A game of deception

Hardly a week goes past without a mention of identity fraud in the media, and no wonder: attempts have hit record levels and are becoming more and more sophisticated.

And no one is safe. Among the most vulnerable targets are financial services companies, company directors (Companies House makes a lot of valuable data publicly accessible) and Londoners – out of 50 ‘very high risk’ areas identified by information service provider Experian, 20 are London postal districts and 34 are inside the M25.

Identity fraud is estimated to cost the UK a staggering £1.7bn a year – and even that is thought to be an underestimate. It’s big business for scammers, and your name, address and date of birth may be all it takes. Nigel Evans, the Conservative MP who chairs the All-Party Parliamentary Group on Identity Fraud, has said the true cost could be much greater and assumes that financial institutions are passing on the cost to consumers.

According to the not-for-profit fraud prevention service CIFAS, last year the number of attempted ID frauds rose to 80,377, up 22 per cent on 2005. Many were successful: the number of victims of impersonation, for example, was up by 20 per cent to a total of 67,406 in the same 12-month period (compare that to the 1998 figure of 16,810).

Identity fraud can start in all sorts of ways. For example, criminals targeting the Conservative MP Brian Binley transferred £9,000 from a Lloyds TSB savings account to his current account and were on the brink of withdrawing it when they were rumbled.

He believes his credit card was cloned at a petrol station and a Virgin mobile phone account was subsequently opened in his name. After local press reported that he was out of the country, he got back to find he had no post – it had been redirected to prevent him getting bank letters that would have alerted him to the fraud.

There are plenty of ways individuals can take steps to protect their identities. Along with common-sense actions such as shredding bank statements and bills, you could register with a protective registration scheme such as that offered by CIFAS: once you tell them that your documents have been stolen, they put a warning against your address for their members, who include more than 250 banks and financial services organisations. You can also check your credit rating with Callcredit, Equifax or Experian.

But in reality you can only do so much – all it takes is a dishonest worker to copy a card or documents. There is a big market waiting to reward them. Carla Fenton, Corporate Investigations Consultant at Control Risks, the security specialists behind Hiscox Security Services, says: “There is a network of people out there buying and selling information. They pay a lot
of money for fresh data on individuals.”

The tricks of the trade
It’s rumoured that the criminals include crooked security officials and drug cartels. From intercepting wireless networks – think of the credit card machine in a shop – to sophisticated psychology, their methods are evolving rapidly.

In January, Swedish bank Nordea was hit by a US$1.1 million sting that security firm McAfee called the biggest case of internet fraud yet. The fraudsters took advantage of the victims’ own concerns about security, sending out a realistic-looking email asking customers to download a ‘spam fighting’ programme that actually stole their banking login details.

Experts warn that companies face the double risk of having their own identities stolen as well as those of their customers. Carla recounts an example in which criminals successfully used a company’s identity to apply for a £60,000 tax refund. And in February, the FSA fined the Nationwide building society £980,000 after the theft of a single laptop that contained the details of nearly 11 million of their customers.

This case highlights the need for all financial services companies to keep their guard up – or face the consequences. “It is hugely significant for the insurance industry,” says leading technology lawyer Jonathan Armstrong of Eversheds. “There will undoubtedly be pressure to bring similar actions to protect consumers.”

Experts are warning that the latest trend is deliberate dishonesty by staff. In the US last year, the Veterans Administration had to announce that 26.5 million military veterans’ personal data was at risk after a staff member broke policy by saving the information on a laptop that was then burgled from his home.

In a chilling warning for the insurance industry, John Hinds, Policy and Projects Manager at CIFAS, says: “Staff fraud is now emerging as the single most significant fraud risk, both to the financial services industry and to businesses handling financial transactions.”

How can Hiscox help?
Hiscox can help protect your customers from identity fraud, both at home and at their business. All household policyholders have access to Hiscox Security Services, including a specialist team experienced in helping people deal with (or preferably avoid) all kinds of identity theft and credit card fraud. Our 506 and 606 policies also include identity fraud cover, which can help with solicitors’ fees and lost earnings because of time off work resolving the problem.

Did you know that a recent study backed by the FBI found that 90 per cent of companies surveyed had detected computer security breaches, at an average cost of £94,000 per incident? Businesses can protect themselves with Hiscox Internet and Email Insurance, available through the Professional Insurance Portfolio. It covers breaches of customer privacy, damage to the company’s network or website, fraud or transmission of a virus – all on a worldwide basis.

To learn more about either of these policies, speak to your Hiscox underwriter

< previous | next >