• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

FindBiometrics

FindBiometrics

Global Identity Management

  • Biometrics
    • What are Biometrics?
    • FAQ
    • Biometric Associations
    • Companies
    • Premier Partners
  • News
    • Featured Articles
    • Interviews
    • Thought Leadership
    • Podcasts
    • Webinars
    • Year in Review
  • Applications
    • Biometric Security
    • Border Control and Airport Biometrics
    • Consumer and Residential Biometrics
    • Financial Biometrics
    • Fingerprint & Biometric Locks
    • Healthcare Biometrics
    • Justice and Law Enforcement Biometrics
    • Logical Access Control Biometrics
    • Mobile Biometrics
    • Other Biometric Applications
    • Physical Access Control Biometrics
    • Biometric Time and Attendance
  • Solutions
    • Behavioral Biometrics
    • Biometric Sensors and Detectors
    • Facial Recognition
    • Biometric Fingerprint Readers
    • Hand Readers & Finger Scanners
    • Iris Recognition
    • Biometric Middleware and Software
    • Multimodal Biometrics
    • Physiological Biometrics
    • Smart Cards
    • Vein Recognition
    • Voice and Speech Recognition
  • Stocks
  • Events
  • Companies
  • Podcasts

Four Security Lessons From The Tinder Swindler

April 20, 2022

Netflix’s The Tinder Swindler is a salacious tale of online dating gone wrong. As with most stories about love and money, it’s easy to understand the appeal. Unfortunately, that tabloid sheen can distract from the fact that the titular swindler, Simon Leviev, was a real fraudster with real victims who exploited real gaps in the current security infrastructure.

Four Security Lessons From The Tinder Swindler

With that in mind, it’s worth taking a closer look at the movie to figure out just how Leviev (born Shimon Yehuda Hayut) was able to con victims out of more than $10 million over the course of several years. The Tinder Swindler focuses primarily on the stories of Cecilie Fjellhøy, Pernilla Sjöholm, and Ayleen Charlotte, but they were not Leviev’s only victims, and there are countless other con artists executing schemes all over the world at any given time.

The question, then, is what can stakeholders do to catch fraudsters like Simon Leviev? These are some of the main security lessons we can learn from The Tinder Swindler.

The Human Element

At the most basic level, The Tinder Swindler once again demonstrates that humans are the most vulnerable component of any security system. Anti-fraud programs can send up red flags if someone starts making strange purchases with a credit card, but those protections are largely meaningless if the victim is willing to corroborate that activity.

In The Tinder Swindler, Cecilie Fjellhøy’s story is the best example of those limitations. Simon Leviev was very good at building trust with his marks. He would only ask for money after showering them with lavish experiences, which spoke to his financial means and made his fraud seem more like a tit-for-tat exchange rather than a con (at least at first). As a result, Fjellhøy was willing to trust him with her American Express card to help Leviev during an emergency.

Of course, Leviev’s profligate spending habits immediately set off red flags with American Express, since they were out of line with Fjellhøy’s own habits, and the purchases were being made in a different country from the one in which she resided. In that regard, The Tinder Swindler indicates that current anti-fraud monitoring is effective, since it was able to identify strange purchases and blocked the card until the issue could be resolved.

The problem is that Fjellhøy was willing to claim the expenses as the true owner of the card. Since she voluntarily signed off on Leviev’s story, all of his purchases became legitimate from the perspective of American Express.

In all likelihood, financial institutions will always struggle with fraud that is rooted in such a deeply intimate connection. Many people in committed relationships share financial information with loved ones or family members. That is often done without any nefarious intent, since access to financial resources can be critical when someone is dealing with a legitimate crisis.

To thwart a schemer like Leviev, American Express would essentially need to automate all of its blocking decisions, and maintain those blocks even after speaking with a cardholder who wants to restore their account. However, that state of affairs may not be desirable, and comes with many of its own problems. Any decision-making algorithm would be extremely vulnerable to bias, and could block purchases that are in fact legitimate. Such a policy could also be unpopular with customers, since it strips them of a degree of financial autonomy. There are many people who want to be able to provide support for the people closest to them, and may place more value on that than they do on a truly airtight fraud prevention system.

The takeaway is that there may be no such thing as perfect defense in a system with human agency. As long as people are willing to trust one another, there will be bad actors who try to take advantage of that kindness.

Papers, Papers, Papers

That’s not to say that financial institutions couldn’t be doing more to protect their customers. Fjellhøy’s participation may have made it difficult to stop Leviev’s actual purchases, since she was the primary point of contact. Leviev took pains to avoid any personal interaction with card issuers, which allowed him to distance himself from his activities.

Four Security Lessons From The Tinder Swindler

However, Leviev’s jet-setting scheme was international in scope, and there are several points in The Tinder Swindler in which he had to step forward to take a more hands-on approach. Any one of those contact points represents a missed opportunity, in the sense that more advanced anti-fraud technology might have set off an alarm and allowed the authorities to step in.

Leviev’s repeated forgeries are the most significant thing that stands out in that regard. By the events of The Tinder Swinlder, Leviev had already stopped using his birth name and was traveling all over Europe with a collection of aliases and fake passports. Border agents should have noticed something was amiss each time he went through customs, yet Leviev was able to travel virtually unimpeded despite being a convicted felon, and only got caught when Charlotte sent a tip to let authorities know exactly which plane he was on while it was in the air.

Some of that can be attributed to the fact that Leviev was active within the European Union, which does not always require document checks for citizens traveling internally. Even so, Leviev himself was born in Israel, and some of his success can likely be attributed to poor document security. Modern passport booklets come with features like polycarbonate data pages and built-in chips that store the individual’s biometric information, and those new technologies make it more difficult to produce forgeries that will pass official muster.

The widespread adoption of those booklets could have hindered Leviev’s activities. His regular travel (and his frequent use of private jets) lent a degree of legitimacy to his claims about his wealth and status. Taking that away would hinder his ability to sell those particular lies.

 Who Do You Work For?

Leviev’s duplicity was not limited to fake passports. He also forged checks, transaction statements, and employment records to create the paper trail that he needed to maintain his scheme.

The last of those three is the most noteworthy from a security perspective. The fake checks and transaction statements were designed to fool his victims rather than the banks, and it is highly unlikely that he expected (or even wanted) any of those checks to clear. The fact that they didn’t get processed suggests that they were not sophisticated enough to get past modern financial security, and could only fool civilians who have not been trained to spot discrepancies.

The fake employment records, on the other hand, are far more concerning because they were used to trick large financial institutions. In The Tinder Swindler, Leviev provides Fjellhøy with a fake earnings statement that indicates that she is making more than $94,000 a month while working for the Leviev Group. That statement was the sole piece of evidence used to convince American Express to raise Fjellhøy’s credit limit well beyond what it would have been based on her actual income.

Leviev took advantage of that to run up expenses on the card and drive Fjellhøy further into debt. The extent of the damage would have been much smaller had American Express not accepted his forgery at face value. Better risk screening could have uncovered a discrepancy or at least a pattern, since Leviev presumably used similar techniques to con his other victims.

The fact that Leviev masqueraded as a member of a real company (and a real family) adds another layer of intrigue. In the movie, it’s unclear whether or not Simon’s fake statement is supposed to come from a real Leviev organization, or whether or not it is a front that remains in Simon’s control. Either way, Simon Leviev would not have shown up in LLD Diamond’s own employment records, and more due diligence could have unearthed that paper trail (or a lack thereof). The actual Leviev family is now suing Simon for false representation. Given the scale of Simon’s lies, the fact that no one ever noticed what he was up to indicates that there are still some sizable gaps in current risk screening solutions.

Let’s Get Verified

Finally, there is the matter of Tinder itself. At the time depicted in the film, Tinder did not require any form of identity verification, so it was easy for Leviev to set up an account with his chosen alias. Thanks to stories like The Tinder Swindler, many dating apps now recognize that that lowers the amount of trust that customers have when engaging with their platform. Apps are consequently starting to integrate some form of identity verification into their onboarding process to combat fraud, echoing a trend seen in other industries in the past few years.

Four Security Lessons From The Tinder Swindler

The most common remote onboarding solutions ask new users to submit a selfie and a picture of a photo ID when they make an account. The solutions use facial recognition to match the selfie to the ID, and document verification to confirm that the ID is legitimate.

The latter part of that check presents a potential problem for someone like Leviev, who frequently did business with fake documents. Fake driver’s licenses and fake passports can be cross-referenced with official records, so the more times a fake document is scanned, the more likely it is to set off an alarm with financial institutions and law enforcement.

Leviev’s own dating prospects have diminished, if only because many dating apps have personally banned him since he became a household name. There are nevertheless plenty of other aspiring con artists looking to follow in his footsteps, and better onboarding could prevent the next Leviev from connecting with victims through real businesses like Tinder.

For its part, Tinder seems to have learned its lesson. The company is already rolling out its own ID verification feature, after trialing the solution in Japan in 2019. No business wants to be associated with a fraudster like Simon Leviev, and better fraud prevention tech will be crucial as Tinder looks to distance itself from the world’s worst date.

–

April 20, 2022 – by Eric Weiss

Related News

  • 1Kosmos Reinforces Identity Verification With AAMVA Data1Kosmos Reinforces Identity Verification With AAMVA Data
  • Veriff Unveils Identity Solution for HR IndustryVeriff Unveils Identity Solution for HR Industry
  • Onfido Revenues Went Up 90 Percent Amid 2021’s Identity Verification BoomOnfido Revenues Went Up 90 Percent Amid 2021’s Identity Verification Boom
  • Indian Dating Site Uses Onfido to Confirm Customer IdentitiesIndian Dating Site Uses Onfido to Confirm Customer Identities
  • Biometric Security Significantly Reduces ID Fraud, Suggests Onfido ReportBiometric Security Significantly Reduces ID Fraud, Suggests Onfido Report
  • Onfido Provides Biometric Onboarding for German Online Pet ExchangeOnfido Provides Biometric Onboarding for German Online Pet Exchange

Filed Under: Featured Articles, Features Tagged With: Biometric, biometric identity verification, face biometrics, facial recognition, financial fraud, identity fraud, online dating, online dating platforms, selfie onboarding, The Tinder Swindler

Primary Sidebar

MEMBERS ONLY:

The Tech Bubble Is Bursting. VCs Are Nervous. What Does That Mean for Biometrics?

Sponsored Links

TECH5 showcase logo

TECH5 is an international technology company founded by experts from the biometrics industry, which focuses on developing disruptive biometric and digital ID solutions through the application of AI and Machine Learning technologies.

TECH5 target markets include both Government and Private sectors with products powering Civil ID, Digital ID, as well as authentication solutions that deliver identity assurance for various use cases. 

Learn more: www.tech5.ai

cmitech logo

CMITech is a leading provider of high performance, cost effective iris recognition systems. The company is setting the industry standard for advanced user interfaces that are fast, intuitive and effortless. Serving enrollment and authentication solutions of all sizes, CMITech systems include binoculars-type, wall mount, desktop, and kiosk-type product configurations.

Onfido logo

Onfido is building the new identity standard for the internet.Our AI-based technology assesses whether a user’s government-issued ID is genuine or fraudulent, and then compares it against their facial biometrics. That’s how we give companies like Revolut, Zipcar and Bitstamp the assurance they need to onboard customers remotely and securely. Our mission is to create a more open world, where identity is the key to access.. For more information, please visit www.onfido.com

ThreatMark brings trust to the digital world by providing cutting-edge fraud prevention solutions. Major banks use ThreatMark’s AI-powered technology and behavioral biometrics to build secured banking experience to precisely verify their legitimate users, seamlessly across all digital channels. All while securing the users’ most precious assets and keeping the fraudsters away. Learn more: www.threatmark.com/

With its secunet border gears product portfolio and specialised consulting expertise, secunet supports police forces and security authorities in their sovereign tasks. Whether ABC gates, self-service kiosks or biometric middleware – each component helps to strengthen identity protection and to accelerate verification – in mobile and stationary scenarios.

Mobile ID World Logo

Mobile ID World is here to bring you the latest in mobile authentication solutions and application providers. Our company is dedicated to providing users with the best content and cutting edge information on technology, news, and mobile solutions for your mobile identity management needs.

Recent Posts

  • Singapore Airport to Expand Use of Biometric Screening Tech
  • TECH5 Joins OIX to Advance Identity Policy
  • Senate Asks FTC to Investigate ID.me for Deceptive Business Practices
  • Nine of the Top 10 Liveness Detection Systems are Vulnerable to Deepfakes: Report
  • Innovatrics Bolsters Digital Onboarding Toolkit With Identity Service API

Biometric Associations

IBIA and fido

Tweets

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2022 FindBiometrics