check. (Perhaps I should raise my rates. It’s been a while. If I charge an hourly rate of $100,000, I will get those million dollar checks!)
So how do financial institutions implement the two types of IAL3?
Regarding IAL3 and banks, in-person transactions are supported in certain cases, even with the banks’ moves to close branches.
“If you need to initiate a funds transfer payment, an authorized signer for your account may also initiate funds (wire) transfers at any Chase branch.”
Note the use of the word “may.” However, if you don’t want to go to a branch to make a wire transfer, you have to set up an alternate method in advance.
What about remote supervised transactions at financial institutions, where you are not physically present, but someone at the bank remotely sees you and everything you do? Every breath you take? And every move you make? Etcetera.
It turns out that the identity verification providers support video sessions between businesses (such as banks) and their customers. For example, Incode’s Developer Hub includes several references to a video conference capability.
To my knowledge, Incode has not publicly stated whether any of its financial identity customers are employing this video conference capability, but it’s certainly possible. And when done correctly, this can support the IAL3 specifications.
For high-risk transactions such as ones with high value and ones with particular countries, IAL3 protects both the financial institutions and their customers. It lessens the fraud risk and the possible harm to both parties.
Some customers may see IAL3 as an unnecessary bureaucratic hurdle…but they would feel differently if THEY were the ones getting ripped off.
This is why both financial institutions and identity verification vendors need to explain the benefits of IAL3 procedures for riskier transactions. And do it in such a way that the end customers DEMAND IAL3.
To create the content to influence customer perception, you need to answer the critically important questions, including why, how, and benefits. (There are others.)
And if your firm needs help creating that content, Underdog is here.
I mean Bredemarket is here.
Visit https://bredemarket.com/mark/ and schedule a time to talk to me—for free. I won’t remotely verify your identity during our videoconference, but I will help you plan the content your firm needs.
A supposed recruiter on LinkedIn with 2 names (Adriana, and Linda) and only 2 connections (whoops, now 3) tried to scam a friend of mine.
But my friend smelled a rat.
Another employment scammer.
Know your recruiter!
(Hiring rat picture from Imagen 4)
I’ve written about the fake recruiters who InMail you about a great position with their company. I shut up the fakes by requesting their corporate email address at their supposed employer. But what if LinkedIn could catch them BEFORE they ever sent that InMail to me?
LinkedIn is trying.
From HR Dive, brought to my attention by Jennifer Schlador on LinkedIn.
“LinkedIn is looking to take on scammers who falsely present themselves as recruiters or company representatives in the app, with an expansion of its company verification option, while it’s also making workplace verification required when a member adds or updates a leadership or recruiter-related role.”
Of course, the proposed Know Your Recruiter system isn’t foolproof; nothing is. Scammers can avoid the LinkedIn verification step by simply NOT choosing a leadership or recruiter-related job title.
And as much as people like me wish that people would care about verified identities…many don’t.
But at least the attempt demonstrates that LinkedIn cares more about their real users than about the scammers who pay for Premium.
This is what happens when an employment fraudster tries to recruit an anti-fraud identity professional.
Not that she/he/they necessarily knows what I do. The message just refers to my “background information” and “the position” and “the company.”
Seems legit.
“Amanda.” https://www.linkedin.com/in/amanda-rodriguez-155a17378
Here’s the message.
“I am currently working as a Temporary Recruiting Assistant, assisting the company in finding a suitable candidate to fill an open position.
“After reading your background information, I believe that you have the experience and abilities that are highly qualified for this position.
“If you are interested in this opportunity, you are more than welcome to get back to me and I will be happy to provide you with more information about the position.
“Thank you for your time and look forward to your reply!
“Amanda Rodriguez
Temporary Recruitment Assistant | Administrative Support in Talent Acquisition”
I don’t know Spencer Stuart but they presumably wouldn’t hire a clown like this, even in a temporary capacity.
Here’s my reply, but the account disappeared before I could send it.
“If you are truly targeting anti-fraud identity verification product marketing professionals, your pitch itself sounds like it was written by a scammer fraudster. Even in his current condition, Kevin Mitnick wouldn’t fall for this scam.”
Know your recruiter!
A warning for Substack users, and everyone else: fraud is all over the place. This Substack post provides examples of fraudulent activity; watch out!
https://open.substack.com/pub/johnebredehoft/p/anti-fraud-professionals-know-there
(Imagen 4)
Have you ever played a smartphone game that gives you a teeny bit of crypto?
So little crypto that it’s not measured in Bitcoin, but in satoshis (where 100 million satoshis equals one bitcoin)?
If so, you probably didn’t have to undergo a Know Your Customer (KYC) check to verify your financial identity.
Renno and Company explains why not:
“If a virtual currency transfer of $1,000 or more occurs, the client’s identity must be verified. This step is critical in the digital currency world, where anonymity can lead to misuse.
“If there is a virtual currency exchange of $1,000 or more, identity verification is also required. This helps ensure that all exchanges are transparent and not used for illegal purposes.”
If you find a smartphone game that pays more than $1,000 a pop…let me know.
And if you want to transact crypto, StealthEX supports no-KYC transactions:
“Thanks to StealthEX you can now purchase an amount of crypto without KYC if it’s less than $700 or the equivalent of this amount in other currencies. As long as your total purchases don’t exceed $700, you don’t have to verify your identity. You can make one big purchase or several small $20, $50 or $100 transactions. StealthEX allows users to seamlessly exchange their assets across chains in minutes without the need to verify their identity.”
Yeah, $700 rather than $1,000. StealthEX is…um…playing it safe.
I run in circles that use the acronym KYB, or “Know Your Business.” But I realize that many of you don’t use this acronym every day, so I thought I would explain it.
Let’s say that you encounter a business such as ByteDance or HiveLLM or Lorem Ipsum and you want to know more about it.
There are good reasons to understand a business before engaging with it.
“As financial institutions and other businesses have known for years, there are services such as “Know Your Customer” and “Know Your Business” that organizations can use.
“KYC and KYB let companies make sure they’re dealing with real people, and that the business is legitimate and not a front for another company—or for a drug cartel or terrorist organization.”
Even if you’re not dealing with extremist terrorists, you may want to have a better understanding of where the business is and/or who runs the business. Remembering that the legal owner of the business may not be the one who is actually operating it. For example, the Mob Museum documents the original ownership of the late Tropicana Hotel in Las Vegas:
“Miami hotelier Ben Jaffe (part owner of the Fontainebleau in Miami Beach) owned the land on which the casino would sit, but Conquistador Inc. would build and operate the resort.
“It just so happened that Conquistador’s owner, “Dandy” Phil Kastel, had a long and fruitful partnership with Frank Costello, perhaps the nation’s most infamous gangster in the spring of 1957…. And it almost goes without saying that most ‘Miami hotel men’ who came to Las Vegas in this era were more than familiar with Meyer Lansky, another famous gangland name.”
Unfortunately for Costello, people soon knew HIS business:
“On May 2, 1957, while entering a New York apartment building, Costello was shot and wounded by Vincent “the Chin” Gigante on orders from rival Mafia boss Vito Genovese. Written on a piece of paper found by police inside Costello’s coat pocket was the exact gross win from the Tropicana as of April 27, 1957 — $651,284, less $153,745 in markers (loans to players), with the proceeds from slot machines at $62,844. The note mentioned $30,000 for “L” and $9,000 for “H,” likely money to be skimmed on behalf of Costello’s underworld partner Meyer Lansky and perhaps for Mob-connected Teamsters union boss James Hoffa. It was a big national news story.”
It’s best to know your business BEFORE it’s splashed all over the media.
In an article with a clickbait title, Newsweek reported on the indictment of Massachusetts state Representative Christopher Flanagan on various fraud charges. One of the allegations:
“Beyond the five wire fraud counts, the grand jury also indicted him on one count of falsifying documents related to a campaign flier. The mailer from “Conservatives for Dennis” endorsed Flanagan….[He attributed] “the source of the Mailer to a false persona, ‘Jeanne Louise,'” whom he created for the endorsement….In October 2023, he admitted to OCPF that Jeanne Louise “was fake” and he was the source of the mailer.”
There is so much effort to identify voters. What about identifying the sources of political endorsements?
Does your company have a solution to this? I can help you tell your story. Go to https://bredemarket.com/cpa/.
(Picture from Imagen 3)
Bredemarket