Cifas, the UK’s leading fraud prevention service, has released new figures showing that identity fraud has hit the highest levels ever recorded. A record 172,919 identity frauds were recorded in 2016, which is more than in any other previous year. Identity fraud now represents over half of all fraud recorded by the UK’s not-for-profit fraud data sharing organisation (53.3% of all frauds recorded to Cifas), of which 88% was perpetrated online.
The majority of identity fraud happens when a fraudster pretends to be an innocent individual in order to buy a product or take out a loan in their name. Often, victims don’t even realise that they’ve been targeted until a bill arrives for something they didn’t buy or they experience problems with their credit rating.
To carry out this kind of fraud successfully, fraudsters need access to their victim’s personal information such as their name, date of birth, address and bank details. Fraudsters access such detail in a variety of ways, from stealing mail through to hacking, obtaining data on ‘The Dark Web’, exploiting personal information on social media or though ‘social engineering’ whereby innocent parties are persuaded to give up personal information to someone pretending to be from their bank, the police or a trusted retailer.
In recent years, Cifas has been informed of growing numbers of young people falling victim to ID fraud. That upward trend continued in 2016 with almost 25,000 victims aged under 30. In particular, there has been a 34% increase in the number of under 21s subjected to ID fraud. On that basis, Cifas is again calling for better education around fraud and financial crime and urging young people to be vigilant about protecting their personal data.
2016 also saw increases in the number of victims aged over 40, with 1,869 more victims recorded by Cifas members.
Mike Haley, deputy CEO at Cifas, said: “These new figures show that identity fraud continues to be the foremost fraud threat. With nine out of ten identity frauds committed online and with all age groups at risk, we’re urging everyone to make it more difficult for the fraudsters to abuse their identity. There are three simple steps that anyone can take to protect themselves: use strong passwords, download software updates when prompted to do so and avoid using public Wi-Fi for banking and online shopping.”
Haley continued: “We all remember to protect our possessions through locking our house, flat or car, but we don’t always take the same care to protect our most important asset – our identities. We all need to take responsibility to secure our mail boxes, shred important documents like bank statements and utility bills and take sensible precautions online. If not, we’re simply making ourselves a target for the identity fraudster.”
Commander Chris Greany, national co-ordinator for economic crime, stated: “We welcome the figures released by Cifas as they demonstrate how we all need to be alert to preventing identity theft now more than ever before. We do everything we can to stop identity thieves in the fight against fraud, but the key is prevention and protection. Just taking a few simple steps can make all the difference to protecting your personal information and finances.”
Greany added: “With close to half of all crime now either acts of fraud or cyber crime, we all need to make sure we protect our identity. Identity fraud is the key to unlocking your valuables. Things like weak passwords or not updating your software are akin to leaving a window or door unlocked.”
Addressing a damaging issue
John Marsden, head of identity and fraud at Equifax, observed: “With identity fraud only set to rise further, businesses and consumers need to take action to address this damaging issue. Serious steps need to be taken by financial services companies to strengthen the security systems they have in place and the way in which they verify identities, especially so for online applications. Companies need to consider investment in biometric processes to validate identities, as well as implement multi-layer approaches to challenge fraudsters’ attempts to compromise systems. Consumers are embracing biometrics in their everyday lives, for example by using them to access their smart phones and in their passports, and it’s fair to say that financial services companies can maximise this technology to protect their customers and their businesses.”
Marsden continued: “There’s a worrying knowledge gap in terms of how consumers determine safe places to share personal information. People are not aware of the value and opportunity their most basic personal details offer to fraudsters. Just a name, address and date of birth can be enough information for a criminal to steal an identity and financially exploit it, for example by applying for a loan or credit card. With the increasing inclusion of personal information on social media, fraudsters are able to access an expanding pool of data which they can easily abuse. Individuals must take care to protect their details, while the financial industry must continue to work together to educate its customers in supporting this move.”
For consumers, the following steps should be strictly followed as a first line of defence:
*Don’t conduct your banking in public places and definitely not on public Wi-Fi (establishing bogus public Wi-Fi ‘hotspots’ is a way for criminals to access devices and information)
*Never respond to unprompted banking messages unless you’re absolutely certain the request is genuine
*Be very aware of the domain names used and the security signs visible in a browser. Make sure you log on to a banking website at a web address you know rather than via a link
*Never provide any banking details to a third party you don’t know or are unsure about (in part or as a whole)
*Avoid unnecessarily sharing details such as your name, address and date of birth as fraudsters can exploit this information and steal your identity
Need for extra vigilance
In light of the new figures from Cifas, members of the British Security Industry Association’s (BSIA) Information Destruction Section have warned businesses to be extra vigilant in terms of how they dispose of information that may contain personal data.
Many businesses collect and retain personal information about their customers and employees. This information is often discarded when it’s no longer required following scanning or when archive clearance occurs. Information that’s not disposed of correctly can have huge repercussions for individuals if the data falls into the wrong hands. Such repercussions include financial loss, credit issues, benefit losses, legal problems and stress.
Under the Seventh Principle of the Data Protection Act, businesses are obliged to take appropriate measures against accidental loss, destruction or damage to personal data and against unauthorised or unlawful processing of the data. Failing to do so could result in large financial penalties being imposed by the Information Commissioner, huge reputational damage or even prison sentences for company directors.
In order to fully comply with the Data Protection Act, a data handler must have a written contract with a company capable of handling confidential waste. The company involved must provide a guarantee that all aspects of collection and destruction are carried out in a secure and compliant manner. To ensure this, suppliers should comply with European Standard BS EN 15713:2009 for security shredding as well as BS 7858 for staff vetting.
Don Robins, chairman of the BSIA’s Information Destruction Section, stated: “Businesses need to safeguard the individuals about whom they hold data. Documents must be shredded by a reputable data destruction company. The same caution must also be taken with computer or laptop hard-drives and any other items which could be used to identify or otherwise impersonate individuals.”
Financial fraud costing UK £2 million every day
Last year, the UK lost £2 million each day as a direct result of financial fraud. That’s according to official figures released by Financial Fraud Action UK (FFA UK). The statistics show that the overall scale of financial fraud was £768.8 million, representing an increase on the £755 million lost in 2015.
The FFA UK figures are published just as all major banks and key financial services providers across the UK come together for the first time for a national day of action to raise awareness of how everyone can protect themselves and their loved ones from financial fraud. The day, which is part of the Take Five campaign, will see dedicated activity up and down the country, including many branches opening five minutes early. Staff in more than 6,800 bank branches will talk directly to their customers and encourage them to take the time to talk to five others about the simple steps they can adopt to protect themselves from financial fraudsters.
Katy Worobec, director of FFA UK, said: “Tackling financial fraud is a priority for our members and a great deal of progress continues to be made. However, as these new figures highlight, this remains a significant problem with fraudsters using increasingly sophisticated methods to circumvent bank technology and target their victims.”
Worobec continued: “While the payments industry stops six in every ten pounds of attempted fraud, it cannot solve the problem alone. Collective action is needed with banks, the police service and customers all playing their part. I hope customers will take the opportunity to find out how they can help better protect themselves and their loved ones from falling victim to financial fraudsters.”
To mark ‘Take Five Day’ on Thursday 16 March, new research reveals that almost three quarters of people (74%) are worried about falling victim to financial fraud, while more than six-in-ten (68%) expressed the same concern about their families. Despite this, seven-in-ten (71%) admitted they had never discussed with anyone how to protect themselves against financial fraud, with more than half (55%) believing it was too complicated to talk about.
Tony Blake, senior fraud prevention officer at the Dedicated Card and Payment Crime Unit, commented: “There are simple steps that we can all take to protect ourselves and those around us when it comes to financial fraud, so it’s concerning that almost three quarters of individuals questioned admit they’ve never discussed the issue. On ‘Take Five Day’ we have encouraged everyone to share the message that it’s alright to ‘stop and think’ before sharing any personal or financial details. Taking that moment allows us all the opportunity to follow the simple advice which will better protect us from fraudsters.”
‘Take Five Day’ is part of the Take Five campaign, which aims to put consumers and businesses back in control with straightforward advice to help prevent financial fraud. It focuses on financial frauds directly targeting customers, such as e-mail deception (known as ‘phishing’) and phone and text-based scams (sometimes referred to as ‘vishing’ and ‘smishing’) and is purposefully designed to remind people that it pays to ‘stop and think’.