A poll on the website of CIFAS – the UK fraud prevention trade body has found a less than clear picture regarding people’s appetite for organisations to use more of their personal data to prevent fraud.
When asked ‘would you be happy for organisations to know more about you (ie, use your social media profile) in order to help protect you from fraud?’ respondents were given a choice of three possible answers. From over 200 individual responses, the results demonstrated a preference, but one that is far less pronounced than many might expect. Some 47 per cent said yes, 38pc no, and the rest (15 per cent) don’t knows.
Over the past three years the majority of fraud done in the UK has been identity crimes: frauds facilitated by the criminal use of identity data to impersonate a victim or hijack their existing accounts. In light of this, many commentators have expressed reservations about using more data to verify applications, claims or transactions, and the results of this poll appear to demonstrate this.
While poll respondents were limited in number, CIFAS says that its research shows the majority of visitors to its website are those who are either interested in, or have fallen victim to identity fraud. The prospect of more data being collected, and lost due to data breaches, is evidently one that concerns many people. CIFAS Communications Manager Richard Hurley says: “The prospect of organisations needing even more data about us is not something people would readily embrace. What this signals, rather, is that there is more of a need for information that is collected to be relevant. In this case, therefore, it would seem obvious that organisations need – more readily – to collect and collate data that relates solely to those responsible for frauds rather than all and sundry.”
While more respondents stated that they would not be happy for organisations to have access to more data about individuals, to prevent fraud, the fact that they did not vastly outnumber those who would be happy is very surprising.
Richard Hurley, however, says: “Clearly, there are real concerns about organisations having too much access to information. However, there are almost as many individuals who would be happy to have organisations make use of information from sources such as social media in order to protect them from fraud; meaning that the argument is far less clear cut than some social commentators or those in law enforcement, fraud prevention and academia might realise. In an age where internet browsers or devices frequently tailor content such as adverts to be displayed to individuals based on their previous online behaviour, it seems that many individuals recognise how such information might help them as individuals, and might play a part in ensuring that their service providers spot unusual, suspicious and fraudulent transactions or applications.”
“While access to data and information, or its use, should never be indiscriminate, if it can be used intelligently, proportionately and for a specific purpose (such as preventing fraud), it seems that there may be some appetite for this to be considered.”
Richard Hurley adds: “The online revolution has not only revolutionised how we do business, but also called into question our notions of ‘identity’. This ranges from the information required to log into an account, through to the wider philosophical notions as seen by the BBC’s recent Who Do We Think We Are? survey. In this wider context, however, we need to recognise that the ways and means of identifying and verifying ourselves still fundamentally rely on a pre-internet model of passport, name, address and security question. This begs the question: do we need to consider changing the ways in which we identify and verify ourselves? The fact that the results to this poll – while only a snapshot – demonstrate anything but a clear cut answer only serves to make this question one that has to be asked. Whether it is though making greater use of the widest possible range of social and personal information about us, through to use of solutions such as biometrics and device recognition, the question of who we are and how we demonstrate this to organisations – to keep ourselves secure – is one that is likely to be a focus over the coming years.”
Visit: www.cifas.org.uk/do-organisations-need-more-data
