changing

face

THE

OF FRAUD

An extract from Perspective: The Fraud IssueEssential insights into the issues facing your industry today

EQUIFAX PAGE 2 of 2

The changing face of fraud

Perspective invited Richard Hurley, Communications Manager at CIFAS, to help shine a spotlight on the changing face of fraud.

Imagine the following: you walk into a large

high street retailer to purchase an item. In

order to take advantage of an extended

warranty, you provide certain details and

then enter your credit card and PIN in order

to complete the transaction. The shop

assistant, at that point, says that they do not

believe it is you making the purchase and

refuses to proceed any further.

Anybody would be, rightly, annoyed. Now,

imagine that a stranger walked into a store,

gave your details, used your credit card, and

walked out unchallenged.

Which is worse?

If someone did not believe who you were –

even though you had provided all the correct

details – would you not feel insulted? But,

should a stranger pass those same ‘checks’,

should we be surprised if an organisation

accepts that this stranger is you? Both

scenarios are undesirable, but both key into

the wider debate that must now take place in

relation to identity crimes and fraud.

In March 2013, CIFAS released the results of

an online poll¹, in which respondents revealed

that becoming a victim of identity fraud (that is,

being impersonated by a third party to obtain

products or services) was the most feared

type of fraud. Whether it is being impersonated

or having someone ‘hack into’ an account:

identity fraud and crime attacks our sense

of ‘self’. Terms like ‘violated’ are frequently

used by those who have been targeted by an

identity fraudster and – previously – one victim

told CIFAS that “at least, with a break in, you

can see how the robber got access. When I

was impersonated, I had no idea how they had

got my details”.

Fundamentally, as the scenario at the

start outlined, only a few details are used

currently to identify or verify an individual.

Typically, these involve addresses, date

of birth, mother’s maiden name and/or a

combination of passwords or PIN numbers.

And, in a world where we have so many

details to remember, it is not surprising

ultimately, if many people use as few sign

in details as possible, or have passwords

or PINs that are easy to recall. Add to that

the explosion in services available online and

social media, and what this means is that

the same information that has been used to

identify or verify an individual for many years,

is now very likely to be easily available online

to criminals: whether it is through hacking,

use of malicious software, fake websites or

trawling through social networks to see what

people unwittingly reveal.

Over the past decade, identity fraud has

gone from a crime that typically targeted

certain types of people (normally professional

males in their forties or fifties) to one where

people are targeted more indiscriminately,

for smaller sums. In 2012, identity crimes

(impersonation or the takeover of an existing

account) accounted for 66% of all frauds

identified by organisations that share data

through CIFAS. So, nowadays, it is highly

unusual for the modern fraudster to target

just one person for a £20,000 loan as they

did 10 years ago. Now, they will target 10

people for credit cards of £2,000 each. And,

in each case, it is the ease and availability of

data that helps the criminal.

In a world where complex algorithms are

used to spot online behaviour, and where

a continuing set of new gadgets, apps and

platforms transform our lives, have the older

rules about identifying who we are run their

course?

Of course, ease and convenience aid the

organisation and customer too: so, is it time to

ask ourselves whether we need to re-examine

– fundamentally – how we do business both

as organisations and as consumers? After all,

if you asked friends, family or colleagues what

details might ‘identify’ you as an individual, they

are far more likely to provide details relating

to your physical appearance, personality and

character than a date of birth and answer to

a simple question such as ‘where were you

born?’. Recent smartphone advances have

involved the use of a ‘fingerprint scanner’, while

in some countries, biometric scans such as

palm prints or scans of veins in fingers are used

to access bank accounts. If details like these

are a little too much for some, how do we (as

a society) feel about our banks or other service

providers knowing a little more about us? After

all, many of us – without realising it – receive

adverts when we are online which are tailored to

us: as our internet browsers and systems keep

a note of our online habits.

Organisations make use of advanced data

sharing techniques, rules and technologies

to prevent fraud, so is it time to start making

use of similar techniques in order to prevent

fraudulent transactions and applications?

Fundamentally, is the convenience that we

enjoy actually helping the fraudsters? If so,

what can we do to stop it?

For more information, contact Richard at richard.hurley@cifas.org.uk.

¹ To see the full details of the poll, please visit: http://www.cifasorguk/fraud_fears_marchthirteen.

“Whether it is being

impersonated or having

someone ‘hack into’ an

account: identity fraud

and crime attacks our

sense of ‘self’.”

In a world where complex

algorithms are used to spot

online behaviour, and where

a continuing set of new

gadgets, apps and platforms

transform our lives, have the

older rules about identifying

who we are run their course?