Have you ever wondered if there is another person on the planet who is just like you? Looks just like you, shares your sense of humour and taste in music, or maybe just has an identical name and date of birth. Sharing a name and a date of birth with someone else is actually relatively common, in fact you only need 24 people in a room before the odds are better than evens that two of them will share a birthday.
Unfortunately, due to the advent of identity theft, the chance of you sharing both a name and a date of birth with someone else has increased in the past few years. In fact, in 2006, the number of victims of impersonation recorded by CIFAS – the UK’s Fraud Prevention Service - has grown to 67,406* causing a distressing, costly and stressful time for those victims trying to prove that transactions made, were not made by them. According the Home Office latest reports, it costs UK industry over £1.7bn per annum.
So how does it happen?
The amount of information a person needs to know about another before they can build up enough data to commit fraud is surprisingly low and many more details can be built up by the fraudster without resorting to sophisticated techniques. Details can be obtained from marketing organisations legitimately, or illegitimately, via customer records and payroll data. “Phishing”, a method of obtaining valuable data using technology is also on the increase. Organised crime rings can have their own people planted within organisations to supply data, check progress, open and close customer accounts, and suppress enquiries or material going to the genuine customer.
What do they get out of it?
Many crimes that appear simple in structure will often be the tip of the iceberg leading on to other interconnected crimes. For example, those identity fraudsters attacking government benefits (such as the new tax credit fraud carried out in 2006) become in the organisation’s eyes the ‘real’ customer; where detailed and legitimate headed documentation is sent to the address the fraudster uses, which can then be used to legitimise further activities, such as obtaining credit cards and other goods and services. The fraudster is often difficult to trace due to the interconnectivity and convolution relating to crimes.
What can be done?
There are many measures an organisation can take to minimise identity fraud, mainly in the area of governance, risk and controls. Ensuring compliance against vetting procedures and providing an environment for existing employees that does not allow fraud to prosper are key. Ownership and governance in higher risk areas is vital and a whole host of control mechanisms can be employed during any process to guard against internal fraud (or assistance to those externally committing a crime). Detailed analysis on customer records to identify where fraud or discrepancies have occurred using specialist forensic software can be beneficial, and more recently, implementation of predictive analytics solutions, where risky transactions can be weeded out for further handling before the crime takes place. Predictive Analytics means that the organisation can rapidly learn from new patterns in anomalous and fraudulent transactions and stop them before they become the latest trend.
Is the public sector particularly vulnerable?
There is a desire in public sector organisations to increase customer service, decrease cost and provide a less intrusive means of collecting information relating to benefit claims. This is music to the fraudster’s ears. The organised ID thief prefers a one touch processing environment where evidence is not collected every step of the way and the payment is made automatically into a bank account. The fraudster likes to see transparent decision making and rules publicly on-line for them to read. After all, a well publicised set of rules increases the chance of being able to break them.
Want to know more?
PwC has dedicated teams of specialists working to prevent and detect identity fraud in both private and public sector organisations. Governance, risk, compliance and controls specialists who have undertaken identity fraud related work in both private and public sector and a forensic services division who specialise in both the prevention and investigation of fraud.
*source www.cifas.org.uk
Contact details
Email:
Paul Capener
Tel:
+44(0)121 265 5333
Email:
John Archibald
Tel:
+44 (0)121 265 5654
© 2008 PricewaterhouseCoopers. All rights reserved. PricewaterhouseCoopers refers to the network of member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independent legal entity.
Home
News and issues