DAC7 Compliance

The COVID-19 pandemic boosted the digital commerce space like never before. The gig economy also saw a boost as companies all over the world looked towards remote workers. The gig economy has always been outside the traditional norms of business. Allowing delivery drivers, vacation property owners, and similar businesses to avoid paying taxes on these transactions. 

Due to this, the IRS made new rules for gig economy tax evaders. IRS has made it compulsory to provide reports of income generated from on-demand services and goods and digital platforms. 

The EU has also had the same legislation in the works for a long time. If you’re a digital platform owner in the EU or if you have sellers on your platform from the EU, you should be aware of the DAC7 directive. 

Let’s dive a bit deeper into DAC7 and what it means for EU businesses.

What is DAC7?

In March 2021, the European Council released the DAC7 directive. DAC7 aims to extend the scope of existing tax transparency laws for digital platforms. The directive requires platform owners to collect and report personal and business information on income realized by sellers using their platforms for commercial services.

The goal of the directive is to ensure that all taxes (income tax & value-added tax) are reported and assessed. The gig economy and sharing economy have been evading tax. DAC went into effect on January 1, 2023. It applies to everything from ride-sharing, food delivery apps, online jobs, and other digital marketplaces. 

Even businesses in traditional industries may come under the scope of DAC7. That is, if they connect third-party sellers and users through their website for commercial activities. 

Payment processing platforms such as PayPal, Venmo, and Stripe that allow users to only advertise goods or services and platforms that redirect or transfer users to another platform don’t have to comply with DAC7.

Businesses that Have to Comply with DAC7

DAC7 applies to digital platform operations incorporated or managed in the EU. It also applies to tax residents in the EU who engage in commercial activities that don’t fall under general tax rules. 

Digital platform owners/operators located outside the EU who host sellers who are EU residents or facilitate the rental of property in the EU have to comply with DAC7 as well. 

Here’s a complete list of those who have to comply with DAC7:

Business TypesExamples
Sales of GoodsSecond-hand items
Real estate
Rental of Immovable PropertyCo-working spaces
Parking spaces
Vacation homes
Delivery or Performance of Personal ServicePaid live streaming
Food delivery services
Rental or Any Mode of TransportScooters

Whose Information Has to Be Reported?

Under the DAC7 directive, any platform that hosts EU resident sellers who conduct business on the platform has to report the seller’s information. Businesses must also report information about non-EU residents who rent immovable property.

On the other hand, government and publicly traded entities are exempt from complying with DAC7. Casual sellers that have less than 30 sales whose amount equates to less than 2,000 euros. Smaller hotel chains and tour operators that have conducted less than 2,000 transactions in a reporting period are also exempt.

What Information Has to be Reported?

If you’re a digital platform operator, you’re obligated to start identifying and collecting specific information from sellers on your platform as of January 1, 2023:

  • Seller’s identity – full name/legal name, primary address, DOB
  • EU member state of residence
  • Financial account information
  • Tax identification number
  • VAT/Business registration number (for entities)
  • Consideration is paid or credited per quarter, along with any fees, commissions, or taxes withheld by the reporting platform operator.

If you’re operating a platform that deals with immovable rental property, you’re required to report additional information, including:

  • Address and land registration number of each property listing.
  • Total number of days a property was rented.
  • The total amount paid in the reporting period.
  • Any fees, commissions, or taxes withheld or charged by the platform in the reporting period.

You, as a business, have to inform the seller in advance that their information will be collected and reported. If the seller doesn’t share their data, you, as a business, are obligated to send 2 reminders. If the seller fails to provide the data for 60 days, the business has to remove the seller from the platform and close the account.

How to Comply With DAC7 Reporting Obligations?

Businesses can comply with DAC7 reporting obligations by submitting all their EU seller information in one member state. If you’re a registered business in the EU, you’ll have to submit your information in the state in which you’re registered. 

As a business, you have to submit your reportable information no later than January 31 of the year following the calendar year in which you identify a reportable seller. The final deadline for the reporting period is January 31, 2024. 

Once the information is submitted, the member states’ tax authorities will distribute the information among themselves. EU member states are required to exchange information within 2 months of reporting. 

You can submit the information yourself or find a service provider to do that for you.

How to Prepare Your Business for DAC7?

If you’re a business operating in the EU, there are some steps you need to take to prepare your business for DAC7. It’s all about how you collect data and how you report the entire process. Here are some initial questions to answer as reporting requirement dates come closer:

  • Does your business already collect all the data you need from the sellers for reporting? If not, what should you do to collect data? Process and systems-wise, to collect the data?
  • Do you need to make any changes to the terms and conditions or posted consent policies to facilitate data collection from sellers?
  • Which steps do you need to take to keep the collected data safe from hackers and data breaches?
  • Which systems and processes do you need to upgrade or implement to validate the seller’s information before reporting?
  • Is your business subject to other regulations or laws that require you to collect similar information and have similar reporting requirements?

How DIRO Can Help

DIRO document verification can help businesses comply with the EU’s DAC7 directive.

Our online document verification solution can help you verify businesses and onboard them quickly. You can collect and verify a business’s bank account information, address, incorporation documents, and other valuable data.

DIRO verifies documents directly from the issuing source, eliminating the use of fake and stolen documents.


Application fraud

Let’s just agree on one thing – digitization has changed the financial sector for the good. No more waiting hours, no more visiting brick-and-mortar locations, and the ability to do things instantly.

But, there’s a downside to doing everything digitally. Without face-to-face interaction, businesses become open to application fraud. As banks can’t see the person that’s behind the screen, fraudsters can easily commit fraud. 

This is a challenge that financial institutions, realtors, creditors, and other businesses face every day. Even a miniscule miscalculation on the business’s end can lead to huge losses. 

Fortunately, there are ways to protect businesses against application fraud. In this article, we’ll go over everything about application fraud.

What is Application Fraud?

Application fraud is when an applicant submits false information to a business for approval. This can include misrepresenting personal or financial information, including:

  • Falsifying employment history
  • Inflating income
  • Providing fake ID documents
  • Misrepresenting credit history

The biggest example of application fraud is when an individual for credit cards, loans, or other products. A fraudster would use fake information about their financial information, employment, or further relevant details. 

If everything goes the fraudster’s way, they will have access to a credit card or a loan that they can use to conduct other financial frauds.

How do fraudsters get access to the fake information? Well, just in 2023, over 4.5 billion personal information records were stolen. 

Technology has made it easier than ever to steal personally identifiable information.

How is Application Fraud Committed?

Consumers want instant financial services. So, banks, credit unions, and other financial institutions offer digital products to keep up with customer demands.

Processing online applications puts businesses at a risk of being defrauded. When a person applies for a credit line or loan, they expect a seamless process. To make this happen, companies offer fast approval times. These fast approval times lead to mistakes and invite fraudsters to commit third-party fraud.

When committing third-party fraud, criminals will fill out applications under someone else’s identity trying to trick the organization. If a fraudster has enough information at hand, they can trick the systems. 

By the time the company or the individual figures out the fraud, it’s too late. Because of digitization, criminals can submit fraudulent information to as many companies as they want. This is only possible because of advanced tools like bots, cloud infrastructure, and virtual machines.

This is likely why loan application fraud is growing.

Common Methods Criminals Use for Application Fraud

There are a number of ways scammers use to commit application fraud. One of the most common ways is using synthetic identities.

It’s challenging to identify the type of fraud when businesses allow online application submission and application of ID documents. But how do scammers collect this personal information and commit application fraud?

1. Breaching Databases

Data breaches happen to businesses of all scales. Some happen intentionally, while others happen by accident. Accidents such as an employee can create an insecure password. Or leave the password at a place where anyone can access it. 

It’s highly common for data breaches to happen when hackers blatantly target an entity to breach their database. Fraudsters use a number of technologies to break into a company’s database. They often use bots that insert millions of variations of a password to brute force a password. 

Once a data breach happens, millions of data records can be stolen. Common data includes:

  • Names
  • Date of birth
  • Addresses
  • Phone numbers
  • Account details

2. Targeting Call Centers

The Internet isn’t the only way criminals are stealing identities. One of the second most used methods is using call centers. Unfortunately, voice isn’t enough to determine someone’s identity, making it another easy target for fraudsters.

As there’s no way to detect synthetic identities or fraud patterns, criminals can easily use it to their advantage. 

3. Intercepted Mails

Intercepting emails are more sophisticated than stealing envelopes from mailboxes and hoping to grab something valuable. Criminals today use USPS informed delivery while applying for credit cards. This is a service that USPS offers to allow users to track mails and packages before they are delivered.

This notifies the scammer when the credit card will be delivered so they can snatch it before the legit customer has a chance to see it. 

4. Using Cloud Infrastructure

Criminals also use virtual spaces to commit identity theft and application fraud. This includes using the same cloud services businesses use daily. Fraudsters use the cloud to run automated scripts and bots to conduct large-scale fraud attacks.

Bots can also be used to brute force attacks by hacking into accounts by entering different variations of PINs and passwords. It’s not uncommon for fraudsters to search for available credentials. This is when fraudsters use a collection of personally identifiable information.

How to Detect and Prevent Application Fraud?

  1. Security Measures for In-House Personnel

Employees are the first line of defense against fraudulent attempts, so they should be educated about fraud applications. To detect and prevent application fraud, businesses should educate employees on:

  1. Machine Learning Solutions

Artificial intelligence and machine learning are revolutionizing the industry. AI and ML technologies can make it possible for companies to detect and prevent various types of fraud. Financial institutions use rules engines and a mix of supervised and unsupervised machine learning.

But these technologies become outdated, so you need solutions that can evolve. If solutions are not updated, engines and rules-based systems can become susceptible to false positives.

  1. AI for Application Fraud Detection

Financial institutions also use AI-based document verification tools for fraud detection. Some AI solutions use existing data sets to verify information provided by customers.

This offers more efficient and ultimately automated document fraud leading to fewer loan write-offs. Using AI for fraud detection is excellent for organizations that process dozens or even thousands of applications every day. This leads to a lower risk of fraud and improves user experience.

Conclusion – Fight Application Fraud

Digital transformation is an ongoing trend for modern businesses. Organizations are becoming quick to adopt new technologies to streamline operations, improve customer experiences, and boost competition.

But as businesses increasingly rely on interconnected devices, the risk of fraud is also increasing. Application fraud poses huge risks to businesses, which can lead to huge financial and reputation losses.

Businesses should rely on all available methods such as DIRO to prevent application fraud. DIRO document verification verifies documents from the issuing source to prevent the use of fake and stolen documents. This helps businesses improve the entire onboarding process and reduce user experience.


Protecting Yourself from Holiday Shopping Fraud

The holiday season is upon us, with Black Friday and Cyber Monday just around the corner. As the festive shopping rush begins, it’s important to stay vigilant against potential fraudsters who are gearing up to exploit the season’s hustle and bustle with different holiday shopping fraud.

Whether you’re a retailer hiring seasonal workers or a shopper making wish lists, staying informed about common scams can help you safeguard your financial security. 

Here are five prevalent scams that are expected to show up unexpectedly this holiday season.

5 Ways to Protect Against Shopping Scams?

There are some basic steps everyone can follow to prevent holiday shopping fraud. Without proper vigilance, it’s almost impossible to distinguish between legit sellers and scammers.

1. Vigilance Against Phishing Attacks

Phishing attacks are the biggest concern that intensify during the holiday season. At this time of year, fraudsters often deploy emails or text messages designed to lure recipients into sharing personal information or clicking malicious links.

These messages may appear to come from legitimate businesses and offer enticing rewards or promotions for minimal effort.

For instance, fraudsters may exploit the increase in package deliveries by sending fake tracking notifications or emails that claim there’s an issue with a shipped package. The end goal is to prompt recipients to enter sensitive information.

To defend against these scams, it’s crucial to exercise caution and critically evaluate suspicious offers. Ask yourself whether a legitimate organization would request payment details or personal information through such means. 

If in doubt, reach out directly to the business using verified contact information to confirm the legitimacy of the message.

2. P2P/Zelle Scams: Be Wary of Unsolicited Calls

Scams involving peer-to-peer (P2P) payment apps like Zelle are an ongoing concern. Use of these apps tends to spike during the holiday season. Fraudsters love to impersonate banks or credit card companies, making unsolicited phone calls to victims. 

They may claim there’s been fraudulent activity on the victim’s account and instruct them to transfer money to a purportedly secure account—owned by the fraudster.

In addition, fraudsters may manipulate consumers into making payments through P2P apps outside the legitimate shopping websites. 

For example, they might pose as sellers on popular marketplaces and entice buyers to make direct payments through P2P apps to evade fees or secure exclusive deals. 

To avoid falling victim to these schemes, stick to the official payment methods offered by trusted websites and never make direct payments to individuals.

3. Guarding Against Account Takeover

Account takeover scams, a time-honored tactic, continue to pose threats during the holiday season. In these scams, fraudsters gain access to victims’ accounts and exploit their credentials to make unauthorized transactions, often targeting e-commerce and retail accounts.

Be vigilant for notifications about unusual orders, shipping addresses, or other account changes. Amid the holiday rush, it’s easy to overlook such notifications, so be proactive in monitoring your accounts.

If you suspect any unauthorized activity, act promptly to secure your account and prevent further fraudulent actions.

4. Promotion Abuse: Don’t Fall for Too-Good-To-Be-True Offers

Holiday sales often tempt consumers with irresistible promotions. Scam artists capitalize on these offers, exploiting promotions that involve referrals, sign-ups, or Buy Now, Pay Later (BNPL) services.

They may open fraudulent accounts to cash in on these promotions or leverage bots to automate the process. Be cautious if you receive confirmation emails about new accounts you didn’t create.

While you might not directly suffer financial losses, the prospect of fraudsters using your personal information illicitly remains a concern.

5. Vigilance Against Fake Websites and Seller Accounts

Fraudsters deploy fake websites and social media accounts to impersonate legitimate businesses, thereby enticing users into divulging personal information or downloading malware. 

These fake websites are designed to closely mimic authentic ones, even appearing in search engine results and sponsored ads. Similarly, on e-commerce platforms like eBay, fraudsters create counterfeit seller accounts to trick consumers into paying for nonexistent items or services.

Exercise caution while clicking on links in emails or social media posts to mitigate these risks. Verify the legitimacy of websites before entering personal information. If a deal seems too good to be true, it’s wise to approach it skeptically.

Secure Your Shopping Experience

While the holiday season offers joy and celebration, it also presents an opportunity for fraudsters to exploit unsuspecting consumers.

To protect yourself, remain vigilant, and adopt a skeptical approach to unfamiliar offers or communications. Staying informed about prevalent scams and following best practices can ensure that your holiday shopping remains safe and secure.

Remember, your awareness and proactive response against frauds are powerful tools in thwarting fraudsters’ attempts and preserving the joyous spirit of the season.


1. What does “Holiday Shopping Fraud” refer to?

Holiday shopping fraud involves various deceptive activities that target shoppers during busy holiday seasons, aiming to steal personal and financial information, money, or merchandise.

2. Why is holiday shopping a prime time for fraud?

During holidays, people are often in a rush and more willing to make purchases online or in-store. This creates opportunities for fraudsters to exploit vulnerabilities in payment systems, websites, and customer behavior.

3. What are the common types of holiday shopping fraud?

Common types include phishing emails, fake websites, identity theft, counterfeit products, gift card scams, and online auction fraud, where buyers pay but don’t receive items.

4. How do gift card scams work?

Scammers might request payment via gift cards for various reasons (e.g., fake tech support, overdue bills). Once the gift card codes are given to scammers, they can’t be traced or refunded.

5. What should I do if I suspect a phishing attempt?

Don’t engage with the message. Report it to your email provider and the relevant authorities. If it’s from a legitimate organization, contact them through official channels to verify the communication.


Biometric Verification

Proving ourselves online has become a relatively recent problem. As the world becomes interconnected, it becomes harder to distinguish between legit users and people who imitate a legit user. Document verification and identity verification methods are essential when high-risk transactions are involved.

ID verification and other similar methods have become necessary for the identity-proofing process.

Several methods exist to verify our identity, including biometric data, faces, fingerprints, eyes, and voice.

What is Biometric Authentication?

Several biometric verification methods allow us to prove who is online. Biometric authentication is commonly used for device security, authenticating online transactions, immigration controls, and patient identification in healthcare.

All biometric recognition solutions use a comparison of the digital representation of a physical or behavioral feature with a previous template.

Biometric systems must operate on pre-determined recognition accuracy and meet the speed and organizational resource requirements.

Advantages of Biometric Verification

Using Biometric verification is different from relying on third-party verification solutions. That doesn’t make biometric authentication inferior to other solutions.

Here are the advantages of Biometric authentication:

1. Fast and Convenient

Some types of biometric authentication are faster than others. Almost all verification can be done within seconds. Biometric verification is a convenient and secure method for protecting against ID fraud.

Biometric authentication is enough and doesn’t require PINs, passwords, KBAs, or other responses. Eliminating the need for remembering passwords. The best part of biometric authentication is that there’s no need to carry credentials.

2. High-Level of Security

Unlike KBA, biometric authentication has no information that hackers can steal. Cyberattacks and data breaches don’t risk the stealing of biometric data. To have a chance at stealing biometric data, hackers have to target specific individuals.

To imitate an individual’s physical characteristics, fraudsters have to sophisticated circumvention of scanners or camera sensors in a biometric system. Stolen and impersonated biometric data can still be verified with liveness checks to ensure the person is legit.

3. Tough to Fake Genuine Presence

Biometric verification is trusted because it’s directly related to the genuine presence of the owner.

The US National Institute of Standards in Technology evaluates and ranks liveness detection technology to ensure that only the best is used. Combining biometric authentication with liveness checks makes biometric systems hard to imitate.

Disadvantages of Biometrics Authentication

It’s not all good when it comes to Biometrics authentication; the solution also has some drawbacks. Such as:

1. False Biometric Matches Can Happen

While it is rare, a false biometrics match can happen. It happens when the biometrics data of two individuals need clarification. Most of the time, it occurs in the case of two similar-looking siblings. If the biometrics data used is incorrectly recorded, then the chances of these mistakes happening increase dramatically.

To reduce the false approval rates in biometrics authentication systems, the system should be able to capture high-quality biometrics data. It should also be able to update biometrics reference data regularly to match with users.

2. Can Reject Legit Users

Instead of giving out false positives, biometrics authentication can reject a legit user. This can happen when a person’s biometric traits change (with age/due to some accident/weight gain or loss). Poor image capture can also cause result in false rejections.

To prevent this, ensure that systems’ sensors capture high-quality biometric samples and templates.

3. Biometrics Bias

Biometrics verification systems run on machine learning algorithms. In past studies, the US National Institute of Standards and Technology showcased that African-American and Asian people experienced 10-100 times higher FAR.

There should be special care to train these algorithms on all-inclusive data sets that don’t discriminate against races and demographics. The best authentication systems should follow ISO standards to ensure no discrimination or disadvantage for any group.

4. Secure and Smooth Digital Experience

Brands are built on trust and excellent customer relationships. A great digital experience and a safe experience matter to businesses and customers. ID verification systems must balance these out and adjust between security and convenience according to the organization’s needs.

Multi-biometrics systems can combine authentication checks against several biometrics features.

It makes sense to layer identity data verification checks to provide an ideal level of speed and security in biometrics authentication. Verify names, date of birth, and addresses alongside biometric verification to establish trust in a person’s identity.