The changing faces of fraud

Do you have a Facebook profile? Do you publish personal details in blogs and on social networking sites? Do you know that you may be at risk, as identity fraudsters are trawling through these sites looking for personal information to use to commit identity fraud?

The Home Office published in 2006 an estimate of £1.7 billion as the cost of identity fraud to the UK economy, and CIFAS – the UK’s fraud prevention service – has advised that at least 120,000 people in the UK are impacted by identity fraud.

Identity fraud involves the use of an individual’s or company’s identity information to open bank accounts or obtain mortgages, credit, loans, goods or services. There are a number of ways in which the fraudster can achieve this. For example a fraudster may open bank accounts or apply for credit cards in the name of another person using personal and financial information and old utility bills belonging to the victim. Alternatively, a fraudster may attempt “account takeover” by contacting the individual’s bank and informing them of an address change. The victim will not be aware that their identity has been stolen until perhaps they make an application for a bank loan and discover that they have low credit card rating.

Crunch time for fraudsters

The internet is an ever expanding area of activity for identity fraudsters as they seek to develop new methods of obtaining personal information. The activities of fraudsters are changing due to the effects of the credit crunch, in particular in the arena of identity fraud, as one unexpected consequence of the availability of credit. It has become a great deal more difficult for an identity fraudster to apply for cards and loans in an individual’s name and accordingly they are now targeting existing accounts.

The All-Party Parliamentary

Group on ID cards identified this trend and recently stated: “There is no longer a guarantee that they will get credit by applying assuming another person’s identity, so they are instead tapping into accounts which already exist.”

Chairman Nigel Evans MP, elaborating on this theme, said: “Identity fraudsters are beginning to focus their attention on existing accounts, where previously the focus had been on using fake identities to set up new accounts and take out loans.” This, he said, “appears to be a consequence of the credit crunch as many financial institutions begin to take a firmer line on loans/mortgages and overdrafts, forcing criminals to focus on individual accounts which offer a guaranteed financial resource.”

Scotland Yard’s assistant commissioner in charge of crime operations said recently: “It is comparatively easy to assume the identity of another person and live in the UK without fear of exposure”. He indicated that identity theft was an integral part of 30-40% of all white collar crime.

Who’s looking for you?

Social networking sites such as Facebook and Bebo, chatrooms and blog sites have revolutionised the internet. Recent media reports have speculated that over 10,000 people join Facebook every day, opening several new routes for identity fraudsters to access personal information – fertile ground indeed as these sites have the potential to enable fraudsters to build databases of personal information using date of birth and other sensitive information. Many people will be unaware that placing information on these sites poses a significant security risk and could be tantamount to leaving your bank statement or pay slip lying about.

If you use one of these sites, I would recommend avoiding posting your date of birth, mobile phone number or other personal identifiers such as details of where you live and work, as these can be used to pinpoint you as an individual and you can then be targeted.

The current legislative framework used by the Government to deal with identity fraud in the UK includes:

The Identity Cards Act 2006, which creates a new offence of being in possession or control of false identity documents, genuine documents that have been improperly obtained, or documents issued to another person without reasonable cause.

The Fraud Act 2006, which creates a single overarching fraud offence focusing on dishonesty and encompassing internet fraud and “phishing”.

The Data Protection Act 1998, which is enforced by the Information Commissioner and provides a framework to ensure that personal data is stored securely.

No offence?

There is no specific offence of identity fraud in the UK and it is not a crime to assume another person’s identity, unless there was some intent to commit fraud or it can be proved that a criminal act took place as a consequence. The Government is currently considering whether an offence ought to be created.

The All-Party Parliamentary Group Report into Identity Fraud dated October 2007 recommends a number of amendments which could strengthen the legislative framework and close off various loopholes. The City of London Police have stated that “tougher sentences for identity fraud and additional resources for police… would undoubtedly have an impact on reducing identity fraud”.

It is clear that a great deal more can be done in combatting and dealing with the impacts of identity fraud, including legislating for further clarification of the existing framework. It is also clear that identity fraud will continue to evolve: as certain routes are shut down, criminals will find new methods of gaining access to personal information and the legislation ought to be flexible enough in this regard. The key message is vigilance in posting profiles or

leaving messages on various networking sites. Don’t make an early Christmas present of your personal information!