changing
face
THE
OF FRAUD
An extract from Perspective: The Fraud IssueEssential insights into the issues facing your industry today
EQUIFAX PAGE 2 of 2
The changing face of fraud
Perspective invited Richard Hurley, Communications Manager at CIFAS, to help shine a spotlight on the changing face of fraud.
Imagine the following: you walk into a large
high street retailer to purchase an item. In
order to take advantage of an extended
warranty, you provide certain details and
then enter your credit card and PIN in order
to complete the transaction. The shop
assistant, at that point, says that they do not
believe it is you making the purchase and
refuses to proceed any further.
Anybody would be, rightly, annoyed. Now,
imagine that a stranger walked into a store,
gave your details, used your credit card, and
walked out unchallenged.
Which is worse?
If someone did not believe who you were –
even though you had provided all the correct
details – would you not feel insulted? But,
should a stranger pass those same ‘checks’,
should we be surprised if an organisation
accepts that this stranger is you? Both
scenarios are undesirable, but both key into
the wider debate that must now take place in
relation to identity crimes and fraud.
In March 2013, CIFAS released the results of
an online poll¹, in which respondents revealed
that becoming a victim of identity fraud (that is,
being impersonated by a third party to obtain
products or services) was the most feared
type of fraud. Whether it is being impersonated
or having someone ‘hack into’ an account:
identity fraud and crime attacks our sense
of ‘self’. Terms like ‘violated’ are frequently
used by those who have been targeted by an
identity fraudster and – previously – one victim
told CIFAS that “at least, with a break in, you
can see how the robber got access. When I
was impersonated, I had no idea how they had
got my details”.
Fundamentally, as the scenario at the
start outlined, only a few details are used
currently to identify or verify an individual.
Typically, these involve addresses, date
of birth, mother’s maiden name and/or a
combination of passwords or PIN numbers.
And, in a world where we have so many
details to remember, it is not surprising
ultimately, if many people use as few sign
in details as possible, or have passwords
or PINs that are easy to recall. Add to that
the explosion in services available online and
social media, and what this means is that
the same information that has been used to
identify or verify an individual for many years,
is now very likely to be easily available online
to criminals: whether it is through hacking,
use of malicious software, fake websites or
trawling through social networks to see what
people unwittingly reveal.
Over the past decade, identity fraud has
gone from a crime that typically targeted
certain types of people (normally professional
males in their forties or fifties) to one where
people are targeted more indiscriminately,
for smaller sums. In 2012, identity crimes
(impersonation or the takeover of an existing
account) accounted for 66% of all frauds
identified by organisations that share data
through CIFAS. So, nowadays, it is highly
unusual for the modern fraudster to target
just one person for a £20,000 loan as they
did 10 years ago. Now, they will target 10
people for credit cards of £2,000 each. And,
in each case, it is the ease and availability of
data that helps the criminal.
In a world where complex algorithms are
used to spot online behaviour, and where
a continuing set of new gadgets, apps and
platforms transform our lives, have the older
rules about identifying who we are run their
course?
Of course, ease and convenience aid the
organisation and customer too: so, is it time to
ask ourselves whether we need to re-examine
– fundamentally – how we do business both
as organisations and as consumers? After all,
if you asked friends, family or colleagues what
details might ‘identify’ you as an individual, they
are far more likely to provide details relating
to your physical appearance, personality and
character than a date of birth and answer to
a simple question such as ‘where were you
born?’. Recent smartphone advances have
involved the use of a ‘fingerprint scanner’, while
in some countries, biometric scans such as
palm prints or scans of veins in fingers are used
to access bank accounts. If details like these
are a little too much for some, how do we (as
a society) feel about our banks or other service
providers knowing a little more about us? After
all, many of us – without realising it – receive
adverts when we are online which are tailored to
us: as our internet browsers and systems keep
a note of our online habits.
Organisations make use of advanced data
sharing techniques, rules and technologies
to prevent fraud, so is it time to start making
use of similar techniques in order to prevent
fraudulent transactions and applications?
Fundamentally, is the convenience that we
enjoy actually helping the fraudsters? If so,
what can we do to stop it?
For more information, contact Richard at [email protected].
¹ To see the full details of the poll, please visit: http://www.cifasorguk/fraud_fears_marchthirteen.
“Whether it is being
impersonated or having
someone ‘hack into’ an
account: identity fraud
and crime attacks our
sense of ‘self’.”
In a world where complex
algorithms are used to spot
online behaviour, and where
a continuing set of new
gadgets, apps and platforms
transform our lives, have the
older rules about identifying
who we are run their course?