Identity document verification fraud: The threats fraud teams still underestimate
Guest: David Maimon
In this episode, I’m continuing my conversation with David Maimon, and honestly, this one gets into the part of fraud that a lot of companies still are not fully prepared for. We talk about identity document verification fraud, the cybercrime threats David’s team is tracking through real criminal underground research, and why some of the biggest risks facing U.S. companies are not coming from some distant foreign actor anymore. They are coming from much closer to home.
That is a problem.
Because a lot of fraud programs were built around older assumptions. Foreign threats. Familiar attack paths. Detection tools that worked well enough a few years ago. But when you look at what is happening now, especially around stolen identity documents, synthetic identity fraud, check fraud trends, and refund claims fraud, the pressure is shifting. And some of the fraud detection gaps are getting much easier for criminals to exploit.
David shares what his Evidence Based Cybersecurity Research Group has been observing about cybercrime groups, the effects of global instability on fraud patterns, and why domestic cybercrime has become such a serious issue for American businesses and financial institutions. We also get into one of the hardest truths in this whole conversation. If identity documentation is still too easy to obtain fraudulently, then private companies can only do so much on their own.
And that matters.
Because identity document verification fraud is not just a vendor problem or a workflow problem. It is part of a much bigger ecosystem problem. And if fraud teams are not paying attention to the broader environment these crimes are happening in, they are going to keep getting surprised by tactics that have already been circulating in the underground for a while.
Here is what that means in practice:
- Identity document verification fraud is getting harder to stop because fake and stolen documents are easier to use than many companies realize
- Domestic cybercrime is creating a very different fraud environment for U.S. businesses than older foreign-threat assumptions account for
- Fraud detection gaps get much wider when document verification weaknesses are combined with synthetic identities, check fraud, and account opening abuse
- Cybercrime intelligence and fraud prevention research matter more when the threat landscape is shifting faster than many controls are
What you’ll hear in this episode:
- What David Maimon’s team is seeing in criminal underground research around identity fraud, check fraud, and emerging fraud tactics
- Why identity document verification fraud and document verification weaknesses remain such a major issue for U.S. companies
- How domestic cybercrime and broader U.S. fraud threats have changed over the last few years
- Why fake IDs and passports, synthetic identity fraud, and stolen identity documents are still creating major fraud prevention challenges
- What fraud teams should learn now if they want better identity fraud prevention before the next wave of attacks scales further
You should listen to this episode if you:
- Work in fraud, fintech, banking, ecommerce, or risk and need a stronger understanding of identity document verification fraud
- Want better cybercrime intelligence on the threats being discussed in criminal forums before they become your problem
- Are dealing with fraud detection gaps tied to synthetic identity fraud, check fraud, or stolen identity documents
- Need a more realistic view of domestic cybercrime and why U.S. fraud threats are getting harder to spot
- Care about fraud prevention research that connects identity fraud prevention to the real tactics criminals are using now
If you liked this episode, be sure to subscribe and review the podcast on iTunes, Spotify, YouTube, or wherever you listen to podcasts. It really helps with getting the word out.
Episode notes & key takeaways
This episode is really about understanding where fraud is actually going instead of where companies still assume it is coming from. I get into this with David because the most useful fraud conversations are the ones that connect underground behavior, document verification weaknesses, domestic cybercrime, and real operational risk. If you want to know what fraud teams should be paying closer attention to right now, this is one of those episodes.
Why identity document verification fraud is still such a major weakness
Let’s break this down.
A lot of companies talk about identity verification like it is a solved problem if the right vendor is in place. It is not. And that is one of the most important parts of this conversation. Identity document verification fraud is still a major issue because the document itself is often treated as a stronger trust signal than it actually deserves.
That is the core weakness.
If fake IDs and passports can still be obtained too easily, if stolen identity documents can still move through criminal channels efficiently, and if fraudsters know how to pair those documents with other believable signals, then the verification step becomes much more fragile than teams want to admit. It may look like strong friction on paper. In practice, it can still be very exploitable.
And that matters.
Because once a fraudster gets past identity verification with a believable document package, the downstream risk grows fast. Account opening. Payments. Check fraud. Mule activity. Refund claims fraud. All of those become harder to stop once the first layer of trust was built on a document that should not have been trusted in the first place.
- Identity document verification fraud works because documents are often over-trusted as proof of legitimacy
- Document verification weaknesses become more damaging when companies rely too heavily on them alone
- Identity fraud prevention needs more than document review if the underlying identity ecosystem is weak
- Fraud detection gaps often begin at onboarding and become much more expensive later
Why domestic cybercrime is becoming harder to ignore
This is where things get especially important.
One of the strongest points David makes is that many of the biggest fraud threats to U.S. companies are no longer coming from outside the country. They are domestic. And honestly, that changes the fraud picture more than some teams realize.
Because when the call is coming from inside the house, the signals change.
Domestic cybercrime does not always look the way companies expect sophisticated fraud to look. The documents are more familiar. The identities fit more naturally into local systems. The payment behavior can look more plausible. The stories are more believable. And the perpetrators often have a better understanding of the businesses and institutions they are targeting because they are operating in the same environment.
That is a problem.
Because a lot of anti-fraud thinking was shaped by the assumption that the biggest threat actor was foreign, distant, and easier to separate from legitimate U.S. activity. David is pointing to something much messier. The biggest U.S. fraud threats may now blend in better, move faster, and feel more operationally normal until the losses start showing up.
- Domestic cybercrime creates more plausible-looking fraud patterns for U.S. businesses to detect
- U.S. fraud threats often blend in more effectively because they match local identity and payment expectations
- Fraud prevention research needs to reflect how the threat environment has shifted, not just how it used to look
- Cybercrime threats become harder to detect when teams are still looking for older signals
Why synthetic identity fraud and check fraud still keep getting worse
Here’s what’s actually happening.
One of the most useful parts of the episode is hearing David connect identity document verification fraud to broader fraud categories that teams often treat separately. Synthetic identity fraud is one of the clearest examples. If fake or manipulated identity elements can age quietly inside a system, and if those identities are supported by documents or details that look consistent enough, then the fraud can sit there building trust for a long time before anyone sees the real loss event.
That usually does not end well.
The same goes for check fraud trends. People sometimes talk about check fraud like it is old-school and fading. It is not. It is changing. And criminals are still finding ways to combine older payment methods with newer distribution channels, newer fraud communities, and better identity manipulation techniques.
That is the bigger issue.
These are not isolated problems. Synthetic identity fraud, check fraud, and identity document verification fraud often support each other. The fraudster only needs enough legitimacy to open the door. After that, the methods branch out.
- Synthetic identity fraud gets stronger when false identities can survive early verification checks
- Check fraud trends still matter because old payment rails remain useful to adaptable criminals
- Fraud detection gaps widen when companies view identity fraud and payment fraud as separate issues
- Emerging fraud tactics often combine familiar methods in ways that feel new only after the losses appear
What criminal underground research tells us that companies often miss
This is one of the reasons I always pay attention to David’s work.
Criminal underground research matters because it shows what is being shared, taught, sold, and normalized before many companies start seeing the full operational impact. And that is exactly why cybercrime intelligence should matter to fraud teams more than it often does.
Because the underground is not just a place where criminals exchange stolen data.
It is also where they exchange methods. Tactics. Shortcuts. Guidance. Workarounds. And when a method proves effective, it rarely stays with one actor for long. It starts to spread. That means fraud teams that wait until a tactic becomes obvious internally are often already late.
And that matters.
David’s work helps connect those early signals to the risks companies are actually facing, whether that is document fraud, synthetic identities, refund claims fraud, or check fraud. That is a huge advantage for teams willing to pay attention before the pattern gets noisy.
- Criminal underground research can reveal emerging fraud tactics before they scale broadly
- Cybercrime intelligence helps teams prepare for methods that may not yet be obvious in their own data
- Fraud prevention research is most useful when it turns underground behavior into operational awareness
- Identity fraud prevention gets stronger when teams understand how criminals are packaging and teaching these methods
Why private companies cannot solve this alone
Honestly, this is one of the hardest truths in the episode.
Fraud teams can improve controls. Vendors can improve tooling. Companies can spend more on detection. All of that matters. But if the requirements to obtain identity documentation under false or stolen identities remain too weak, then private-sector fraud prevention will always be fighting with one hand tied behind its back.
That is the part that holds up.
There is only so much a company can do if the broader identity system keeps feeding criminals usable credentials and usable documents. At some point, the issue is bigger than one fraud stack, one onboarding team, or one decisioning model. It becomes a policy problem, an enforcement problem, and a systems problem.
That does not mean companies give up. Obviously not.
It means they need to be realistic about what stronger controls can and cannot solve on their own, while also getting better at collaboration, information sharing, and pushing for more attention to the root causes.
The big takeaway from this episode is pretty straightforward. Identity document verification fraud is still a major problem because the larger environment around identity is still too easy to exploit. Domestic cybercrime is making U.S. fraud threats harder to detect, while synthetic identity fraud, check fraud, and other emerging fraud tactics keep feeding off the same weaknesses. If fraud teams want better outcomes, they need stronger detection, better cybercrime intelligence, and a much wider understanding of the ecosystem these crimes are coming from. That is the part I would pay attention to.
