New report reveals true impact of fraud
Cifas, the UK’s leading fraud prevention service and Neighbourhood Watch crime prevention partner, has released a new report detailing the fraud trends from over 325,000 fraud cases recorded in 2016.
The data, from 387 organisations, including many major UK brands, is one of the most comprehensive pictures of fraud and fraudulent attempts made in the UK.
Key findings from the Cifas’ annual report Fraudscape include:
• Over 325,000 (325,092) internal and external fraud cases were recorded in total, up from 321,092 (1% increase) in the previous year
• Organisations successfully prevented £1.03 billion in fraud losses through non-competitive data sharing
• Identity crimes (identity fraud and facility takeover) remain the biggest threat, representing 60% of all fraud recorded
• Facility takeovers increased by 45% from 15,497 to 22,525
• Over 50% of the facility takeovers recorded were enabled over the phone, typically to call centre staff
• 88% of identity frauds were committed online, compared to 30% of facility takeovers occurring online
A facility takeover happens when a fraudster poses as a genuine customer, gains control of an existing account and uses it for their own ends – such as making transactions or ordering new products or product upgrades. Any account can be taken over by fraudsters, including bank, credit card, telephone, email and other services.
The increase in facility takeover, particularly those committed over the phone, is a sign that, as security for customer accounts has increased, criminals target individuals instead and trick them into revealing personal details.
For this fraud to be successful over the telephone, fraudsters must have obtained enough of their victim’s personal and security information (for example date of birth, address, details of bank or other accounts and sometimes passwords) to convince the person on the other end of the phone that they are actually the genuine person they are impersonating.
Fraudsters will collate personal data and identify targets in a variety of ways, such as data breaches, social media footprints and other open source information. In order to get hold of the level of detailed information needed to conduct a successful takeover, fraudsters will often then contact their victims directly and manipulate them into revealing yet further personal details. Once they have enough personal data, fraudsters go on to call the bank, phone retailer, or service provider armed with enough information to convince call centre staff that they are their genuine customer.
Cifas Chief Executive, Simon Dukes said: “Working together, organisations prevented £1 billion worth of fraud last year, but we know that as one method gets harder, fraudsters change tactic rather than stop. We are now seeing that the advances made in securing online access to customer accounts have led to fraudsters targeting the human being at the end of the phone.
“Using old-fashioned but highly-effective con artistry, they are tricking individuals into giving away their personal details and deceiving call centre staff into making transactions on their victims’ accounts. The proliferation of personal data that is available either online or through data breaches only makes this easier.”
Cifas supports the Take Five campaign, which asks consumers to help protect themselves from financial fraud by remembering some simple advice:
1. Never disclose security details, such as your PIN or full password – it’s never right to reveal these details.
2. Don’t assume an email request or caller is genuine – people aren’t always who they say they are.
3. Don’t be rushed – a bank or genuine organisation won’t mind waiting to give you time to stop and think.
4. Listen to your instincts – if something feels wrong then it is usually right to pause and question it.
5. Stay in control – have the confidence to refuse unusual requests for information.
Cifas aims to make the UK a safer place to do business, by enabling organisations in every sector to prevent fraud and protect the public through the sharing of confirmed fraud data.
To read the full report click on the download below.