Ask anyone outside of the risk community which sort of companies fraudsters are most likely to target and they will invariably tell you banking or other financial providers. However, this would be an oversimplification of a growing problem and ignores the increasing burden being placed on utility companies as fraudsters become ever more sophisticated.
A ballooning problem
Fraud prevention is often likened to a balloon – squeeze one part and a weakness will begin to bulge elsewhere. The latest CIFAS figures highlight this problem well: while there’s been a fall in identity fraud for bank accounts, there’s been an increase in fraud against online retail accounts. This balloon effect is also true for utility companies, where efforts amongst financial services companies to reduce things like ID and account takeover fraud have led to a rise in synthetic identity fraud across various sectors.
Synthetic fraud, where a fraudster creates a fake identity to steal goods, has found a new home in utilities. The sector is now fast becoming the new battleground for fraud protection, as they become the main point of entry for more widespread fraudulent activity. This is largely because a utility bill is still the staple of many financial service providers’ wider on-boarding processes. Here, the synthetic ID created at the point of application for a utility provider often isn’t primarily to defraud the gas, water or electricity company concerned, but rather as the stepping stone to a more substantial and costly fraud with another provider.
It can be very easy for fraudsters to access information such as a person’s name, address, or date of birth online. In the first instance, fraudsters may often still use the actual identity of an individual and after that, they will create synthetic identities compiled from elements of the data they initially stole.
Synthetic ID fraud isn’t new. Fraudsters have been using fake identities to steal goods, services or funds by inventing false identities that aren’t connected to real living people for quite some time now. The difference now is that this has been accelerated significantly in the digital age.
Utility providers by their very nature can’t refuse a service and are obliged to supply. In essence, they provide a line of credit (in the form of an advanced service that is paid for in arrears) but do it with limited checking. They don’t always access ID and verification (ID&V) and data sharing in the same way more developed financial services organisations do.
Once an initial synthetic ID has been established, it can become almost impossible to trace the real perpetrator, as the name and details are all fake, making it difficult to find the real person behind the fraud. These fraudsters then abscond without paying, and can often go on to commit the same crime again at a different address.
But all is not lost. While the transient nature of the market makes utility companies an increasingly desirable target for synthetic fraud, the industry isn’t completely powerless in its fightback. ID isn’t limited to just name, address, date of birth and so on, it can also be linked to how consumers (and thus fraudsters) transact in a digital world.
So when it comes to fighting back, taking a layered approach to ID&V is key. Core customer details are still valid but they need to be linked to other digital and device attributes, such as an email address they have had for a number of years that’s also linked to other accounts and bills, or a mobile phone and number that they keep across home moves and products. A device and digital identity are often harder to fake than the synthetic ID that fraudsters try to sit behind. Their association with true identities over a period of time is a key tool in fraud prevention.
Finding a trusted partner that has the ability to provide insight and information in this space is paramount. Prevention is better than finding a cure and fraud in the utilities sector can no longer be simply surmised as no intent to pay. Forward-thinking Utility companies are already benefiting from deploying these new capabilities (e.g. reduced fraud, reduction of accounts in arrears, and increased efficiency/more effective use of adviser time) and this number is set to increase as these solutions are more widely adopted across the sector. It is inevitable that fraudsters will start to target the provider with the weakest defences. It’s therefore in the collective interest of the industry to adopt a more advanced approach, rather than just working in isolation.
Fraud prevention can often be seen as an operational cost rather than a revenue-generating business line, but it is immensely important. If you are failing to fight synthetic ID fraud while other providers and industries are, then your own burden will only increase and the balloon effect will continue. The lifecycle cost of ID fraud in the utility sector might be hard to quantify, but it can’t and mustn’t be ignored.