Out-Law News 2 min. read
24 Jul 2003, 12:00 am
The report "Identity Theft: do you know the signs?" contains some worrying statistics:
the total number of identity frauds increased dramatically from 27,270 in 2001 to 42,029 in 2002 according to the Credit Industry Fraud Avoidance System;
it takes an average of 300 hours for victims of identity fraud to set the record straight, says the Home Office, and
the Department for Work and Pensions estimates that the overall cost of benefit fraud is £2 billion, of which up to £50 million is based upon "wholly fictitious identities".
It compares to a report from researchers Gartner published on Monday which found a 79% increase in identity theft in the US in the year ending June 2003.
The UK report details the main methods of perpetrating identity theft. These include application fraud, where a fraudster applies for payment cards and financial products in the name of his victim; account takeover, where the fraudster collates sufficient information about the victim to dupe the victim's bank that they are the victim; the wholesale assumption of the victim's identity; and the fraudulent use of a business identity, through company stationery or the use of a bogus web site.
The solution, according to the report, is to increase data sharing between government and business, and between businesses.
Steven Philippsohn, head of FAP's cybercrime working group, explained:
"We believe the Government should clarify through legal means those situations in which data sharing between public sector and business organisations will be permitted. Greater data sharing and cross-referencing of information about known frauds and fraudsters between governmental agencies and the business sector will mean there is a better chance of detecting identity theft at an earlier stage.
"Fear of the regulators swooping down is hindering attempts to reduce fraud by means of data sharing. Many organisations and police investigators are unaware that section 29 of the Data Protection Act allows for certain exceptions to be made to its general principles when personal or financial data is processed for the purposes of crime prevention. This must be made clearer."
The Panel's report advises companies to consider creating a database of frauds which they suspect or know have been carried out against them. It also suggests that they explore the potential for data-sharing with other companies in their sector and with the public sector, in order to build up a central register of stolen identities, documentation and selected biographical data relating to criminals held by the government.
Members of the general public are advised to take care when disposing of personal documentation. Recommendations include never putting your ATM receipt in the receptacle provided at the cash machine and to consider investing in a shredder for home use. Bin raiding is one method employed by identity fraudsters in order to build up a financial picture of their victim.
Experian, one of the two leading Credit Reference Agencies used by financial services firms in the UK, carried out a survey last year into identity theft. Of the 71 urban local authorities responsible for refuse collection contacted by Experian, 53 said that bin raiding occurred in their area.
The report is available here