- Security TWENTY
- Women in Security
Identity fraud has hit the highest levels ever recorded, according to Cifas, a UK fraud prevention trade body. A record 172,919 identity frauds were recorded in 2016; more than in any other previous year. Identity fraud now represents over half of all fraud recorded by the UK’s 277-member not-for-profit fraud data sharing body (53.3pc of all frauds recorded to Cifas). Of that, 88pc was done online.
Cifas says that the vast majority of identity fraud happens when a fraudster pretends to be an innocent individual to buy a product or take out a loan in their name. Often victims do not even realise that they have been targeted until a bill arrives for something they did not buy or they experience problems with their credit rating. To carry out this kind of fraud, fraudsters need access to their victim’s personal information such as name, date of birth, address, their bank and who they hold accounts with. Fraudsters get hold of this in a variety of ways; stealing mail; hacking; obtaining data on the ‘dark web’; exploiting personal information on social media; or though ‘social engineering’ where innocent parties are persuaded to give up personal information to someone pretending to be from their bank, the police or a trusted retailer.
Cifas reports growing numbers of young people falling victim in recent years, and this upward trend continued in 2016 with almost 25,000 victims under the age of 30. In particular Cifas saw a 34 per cent increase in under 21s, and therefore Cifas is again calling for better education around fraud and financial crime and urging young people to be vigilant about protecting their personal data.
The year 2016 also saw increases in victims aged over 40, with 1,869 more victims recorded by Cifas members. Quarterly stats are also available through an interactive regional map on the CIfas website; figures are updated every quarter. Visit www.cifas.org.uk/fraud_statistics.
Mike Haley, Deputy Chief Executive, Cifas said: “These new figures show that identity fraud continues to be the number one fraud threat. With nine out of ten identity frauds committed online and with all age groups at risk, we are urging everyone to make it more difficult for fraudsters to abuse their identity. There are three simple steps that anyone can take to protect themselves: use strong passwords, download software updates when prompted on your devices; and avoid using public wi-fi for banking and online shopping.
“We all remember to protect our possessions through locking our house or flat or car but we don’t take the same care to protect our most important asset – our identities. We all need to take responsibility to secure our mail boxes, shred our important documents like bank statements and utility bills, and take sensible precautions online – otherwise we are making ourselves a target for the identity fraudster.”
John Marsden, Head of Identity and Fraud at data checking company Equifax says: “Serious steps need to be taken by financial services companies to strengthen the security systems they have in place and the way they verify identities, especially for online applications. Companies need to consider investment in biometric processes to validate identities, and implement multi-layer approaches to challenge fraudsters’ attempts to compromise systems. Consumers are embracing biometrics in their everyday lives, for example using them to access their smartphones and in their passports, and financial services companies can maximise this technology to protect their customers and their businesses.
“There is a worrying knowledge gap in terms of how consumers determine safe places to share personal information. People are not aware of the value and opportunity their most basic personal details offer to fraudsters. Just a name, address and date of birth can be enough information for a criminal to steal an identity and financially exploit it, for example, by applying for a loan or credit card. With the increasing inclusion of personal information on social media, fraudsters are able to access an expanding pool of data which they can easily abuse. Individuals must take care to protect their details, and the financial industry must continue to work together to educate its customers to support this.”
Barry Scott, CTO EMEA at identity and IT access management product company Centrify, said: “Sadly the headlines confirm once again what we already know – that identity fraud is on the rise. It has now reached record levels according to Cifas and reported by the BBC today. What might be more surprising to some is the rise among young people, with the number of under 21s defrauded rising by more than a third. All age groups are at risk, but it’s clear that a generation born into mobile phones and social media are much more likely to share information, often highly confidential personal details, on social media sites and messaging apps.
“In an online shopping poll last year looking at people’s habits and attitudes towards security, we found that ‘password hygiene’ was a huge problem when shopping online. One in seven individuals admitted that they share passwords with friends and family so they can log in to their accounts, and 12 per cent said they would accept discounts and special offers from retailers in exchange for their passwords. We need to get away from this mentality of sharing everything with everyone. Habits formed in our personal lives are often taken into the workplace – and password sharing in the workplace is a serious problem. Human error will always be the weakest link in the security chain, but as Radio 4 Today suggested, perhaps we should consider online fraud classes in schools to help embed a sense of personal protection in children and make them more aware of the dangers of identity theft.”
Nick Brown, group managing director of identity data intelligence company GBG, said: “With levels of identity fraud at an all-time high, it’s now got to the point that you have to assume your identity will be compromised, at some time. The sad fact is that the internet and e-commerce has only made fraud easier. Individual’s identity details, such as their name, address and date of birth are so much more accessible online than in paper records and the benefits of e-commerce such as speed, cost, accessibility of goods and services globally mean that it’s difficult to avoid the need for an online identity. While this identity information may seem of little value on the surface, fraudsters can use this data – your identity – to set up other accounts to do with as they please. In the first instance, fraudsters use the actual identity of an individual and thereafter, they will create synthetic identities compiled from elements of the data stolen from an individual. And the consequences can be disastrous.
“So as those with malicious intent hone their skills to increasingly take advantage of the innocent, businesses and individuals need to consider how they can stay one step ahead. For the individual it’s about being more vigilant with data; making sure you know where your name, address, phone number or date of birth are stored online, and keeping track of where you put in your bank details. For businesses, it’s about using data more intelligently at a time when identity fraud is rife. The more transparent we can be with data, the more it can be used to gather insights and intelligence that will stop the bad guys in their tracks. Furthermore, by using more data, analytical insights and triangulation of multiple identity proofing techniques, the implications of identity theft can be minimised for both the individual and the businesses who are serving them.”
Robin Tombs, CEO at digital identity product company Yoti said: “Identity theft has become a massive problem, and today’s announcement from Cifas shows just how serious this threat is. Consumers’ desire for convenience often trumps security concerns, allowing fraudsters to access other people’s personal information and make hay. In today’s digital world, individuals need both convenience AND security.
“The key challenge all websites and identity providers are striving to solve is the easy and secure login challenge. Giving people a convenient yet secure way to access their online accounts and protect their personal information will help overcome the threat of identity fraud. I believe privacy by design and biometric authentication will play a key role in addressing this conundrum. Unless such measures are put in place, the number of cases of identity theft will continue to rise.”
And Lisa Baergen, director at NuData Security, said: “We hear about data breaches all the time, but rarely hear about what happens to the stolen data after the initial theft. We may not think much of losing one username and password combo or having to cancel a credit card, but when seemingly innocuous data is stolen, it doesn’t just disappear. Stolen data is collected and combined into a vast set of consumer data, which is extremely useful to today’s fraudsters to thwart existing online security and identify verification systems used so often by online organizations. With 86% of all identity fraud happening online, organisations should deploy the best layers of security available; while not getting in the way of good customers. With so much rich consumer data available to anyone with money to spend, the challenge of securing good consumer access is becoming more difficult by the day.
“Since 2013, 5,911,431,891 records have been involved in data breaches and leaks according to the Breach Level Index, who estimate that everyday 3,853,606 records are lost or stolen. These records often include incredibly personal data such as a person’s social security number, name, address, phone number, date of birth, credit card number, email address, the name of local bank branch and so on. Data thieves sell this information to aggregators, who cross-reference and compile full identities – called “fullz” on the black market. This increases the value and usefulness of the stolen data, which may have been gathered from multiple data breaches.
“With this level of information, fraudsters can create new bank accounts or take out loans under an actual person’s name. They can even access a consumer’s legitimate accounts, impersonating the real consumer. When these actions take place, they cannot be traced back to the fraudster and can cause serious and lasting harm to the fraud victim, for years down the road.
“When it comes to social media, consumers need to be careful what is posted on social network profiles. If you provide personal information, like your phone number, birthday, or where you went to school, they can take this private information and use it to steal your identity because banks and other agencies use precisely this information to verify that you are you. By looking at your photos or videos, they can also figure out where you live and work. They can find your spouse’s name and who you socialize with – even the name of your pet that you may use as an answer to stronger security questions – even your mother’s maiden name, a favorite data point used by creditors and financial institutions to verify your identity.”