Sharing identity documents online: when there is no perception of danger

It may seem logical: an entity or company asks us to share a copy of our identity document, passport, or driving license, and we send it through insecure means.

A

t first glance, we assume that the organization requesting our documentation has no other purpose than to assist us in completing a transaction. However, once we cease to be the owners of that copy, we cannot know if someone will attempt to access and manipulate our data through it. Indeed, sharing identity documents online poses risks and can have long-term consequences. 

Lack of awareness about document fraud techniques 

A recent survey focused on UK citizens revealed that 33% of Britons have shared scanned copies of identity documents, such as passports and driving licenses, via email or even through social media, despite being aware of the associated risks. This data highlights a widespread tendency to underestimate threats, multiplying the chances of falling victim to fraud with economic consequences affecting family or work environments. 

Crimes based on utilizing information obtained from these documents are becoming increasingly sophisticated. By posting images of an identification document, individuals might unknowingly provide clues for third parties to trace and create a false profile or synthetic identity using real data. Extracted images could even be employed to create deepfakes, which, in turn, are used to deceive identity verification systems lacking robustness. Contact our experts to learn how TrustCloud integrates advanced deepfake detection functionalities into its video identification solutions. 

Despite these risks, only 31% of respondents admit to having knowledge about deepfakes and their implications. Furthermore, 54% are unfamiliar with social engineering, including tactics like phishing or smishing—frauds that remain the most prevalent and cause substantial financial losses and fund diversions. 

According to the mentioned study, it is interesting to note that almost 50% of respondents aged between 18 and 24 admit to sharing documents through, let’s say, risky channels, compared to 21% of those aged 55 and older. This data highlights that, despite presuming the younger generation to have greater knowledge of internet dynamics, senior users are more prudent and protective of their privacy. 

Among the significant frauds resulting from these irresponsible behaviors are: 

• Identity theft: By sharing identity documents online, there is a risk of someone else using them to impersonate us. Criminals may use the obtained information to open bank accounts or apply for credits in the victim’s name, potentially impacting their financial history, access to government services, or online reputation. 
• Data sale: Even with good intentions, such as verifying identity on an online platform, sharing documents without trustworthy providers can lead to loss of control over the information. The data may be stored, shared, or even sold to criminal organizations or companies aiming to impact users through invasive techniques. 

Tips for sharing official identity documents online 

It is crucial to follow expert recommendations to minimize the risks of sharing identity documents on digital platforms and services, primarily: 

• Limit shared information: Never share the complete document. If only the identification number is necessary, cross out or eliminate the remaining information. Using a black and white copy can also hinder document forgery. In this regard, the adoption of advanced secure credential storage methods, such as TrustCloud Wallet, is recommended. It empowers users to manage their identification data easily and respectfully. Inquire for more information now. 
• Choose a secure sending method: Avoid sending documents via email or social media. Trust only secure file exchange platforms or encrypted messaging applications. 
• Protect identity: It’s never a good idea to share identity documents with unknown individuals or companies. Verify the identity of the person or entity receiving the document, and requesting confirmation of receipt is a prudent step. 
• Stay vigilant: Using strong passwords and changing them regularly is always good advice. Additionally, refrain from sharing information with websites that raise the slightest suspicion about their security. 
• Explore alternatives: In some cases, it may be possible to use alternative identification methods, such as digital certificates or electronic signatures. Research available options and choose the one that best suits your needs. 

Selling biometric data: another way of sharing personal information that sparks debate 

We engage in irresponsible behaviors not only when sharing official documents without considering the risks but also when companies offer money for our biometric data. In the current era, with the spotlight on Artificial Intelligence and various companies exploring how to exploit biometrics, questionable initiatives have emerged, causing the public to lower its guard. 

Enter WorldCoin, a company founded by the creators of ChatGPT, aiming to “create the ultimate digital identification and help verify online activity associated with humans.” To achieve this, WorldCoin is conducting a massive collection of biometric data globally, specifically capturing the iris of thousands through a sophisticated device known as Orb. In exchange for surrendering their iris, which becomes a kind of “digital key,” WorldCoin offers a discreet amount of cryptocurrency valued at around 70 euros (about 80 dollars). With an extensive network of collectors worldwide, the company has already scanned 3.5 million irises across 36 countries. 

Suspicion has arisen, leading to accusations against WorldCoin, ranging from fraud for not delivering on promises to labor exploitation due to poor conditions for its collectors. Concerns about the privacy and security of collected biometric data, lack of project transparency, and potential discrimination by their recognition systems have also surfaced. In response to these accusations, the company has acknowledged some mistakes and promised improvements without specifying their nature. 

A person’s biometric data, like fingerprints or facial features, is considered critical information with special legal protection. This is due to the high risk involved in sharing such information with third parties, especially private companies. Misuse of a person’s biometric data could have serious consequences for privacy and security. To share biometric data, explicit consent from the individual is necessary, and this consent should be: 

• Free: The person must not be pressured or coerced into giving consent. 
• Informed: The person should be clearly and comprehensibly informed about the risks and consequences of sharing their data. 
• Specific: Consent should be given for each specific use of their biometric data. 
• Unequivocal: It must be clear that the person agrees to the sharing of their data. 

Moreover, companies should refrain from using this data beyond the well-defined uses stated in the consent. They also bear the responsibility of secure storage and timely deletion of the data. User caution and their demand for accountability from companies handling identity data are essential ingredients to ensure maximum security. 

Contact our experts in digital identity to prevent fraud and economic losses.