This article has been prepared by Cifas, the not for profit member association with over 25 years’ experience in preventing financial crime and internal fraud. It highlights the fact that no-one is immune from identity fraud and offers advice on how to minimise the risk of becoming a victim.
Identity fraud is not a victimless crime. Its consequences can be life-changing.
But perceptions of identity fraud don’t always reflect the impact it can have. Many people don’t understand what it is, much less how to guard against it. And the threat isn’t just personal – organisations and businesses can be targeted by criminals looking for the information they need to commit identity crime.
What is identity fraud?
Identity fraud is when fraudsters use personal information to apply for products and services in a victim’s name – such as bank accounts, credit cards, loans and mobile phones – or create fictitious identities to achieve this. Cifas figures show that identity fraud is, and continues to be, the dominant fraud threat, accounting for just under half (47%) of all frauds recorded in the first quarter of 2015.
Cifas research shows that over 80% of fraud is committed online, and also that fraud is increasingly organised.
Who are the victims?
It’s a common myth that only older and well-off people are targeted but the reality is that anyone can be a victim. So while the average age of a victim of identity fraud is 46, it is young people aged 18-24 who are the fastest growing age group to be targeted by fraudsters. And older age groups (age 55+) are still vulnerable, with the number of victims continuing to rise. Scams are widespread, primarily to steal money from people but also to steal personal data. They target a range of lifestyle areas: from pensions and holidays to mortgages and online shopping.
Organisations and businesses are not immune. The information they hold on customers and clients is a target, no matter what the size of the business. External threats include cyber-attacks to access company systems, corporate identity fraud where the fraudster accesses products or services in the name of the company (often registering as a Director or impersonating a Director) and ‘phishing or vishing’, where staff are tricked into downloading malware or handing over sensitive information through scam emails and phone calls.
Internally, threats can include organised gangs infiltrating organisations to steal data or process fraudulent applications; corrupting or threatening staff to take part in these criminal activities; and the theft or loss of consumer data or bank data by employees.
How to tackle the threat?
Because anyone can be a victim, the need for education on identity fraud and how to prevent it is increasingly apparent. Below are some steps that can be taken to minimise the risk.
For individuals:
- Regularly check bank statements and credit files
- Redirect your post when moving
- Protect your phone and laptop with anti-virus software and take care on public Wi-Fi hotspots
- Make sure your passwords aren’t easy to guess: three random words are recommended
- Beware what you share on social media – information you post can be used to steal your identity
- Consider Cifas Protective Registration if your identity is at risk – for example, if you have had sensitive documents stolen
For organisations:
- Make sure you vet job applicants and new employees thoroughly and independently
- Ensure you have a clear and effective whistleblowing policy in place in your organisation
- Educate your workforce on common scams that fraudsters may use to extract sensitive information, such as downloading malware through email links
- Review the robustness of your security systems, both physical and digital. Never believe you are too small to be a target, or too big to be targeted.
For more information on Cifas Membership and how our products and services help protect organisations from fraud, contact newmembers@cifas.org.uk
For more information on how individuals can protect themselves against identity fraud, visit www.cifas.org.uk/stayunique