There is no escaping the news that identity theft and ultimately identity fraud are on the rise in the UK. According to the fraud prevention service CIFAS, its members recorded the highest number of identity frauds in 2016 than ever before, with almost 173,000 recorded. This is up from 2015, which itself was a record year. Furthermore recent figures from CIFAS for the first six months of 2017 show this has not let up with a record 89,000 cases reported.¹
Rupert Jones, in a recent article in The Guardian, said; “Identity theft has reached epidemic levels in the UK, with incidents of this type of fraud running at almost 500 a day”.²
What is driving this?
A combination of more data available online via social media sites such as Facebook and LinkedIn, coupled with the increasing level of data breaches and hacks. Recent examples include Yahoo, Equifax, and Uber.
Once the data has been obtained by criminals, according to CIFAS the crimes take place almost exclusively online (88% of identity frauds being internet-enabled). The vast amount of personal data available on the internet, and as a result of data breaches, “is only making it easier for the fraudster”.³
The availability of so much data gives fraudsters a clear advantage, as they can apply for bank accounts, credit cards, loans and other goods and services in volume, at speed, while remaining anonymous; enabling identity fraud to be carried out in an organised and industrialised manner.
Who are the targets?
Fraudsters don’t discriminate when looking for a target. However, the amount of data available to fraudsters will help to dictate this. The graph below shows people on their 30’s and 40’s are most at risk, driven by the amount of data available online. What is also interesting is there has been an increase in numbers of 21-30 years olds falling victim and a decrease in the 60+ age range.
According to research undertaken by the Centre for Counter Fraud Studies at University of Portsmouth and Privilege Home Insurance in February 2017, identity fraud has topped the list of the worst type of fraud in the UK. This was based on; the percentage of people subject to an attack, the average value of losses, the number of cases, and the number of times the fraud has been talked about online.
What does the future hold?
In less than six months, on 25th May 2018 Europe’s data protection rules will undergo their biggest changes in two decades. Put simply, companies covered by the General Data Protection Regulation (GDPR) will be more accountable for their handling of people’s personal information. This can include having data protection policies, data protection impact assessments and having relevant documents on how data is processed. Also with regards to data breaches under GDPR, the “destruction, loss, alteration, unauthorised disclosure of, or access to” people’s data has to be reported to a country’s data protection regulator – in the case of the UK, the ICO – where it could have a detrimental impact on those who it is about. This can include, but isn’t limited to, financial loss, confidentiality breaches, damage to reputation and more.
The ICO has to be told about a breach 72 hours after an organisation finds out about it and the people it impacts also need to be told. The highest fine states up to €20m Euros or 4% of total worldwide turnover. Will this help to reduce the number of breaches currently experienced, or will it just increase awareness of what is already a huge problem?
According to Simon Dukes from CIFAS: “We’ve seen huge increases in identity fraud attempts in recent years, with the vast majority committed online. More and more of us are living our lives digitally and the sheer volume of data available on the dark web from data leaks and hacks means we are expecting this trend to continue.”4
What can businesses do to protect themselves?
Businesses have the added complexity of not only managing fraud and identity theft risks but also in doing this in a way that provides a quick and seamless service to their customer base. According to TransUnion’s (formerly Callcredit) Fraud Report 2017 professionals are looking to implement more intelligent identity verification solutions in the coming years; including but not limited to:
- Device checks
- Artificial Intelligence and Machine Learning
- Biometrics including voice recognition and facial recognition
- Validating more data attributes including email addresses and telephone numbers
As well as the more traditional methods:
- Electronic identity verification
- Document verification
- Bank and card checks
It is true there is no silver bullet where fraud prevention in concerned, however a layered approach to fraud controls that utilise a range of data attributes is generally a sound approach.