A Thing
The Green SheetGreen Sheet

Monday, May 13, 2024

Green Sheet interviews AU10TIX's Ofer Friedman

News broke recently that the full ID information and photos of 80 percent of El Salvador's population were made available for free on the dark web. The database, which has over 144 GB of data, reportedly has been available for purchase through various criminal channels since August 2023, and was leaked for free in April of this year.

Observers, including blockchain author and blogger David Gerard, stated the data might have come from the users of Chivo wallet, the Salvadoran cryptocurrency wallet. The DataBreaches website reported that, Alejandro Muyshondt, a former national security advisor, maintained a backup of the data in the cloud, and fraudsters downloaded the data but never contacted the government to ransom it.

Ofer Friedman, chief business development officer at identity management experts AU10TIX, recently shared insights about this incident with The Green Sheet in the following Q&A.

What are the people of El Salvador facing right now in terms of ID fraud?

When an entire country’s population details have been compromised, then obviously some of that data will inevitably be used by criminals.

What do you know about the suspect at this point?

The suspect is not the occasional lay-fraudster. Those who seek to put their hands on massive volumes of personal data are the more "professional" scammers.

How do such professional scammers typically use troves of stolen data?

This means that a country has to protect itself against those who are likely to use such personal data en masse, and those who have the skill and resources to integrate that data into ID documents faked to a level that is not detectable by standard algorithms. 

How can El Salvador protect its citizens going forward?

As a country will not ask its citizens to change their personal data so that the compromised data will not match, El Salvador's immediate strategy should be to shift to double-layered fraud detection ASAP.

How does double-layered fraud detection work?

Double-layered defense means bolstering case-level detection (the forensic type) with traffic-level detection. Forensic case-level detection looks at the ID and face images submitted by clients at both the visible and digital level. Case-level analysis, on the other hand, checks for organized fraud behavior, regardless of how well each case is faked.  end of article

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

2024 2023 2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007
A Thing