Identity proofing: how to prevent identity theft online

A handy guide for users and businesses on how to conduct identity proofing and prevent online identity theft.

In 2018, the number of people who got their identities stolen in the US equaled almost the population of Miami. That’s 444,602 people who were affected which cost $1.4 billion.

Identity manipulation and theft can happen to anyone and lead to problems that could damage your credit history, impact your loans, mortgage and tax refund and sometimes even exhaust your savings account. Worse yet, it may even lead to a wrongful arrest. But it’s not just about the money - it can include highly sensitive data such as private pictures as well.

What is online identity theft?

In the US, identity theft online happens almost every minute. The common ID theft definition is to take over another person’s identity without authority to use their sensitive data for fraudulent actions.

It may not be a simple case of spam emails - consider the impact if your credit card details are compromised and you run the risk of fraudulent activity under your name?

Some of the most common types of identity thefts in the US

Credit card fraud is the most common one. In the latest report from 2018, the FTC registered around 157,000 cases where people claimed credit card fraud. In 130,000 cases, new accounts had been created, whereas the remaining cases had leveraged existing accounts to siphon money from.

Identity theft followed closely behind, with nearly 122,000 cases reported through everyday activities like online shopping, social media or medical data theft, followed by employment and tax related frauds with 67,000 registered cases. Number four were phone or utility frauds where thefts stole around 67,000 identities.

stacked bars showing the top 3 identity theft types by year from the year 2014-2018

Although the number of incidents surrounding online identity theft stagnated since 2015, that’s not the case - the graph only shows three major frauds. The total number has been increasing over the last couple of years, and the only category recording a decline is the number of employment or tax-related fraud.

How does identity theft happen online?

A few years ago, it was reported that a 32 year old man stole more than 200 digital identities including ones that belonged to Oprah Winfrey, Steven Spielberg and Warren Buffett to withdraw money and make online purchases.

This was made possible by technology that churned out fake credit cards and later, registered new accounts under different addresses. In today’s digital space, there are common and easier ways to get access to sensitive data, highlighting the critical need to build ample security for stronger privacy and data controls.

Phishing is one of the more commonly used methods of identity thefts online. It’s the act of sending emails with links which auto-downloads spy software upon clicking on it, handing over control to a large amount of your sensitive data. The stolen data can be leveraged to make payments, order things online or create new accounts, so you wouldn’t even notice it.

Trojans and viruses can also take over your account and block you from accessing it. Fraudsters then try to access other accounts through your account by using the same password. It’s not far from likely that your account was hacked last year when over 800+ million records were exposed.

Another trick often used by online identity thefts is to create new profiles or accounts under your name, backed by similar email addresses and pictures.

It seems like identity theft is still not taken seriously. But why?

There are two reasons for that. First, a large part is attributed to people’s approach - where they’re not careful enough and carry a casual “this happens to others but not to me” thinking.

Think about it - have you ever had a second look at a web site before sharing sensitive data? And do you have a different (and strong) password for every account you are using.

Secondly, it’s not quite true that nobody cares about it, but today there is no easy and secure way for people to prevent identity theft online when identifying themselves online to other businesses. This leaves companies with the issue at hand, where they’re forced to resort to intrusive, expensive and cumbersome processes for verification or ones that simply cannot be scaled to solve this problem.

This has enabled fake accounts to proliferate, industrial-scale identity theft and manipulation, and complicated onboarding and access management processes.

How to conduct identity proofing

If you don’t have an online verification tool like Passbase 😉, the below points can help you get started.

Tips to prevent online identity theft from taking place

  • Only use trusted websites (https instead of http) to share your information
  • Use different, strong passwords for every account you have
  • Use two-factor authentication
  • Never use public Wifi to share sensitive information such as credit card numbers
  • Always check your bank account and take immediate action if something looks suspicious
  • Check what you share on social media
  • Check whether there are similar accounts with your name and pictures
  • Don’t click on email links from people you don’t know
  • Set up a mail spam

Where to check if your identity has been stolen online?

  • Can you still log into your online bank account?
  • Can you still log into your social media accounts?
  • You get random emails from your bank
  • You get recipes for things you didn’t order
  • Google yourself and search for your name on social media

What to do if your identity has been stolen online?

  • Reach out to the social media platform, go to “help” and report the online identity theft
  • Reach out to your bank, explain the situation and block your account
  • Reach out to your local police to press charges
  • For more information go to the FTC website

Identity proofing with Passbase

Identity theft online will be a lot harder in the future. Digital identity platforms such as Passbase try to solve this problem by fully digitizing the way people identify themselves online by creating a biometrically secured, verified and portable digital identity.

Digital identities will play an important role in the way we verify ourselves over the internet. Passbase provides features like liveness detection, ID authenticity checks with a database of over 6,000 documents from 190 countries and Anti Money Laundering scans.

Taken together these provide additional layers of security for identity verification while giving users control over which sensitive data they want to share and with whom.

Are you a business owner? Sign up with Passbase today and help your customers by avoiding identity theft fraud on your platform.

Get the latest news from Passbase

Passbase © 2023


Passbase is an identity verification solution that makes facial recognition, liveness detection, ID verification and KYC and AML compliance accessible through a suite of flexible developer tools. A zero-knowledge architecture ensures that companies using Passbase can securely verify users from over 190 countries without having to store their data. Built for developers, it can be integrated with just a few lines of code on iOS, Android, and Web.