Identity theft is not yet a crime under UK law, although the increasing problem means the government is consulting on whether it should become so. What is against the law is using the identity to obtain money.
It is difficult to get an exact figure on the levels of identity fraud in the UK as such crimes are hidden in the statistics for crimes of deception or theft.
But figures compiled by the Credit Industry Fraud Avoidance System, known as CIFAS, show that identity fraud saw a 461% increase in 2000 followed by a 122% increase in 2001 and a further rise of 54% in 2002 with 42,029 identified cases.
CIFAS monitors identity fraud separately from crimes of deception or theft.
Identity theft is a major headache for the financial services industry.
Apart from its use for personal gain, we are now seeing the theft of corporate identities.
It is quite common for fraudsters to obtain company details from publicly available records, such as directors’ names and bank details. Simply writing a letter asking for a brochure will elicit a response on company letterhead, which can then be used to notify the bank of a company’s change of address and to redirect all mail to the new address.
This letter is usually faxed to the bank to disguise the fact that the letter has been ‘cut and pasted’ together and contains forged signatures. The bank, in some cases, may accept this and then re-direct bank statements and/or chequebooks. The fraudster will wait until he knows that the bank account contains sizeable funds. He will then either forge a cheque or issue instructions to the bank via another faxed letter to transfer funds to another account, which he will then clear out. That account has usually also been set up using false details.
Fraudsters target companies in other ways too: by creating a new identity to shed their past.
In one investigation, the client called us in to find out why they were losing so much money.
The MD was sure that an employee was responsible, but could not pinpoint the individual. We were able to focus our work on the previous 12 months when the losses appeared to commence. One of the first steps was to see what changes in personnel there had been. There were 10 new starters, two of them in the finance department. We reviewed those individuals’ personnel files and at first glance everything appeared fine.
They seemed to have the right qualifications and references. But, a closer look showed that the addresses of one of the individuals did not tally with the electoral roll – the postcode was slightly out as CR0 and should have been CR1 – a mistake that prompted us to start delving deeper.
The individual finally admitted to the fraud, explaining his use of someone else’s identity to conceal the fact that he previously served three years in jail on being found guilty of theft and false accounting. After trying unsuccessfully for various positions, he had decided to steal someone’s identity.
He had been lucky to find someone with relevant details on the web and had been able to obtain information on the person’s previous employers and qualifications to construct an identity and a detailed CV.
When he was offered a job, he was able to complete an application form that enabled the company to request references from previous employers and confirm academic qualifications. His only slip up – over postcodes – only came to light when we started our investigation.
Corporate fraud is slightly more complex. ‘Long firm fraud’ (creating a company trading history that allows the fraudster to increase the level of purchases and then eventually disappear) has been around for a long time.
To overcome this, companies have been increasing the level of due diligence on potential customers to check up on the authenticity of the directors and the history of the company. Fraudsters are therefore reluctant to show themselves as directors of these companies as any checks will show that they are not to be trusted.
So they either use the details of an unsuspecting individual chosen at random, or those of a bona fide director from another company.
In one case, fraudsters obtained the details of an upstanding member of a local community – a church verger – from a church notice board and phone directory. The first thing the clergyman knew about it was when the police knocked on his door to ask him to ‘help them in their enquiries’.
But, if identity fraudsters want somewhere that will provide a fountain of new opportunities, they need look no further than the internet. It is relatively cheap and quick to create an online presence that looks and feels the same as a bona fide website. Online shopping has also meant that consumers have become used to handing over personal details on the web. Double identity frauds can therefore easily take place.
It works like this. An online shopper looking for www.abc.com may inadvertently log onto www.abc.co.uk that has been designed by a fraudster to look like the.com original for the sole purpose of obtaining personal details.
The shopper browses this parallel website and finds the products he or she is looking for. They are then asked to give their name, address and credit card details, which the fraudster uses to obtain goods on other sites or over the telephone. These details can also be used to clone credit cards. This all only comes to light when the individual receives their credit card statement and is shocked by what they see.
But it is not all doom and gloom as there are a number of ways that companies and individuals can protect themselves from the identity fraudster. But act now to ensure you don’t become their next victim.
- Andrew Durant is head of the fraud investigation and recovery services team at BDO Stoy Hayward.