Identity fraud

Identity fraud – a growth industry

November 2007

Identity fraud is a crime that many of us have heard of but one that few of us appear to guard against.

In fact, a quarter of us have either had our identity stolen or know of someone who has, according to research published by consumer magazine Which?

Yet, despite this, we still appear to adopt a worryingly lax attitude towards protecting our personal information. A further Which? survey of 1,600 current account and credit card holders revealed the following alarming statistics:

• 11 per cent of respondents said they would give their security details to a caller
• 12 per cent let others use their card
• 17 per cent had written down their PIN or password
• 19 per cent didn’t check their statements
• 21 per cent said they would give their account number to a caller
• 23 per cent used the same PIN for different accounts

When it comes to the internet it would seem that we are equally care-free. Recent research by Sophos, the IT security firm, found that more than two in five users of the social networking website Facebook were willing to divulge personal information – such as their email address, date of birth and phone number – to a complete stranger, greatly increasing their susceptibility to identity fraud.

Many of those visiting social networking websites fall into the younger age groups. Yet in a recent survey for the Information Commissioner’s Office more than six in ten 16 to 25-year-olds said they didn’t bother destroying personal documents before throwing them away, while four in ten failed to check their bank statements for unusual transactions.

Set all this against the fact that there were 80,000 recorded cases of identity fraud last year according to CIFAS, the UK’s fraud prevention service – an increase from 66,000 cases in 2005 and 9,000 in 1999. Not only that but identity fraud is estimated by the Home Office to cost the UK economy £1.7 billion annually and is now recognised as one of this country’s fastest growing crimes. The time when we could adopt a relaxed attitude in managing our personal information is now well and truly over.

ID fraud in all its guises

Identity fraud takes many forms but amongst the most common are the following:

Phishing – where fraudsters send emails that purport to come from a genuine bank in an attempt to trick customers of that bank into revealing their account security details

Skimming – an example of this might be a member of staff in a restaurant secretly making copies of credit cards when customers pay for their meals. The details are then often sold on to a criminal gang

Postal fraud – this could be fraudsters either redirecting a victim’s mail by completing a change-of-address form or stealing post that may include bank and credit card statements, cheques or tax information

Shoulder surfing – where a thief looks over the shoulder of an unsuspecting victim entering their PIN at a cash machine, or eavesdrops as a credit card number is read out during a phone call

Bin-raiding – as its name suggests, a fraudster will rifle through the contents of rubbish bins in the hope of finding personal information

Impersonating the dead – arguably the most pernicious of all ID fraud crimes. This is where fraudsters adopt the identity of someone who has died in order to commit a crime.

Worrying trends

Of particular concern is the rise in both phishing incidents and a particular type of postal fraud known as ‘current address fraud’.

Current address fraud involves a victim who lives at the same address as that given on the fraudulent application. According to CIFAS, current address identity fraud represented 35 per cent of all identity fraud cases in the first half of this year, up from 25 per cent in the same period in 2006. Often the fraudster will live in the same building and may have stolen the victim’s post from a communal mailbox. The crime can also occur where the victim’s mail has been fraudulently redirected or where someone has failed to shred their personal documents and these have subsequently been taken from their bin.

Peter Hurst, chief executive at CIFAS, explains: “The surge in current address fraud is particularly worrying because, in order to perpetrate it, the fraudster effectively needs a very thorough knowledge of the victim’s personal details. This indicates that fraudsters are becoming more sophisticated and are managing to access more data about their victims. This underlines the need for all of us to protect our personal details as carefully as possible, and not to take any chances.”

Just as worrying as the rise in current address fraud has been the dramatic increase in the number of so-called phishing incidents. Typically fraudsters set up a fake version of a genuine bank’s website and then send out thousands of spam emails in the hope of fooling people into divulging their online banking security information – such as their user name, PIN number and password.

Figures published by APACS, the trade body for the UK payments industry, show that online banking fraud losses increased from £23.2 million in 2005 to £33.5 million in 2006, an increase of 44 per cent year-on-year. This in turn was driven by an explosion in phishing incidents, which went up from 1,713 in 2005 to 14,156 last year.

Raising awareness

So what can be done to alleviate the impact of ID fraud, particularly in view of the general public’s apparent lack of concern?

The answer lies not in a single solution but rather in a range of measures, beginning with educating people on the dangers of identity fraud, the speed at which it has grown and the various forms it takes.

National Fraud Prevention Week, held last month, is an important initiative and one that has already started to raise people’s awareness of the danger of identity fraud and the steps they can take to reduce the chances of it happening to them. The more the public know about this crime, the better.

The insurance industry also has an important role to play, particularly in designing carefully thought-out products that can help victims of identity fraud to get back on their feet as fast as possible. The onus is on us as an industry to build products that will ensure the victims of this crime receive the practical support they need to re-establish their identity and credit-worthiness. We also need to ensure that our policies are worded in such a way that customers can be sure of the exact nature and level of that support.

One area in which providing cover can be seen to be of particular importance is that of ‘deceased fraud’. Each year a great many families discover that the personal details of a close relative have been stolen after their death, causing real emotional upset. It is difficult to imagine what it must feel like to know that a fraudster has stolen the identification of a recently departed loved one.

A role for the property industry?

Of course it is not just the insurance industry that has a role to play. Any business that has members of the public as customers is in a position to contribute.

The property industry in particular is in an ideal position to help clients understand more about the risks they face from identity fraud and the solutions that are available. To begin with it is always worth reminding clients who are moving home of the importance of notifying their bank and other relevant suppliers of their change of address and also redirecting their mail for a period of at least six months.

The growth in current address fraud highlighted above is particularly relevant for those moving into property that includes a communal area and the many buyers this applies to would surely welcome the opportunity to consider whether they wish to protect themselves against this invasive crime.

Finally there is a natural synergy between insurance products, so if a customer sees the benefit of arranging mortgage payment protection then it is likely that they will also be receptive to a product that helps them to guard against having their identity stolen.

Whatever your business it is a great opportunity to provide your customers with extra security and protection. And of course that in itself provides the further opportunity to generate an important, additional stream of revenue.

The human cost

The consequences of identity fraud reach far beyond the money that has actually been stolen. Often people do not realise they have become a victim until, for example, they receive a bill for goods they haven’t bought – or suddenly find out they can’t withdraw money from their account because their bank believes they have exceeded their credit limit. And that is usually only the start of their troubles.

It can sometimes take weeks for a victim of identity fraud to re-establish their credit status and personal reputation. In the meantime they may well have to suffer the indignity and inconvenience of being unable to live their life in a way that most of us take for granted – for instance being able to shop online, or take out a loan to buy a car. On top of this there are all the ancillary costs that go with trying to re-establish an identity, such as:

• Replacing a passport and/or driving licence
• Loan reapplication costs
• Phone calls, postage and travel costs
• Lost wages through having to take time off work

In the worst cases, victims may have to hire a lawyer to defend themselves against criminal charges or to remove a civil judgement that may have been wrongly entered against them.

It is clear that identity fraud poses a growing threat to the public. As stated earlier, education is an important weapon in tackling this crime but it is by no means the only solution. It is also vital that we as businesses join forces to provide people with the opportunity to take concrete steps to protect themselves.

Here are a few simple steps we can all take to help protect ourselves against identity fraud:

• Keep confidential documents secure
• Shred documents containing personal details before disposing of them
• Do not use your mother’s maiden name or place of birth as a security password (these can be easily obtained from public records)
• Never use the same password for all your accounts
• Do not carry address details in your wallet
• Regularly check bank and credit card accounts for unusual transactions
• If you receive a telephone call from a credit card company, bank or other retail company asking to confirm certain details about yourself, decline and then ask to call them back, preferably through a central switchboard
• If you move house, make sure you let your bank know and redirect your mail
• Check your credit record regularly.

Caitlin Gomes is product development manager at Allianz Schemes