Identity theft is increasing as a method of fraud and banking security, both inside and outside the organisation, is becoming more vital as the fraudsters become more sophisticated, reports Kris Sangani.

It is easy to assume someone else’s identity (ID), points out Peter Warner, vice-president of security risk management for Mastercard Europe. “When I walked in here this morning and someone gave me my badge, I had to announce who I was but I didn’t have to hand any identity over. I could have said that I was Joe Smith, for example, and I could have assumed that identity during the break and played the part of one of my competitors,” he quips to an audience of his peers at a Combating Identity Fraud conference.

ID theft typically comprises fraudulent applications, whereby someone opens a card account using stolen or false documents obtained from a variety of sources in someone else’s name. The fraudster obtains credit and has no intention of paying. Alternatively, a fraudster will take over another person’s identity or account by finding information out about them and contacting the card issuer for a replacement card.

The instances of identity theft are far less prevalent in Europe than in North America, where the problem has been a serious headache for banks for a number of years and where they have become adept at dealing with ‘dumpster divers’ who raid trash cans to steal valuable documents.

Sophisticated fraud

However, the crime is becoming a lot more sophisticated as the fraudsters are turning their attention to the mass of personal information available on the internet. “Anonymity on the internet is a real problem,” says Richard Clayton, a Cambridge academic researcher on IT security who hit the headlines two years ago when he broke the encryption algorithm on the previously impenetrable ATM network. Mr Clayton demonstrated how establishing an audit trail on the internet is an extremely difficult proposition, so banks have to be wary when transacting using this channel.

According to Mastercard’s global figures, ID theft is still relatively small when compared with other types of financial fraud – about 7% of the total fraud problem. Counterfeit credit cards and CNP (card not present fraud) account for 60% of all fraud.

However, in Canada, 35% of all fraud was ID theft-related, according to Mastercard’s figures. The Canadian system is similar to that in the US: a social security number gives entry to everything and once a fraudster has that piece of information they can become whoever they want to be.

In Europe, ID theft is a smaller problem. However, the sums are expected to grow significantly as fraudsters find other areas of card fraud difficult to perpetrate. The UK, for example, is about to implement a chip and pin retailing regime under which card users will be required to authenticate their transactions by entering a unique pin number.

Identity theft

“Don’t expect the fraudsters to sit back and say: ‘it was great while it lasted and therefore we are going to give up’. They are going to look at other ways. If you cannot get hold of the card or counterfeit it, you simply assume the identity of the person who has a genuine card,” warns Mr Warner.

However, police chiefs admit privately that the budget that the police have for dealing with this type of crime is extremely limited. “It’s not murder, it’s not robbery, it’s not paedophilia – it’s not on the list of priorities,” admits a senior police officer.

Employee security is a major concern to the police. “Who are the people working in call centres? Typically they come from agencies. Do those agencies undertake appropriate checks?” asks the officer.

These concerns are echoed by Gordon Stevenson, managing director of computer evidence consultancy Vogon International. “The real enemy is within organisations and a strong network perimeter is vital in order to create a strong identity management infrastructure,” he says.

This is borne out by figures produced by Deloitte Touche Consulting, which points out that external fraud is dwarfed by the amount of fraud perpetrated by banks’ own management and employees. This raises the issue of whether banks are looking in the right place for fraudsters.

PLEASE ENTER YOUR DETAILS TO WATCH THIS VIDEO

All fields are mandatory

The Banker is a service from the Financial Times. The Financial Times Ltd takes your privacy seriously.

Choose how you want us to contact you.

Invites and Offers from The Banker

Receive exclusive personalised event invitations, carefully curated offers and promotions from The Banker



For more information about how we use your data, please refer to our privacy and cookie policies.

Terms and conditions

Join our community

The Banker on Twitter