A review of Bank Secrecy Act data filed in 2021 found that roughly 41% percent of reports were related to suspicious activity concerning identity, accounting for $212 billion in activity that year, according to a financial trend analysis released today by the Financial Crimes Enforcement Network. The review found that 69% of BSA reports concerning identity—roughly 1.7 million filings—indicated that attackers impersonated others as part of efforts to defraud victims. Eighteen percent of identity-related reports described attackers using compromised credentials to gain unauthorized access to legitimate customers’ accounts. Thirteen percent of reports said attackers exploited insufficient verification processes.
Depository institutions filed the greatest number of identity-related BSA reports in 2021, reporting $201 billion in suspicious activity, according to FinCEN. Money services businesses were the second largest category of filer but were the most often to report circumvention of verification. The report also found that compromised credentials have a disproportionate financial effect compared to other types of identity exploitation.