Cyber fraud rise reveals need for education

Cifas, has released a new report detailing the fraud trends from over 325,000 fraud cases recorded in 2016. The data, from 387 organisations, including many major UK brands, is one of the most comprehensive pictures of fraud and fraudulent attempts made in the UK.

Key findings from the Cifas’ annual report Fraudscape include:

• Over 325,000 (325,092) internal and external fraud cases were recorded in total, up from 321,092 (1% increase) in the previous year
• Organisations successfully prevented £1.03 billion in fraud losses through non-competitive data sharing
• Identity crimes (identity fraud and facility takeover) remain the biggest threat, representing 60% of all fraud recorded
• Facility takeovers increased by 45% from 15,497 to 22,525
• Over 50% of the facility takeovers recorded were enabled over the phone, typically to call centre staff
• 88% of identity frauds were committed online, compared to 30% of facility takeovers occurring online

A facility takeover happens when a fraudster poses as a genuine customer, gains control of an existing account and uses it for their own ends – such as making transactions or ordering new products or product upgrades. Any account can be taken over by fraudsters, including bank, credit card, telephone, email and other services.

The increase in facility takeover, particularly those committed over the phone, is a sign that, as security for customer accounts has increased, criminals target individuals instead and trick them into revealing personal details. For this fraud to be successful over the telephone, fraudsters must have obtained enough of their victim’s personal and security information (for example date of birth, address, details of bank or other accounts and sometimes passwords) to convince the person on the other end of the phone that they are actually the genuine person they are impersonating.

Fraudsters will collate personal data and identify targets in a variety of ways, such as data breaches, social media footprints and other open source information. In order to get hold of the level of detailed information needed to conduct a successful takeover, fraudsters will often then contact their victims directly and manipulate them into revealing yet further personal details. Once they have enough personal data, fraudsters go on to call the bank, phone retailer, or service provider armed with enough information to convince call centre staff that they are their genuine customer.

Cifas Chief Executive, Simon Dukes said “Working together, organisations prevented £1 billion worth of fraud last year, but we know that as one method gets harder, fraudsters change tactic rather than stop. We are now seeing that the advances made in securing online access to customer accounts have led to fraudsters targeting the human being at the end of the phone.

“Using old-fashioned but highly-effective con artistry, they are tricking individuals into giving away their personal details and deceiving call centre staff into making transactions on their victims’ accounts. The proliferation of personal data that is available either online or through data breaches only makes this easier.

“When people are targeted, education is key and we urge the next government to do more to ensure that individuals know how to avoid these tricks and can recognise the signs of a scam. Organisations, too, must focus on education for call centre staff and ensure they make the most out of new fraud prevention technology.”

Anyone can be a victim of fraud and with a General Election only four weeks away Cifas is asking that the next Government makes tackling fraud a priority by adopting three key measures:

• Fraud education should be in the national curriculum. Cifas wants to see every child from Key Stage 3 onwards receive consistent education on how to protect their identities online and protect themselves from fraud. Our data shows that young people are increasingly at risk from identity fraud.
• Tackling fraud should be a strategic priority for UK policing. The latest Office of National Statistics crime figures showed that almost half of all crime is fraud, and Cifas figures show that 66% of frauds recorded by our members is cyber enabled. We want to see the next Government earmark funding and give a clear policy steer to law enforcement that tackling this high volume crime needs to be a priority.
• Conduct a comprehensive review of the sentencing guidelines for fraud. Currently the maximum sentence for fraud is seven years. Compared to other offences where theft of money takes place, fraud has much lower sentences.

Table 1 – Year on year breakdown of identity crimes (identity fraud and facility takeover fraud)

2008	2009	2010	2011	2012	2013	2014	2015	2016
96,917	124,714	123,898	138,329	162,017	138,903	132,616	185,089	195,444

Table 2 – Regional breakdown of 2016 recorded fraud

Region	Total Frauds	Total identity crime (identity fraud and facility takeover)	% Identity Crime for Region
East	31,611	20,790	66%
East Midlands	19,599	10,959	56%
London	106,475	68,246	64%
North East	10,045	4,444	44%
North West	37,001	20,497	55%
Scotland	17,055	6,855	40%
South East	38,858	26,534	68%
South West	13,566	7,653	56%
Wales	8,987	4,206	47%
West Midlands	27,472	13,920	51%
Yorkshire and the Humber	23,275	13,119	56%

Commenting on CIFAS analysis John Marsden, Head of Identity and Fraud at Equifax said “The latest CIFAS figures show over 325,000 fraud cases last year, and that 60% of these related to identity theft. This type of fraud is reaching an industrial scale; as criminals’ tactics grow more sophisticated there’s an increasing danger of personal details falling into the wrong hands.

“Fighting identity fraud must remain a top priority for businesses – they must ensure the systems they have in place to deflect fraudsters are up to scratch. This isn’t a tick box exercise, systems need to be regularly reviewed and improved to protect against new types of attack. At the same time businesses need to manage customer demands for fast authentication checks and quick application processes.

“The fight against fraud mustn’t prevent good customers from getting fast and efficient service. If their expectations aren’t met they will take their money elsewhere, a business risk in itself. Balancing speed of service and security is key.

“It’s crucial businesses do all they can to build, enhance and continuously develop their defences. Fraudsters are always on the move, on the hunt for their next trick, expanding their target pool and focusing on the identities of younger generations as well as older folk. Information from young people grows in value as earnings rise and people take on more financial products. Accumulating these details now is an investment in the fraud of tomorrow. Action has to be taken by businesses and end consumers to protect personal information at all ages; today’s complacency is tomorrow’s nightmare.”