The facts about identity theft

Thousands at risk after data loss
Around 15,000 Standard Life customers could be at risk of fraud after their personal details were lost by HM Revenue & Customs (HMRC). The data was on a CD sent from the Revenue office in Newcastle to the company's headquarters in Edinburgh. But the disc containing names, national insurance numbers, dates of birth and pension data never arrived at its intended destination.

BBC, 3 November 2007

TJX says 45.7 million card numbers stolen
TJX, the US retailer that owns the TK Maxx stores, revealed today that 45.7 million credit and debit card numbers had been stolen from its computer systems. British and US police are investigating the theft, which took place over an 18-month period, and is believed to be the biggest card heist on record.

The Times, 29 March 2007

New fraud threat to chip-and-PIN cards
SHOPPERS have been warned about a major security fear over chip-and-PIN machines. Experts at Cambridge University say they have come up with a virtually foolproof way of stealing a consumer's details. They believe fraudsters could easily replicate their method and have posted a video on the internet as an alert. The banking industry admitted yesterday that the development is a worrying one and say they have their own scientists working on ways of foiling the criminals. The Cambridge team reprogrammed a hand-held chip- and-PIN machine to allow them access to card details and PINs. Researchers say it would be simple to swap their rigged machine for one in a store. Last year, Shell suspended chip-and-PIN payments in 600 UK petrol stations after more than £1 million was stolen from customers' accounts. APACS, the payments organisation representing high street banks, said the Cambridge breakthrough could be a threat.

The Scotsman, 6 January 2007

Banks are dumping account details on the street
THE PUBLIC is being exposed to identity fraud because high street banks are dumping details of their customers’ accounts on the street, Britain’s information watchdog gives warning today. In an interview with The Times, Richard Thomas says that he has received “highly disturbing” evidence that personal information, including bank statements and loan applications, had been left in bin bags on streets throughout the country.

The Times, 28 October 2006

Waste bins 'an ID theft goldmine'
Householders are still throwing out too many documents that help criminals steal their identity a survey suggests. To help solve the problem police and other consumer organisations have launched their second national identity fraud prevention week. A bin-raiding test in London found nearly half of the 120 tested homes had thrown away enough information for their identity to be stolen. The government has estimated that ID fraud cost the UK £1.7bn last year. According to CIFAS, the UK's fraud prevention service, identity theft has risen more than five-fold from 20,000 cases in 1999 to 137,000 in 2005.

BBC News, 16 October 2006

Credit data stolen at Indian call centres
Credit card data, along with passport and driving licence numbers, are being stolen from call centres in India and sold to the highest bidder, an investigation has found. Middlemen are offering bulk packages of tens of thousands of credit card numbers for sale. They even have access to taped telephone conversations in which British customers disclose sensitive security information to call centre staff.

The Sunday Times, 8 October 2006

Stolen IDs sold on web for £1
THE STOLEN identities of Britons — including their credit card details, home addresses and security passwords — are being sold on Russian websites for as little as £1 each.

The Sunday Times, 3 September 2006

Millions lost in organised tax credit frauds
Forty organised tax credit frauds involving the theft of thousands of identities and worth at least £5 million are being investigated by Revenue and Customs inspectors, it was disclosed yesterday. This is the latest problem to hamper Gordon Brown's beleaguered tax credit scheme, which was criticised this week by an influential committee of MPs after it overpaid £4 billion to claimants in two years ... Richard Bacon, the Tory MP whose inquiries uncovered the illegal activities, said he understood that manufacturers and large retailers were targeted. People's identities were being stolen on "an industrial scale" ... Last November, HMRC said it was investigating the theft of 8,800 identities from people who worked for JobCentre Plus in London. This led to 2,700 cases involving payments of £2.7 million before the fraud was stopped. In January, the Government said Network Rail staff were victims, leading to bank accounts being created under false pretences. Some 16,000 false claims were stopped.

The Daily Telegraph, 9 June 2006

Privacy traders 'must be jailed'
Jail sentences of up to two years are needed to combat the huge black market trade in details about people's private lives, says a government watchdog. Information Commissioner Richard Thomas says there is a "pernicious" illegal trade in addresses, phone bills, bank statements and health records.

BBC News, 12 May 2006

Criminals take bank cards abroad
Criminals are now increasingly copying bank cards in the UK before using them abroad so they can bypass chip and pin security, Lloyds TSB has warned. While chip and pin makes it much harder for criminals to make useable copies in the UK, foreign ATMs are less secure. This is because many overseas ATMs are still taking their information from a bank card's magnetic strip rather than the more secure microchip.

BBC News, 11 May 2006

No more Mr Nice Guy?
Gone is the sharp-suited, debonair, sliver-tongued fraudster who'd charm his way to a personal fortune. In his place: countless thousands hunched over computers, stealing bank details and exploiting technological weakness - without witnesses, and often for hire. "There's none of what we used to call conmen these days," says Frank Abagnale. "There's no need for that any more" ...

Organised gangs rule the roost. Be they Russian, Chinese, Korean or homegrown, they have the resources to achieve results. "They're like any other business," he says. "They're prepared to invest in order to get what they want." The result: the blizzard of emails "phishing" for bank details or flogging fake lottery scams; the mass purloining of customer data from banks and retailers; and at the most extreme level, the - foiled - theft of more than £200m from the computers of Japanese bank Sumitomo in 2005.

BBC News, 10 May 2006

The king of fraud flies in to help banks beat menace of ID theft
ONE of America’s most famous fraudsters arrived in London yesterday to warn Britain about identity theft ... Plans to introduce identity cards will be even more problematic because “there will be so much information about someone on one card”, Mr Abagnale said. “It’s more information to steal. You will be dealing with someone in a government office on a low salary. The details are going to be vulnerable. These sorts of cards are very easy to forge.”

The Times, 9 May 2006

Orchestrated in the underpass
A passage, linked to a major bank's call centre, has become a favourite with thieves who are prepared to pay cash for your personal details ...

"Twenty years ago all of a customer's details would have been held at the branch. Now it is held in a few such centres. The criminals behind a lot of the fraud we see today know this and are targeting the call centres, both by trying to infiltrate them by sending workers in to get a full time job, and by leaning on existing workers."

The Guardian, 1 April 2006

Chip-and-pin 'cuts fraud by 13%'
The chip-and-pin system cut plastic card fraud by 13% in 2005, according to the Association of Payment Clearing Services (Apacs). Losses due to the fraudulent use of credit and debit cards fell last year by £65m to £439m. Most categories of fraudulent card use dropped, except for transactions over the phone, internet or by mail. Chip-and-pin cards were introduced in 2004, with their use becoming required in shops from February this year.

BBC News, 6 March 2006

ID theft 'costs UK £1.7bn a year'
Identity fraud is costing the UK an estimated £1.7bn every year, Home Office Minister Andy Burnham has said. At £35 per person, the estimated annual cost was greater than that of planned compulsory national identity cards, he told BBC Radio 4's Today programme. Critics of the scheme accuse ministers of playing on people's fears and say flaws in the security of ID cards mean they could actually increase fraud. A July 2002 Cabinet Office report put the annual cost of ID fraud at £1.3bn. ID fraudsters use personal details to gain access to bank accounts, run up bills, and create false documents like passports to carry out benefit crime.

BBC News, 2 February 2006

UPDATED ESTIMATE OF THE COST OF IDENTITY FRAUD TO THE UK ECONOMY

Home Office, 2 February 2006

ID fraudsters plunge tax system into chaos
THE identities of thousands of rail workers have been stolen by criminal gangs and used to steal millions of pounds from the Treasury, The Times has learnt. One in seven staff at Network Rail has been caught up in the tax credit fraud that has plunged the tax system into chaos and could turn out to be Britain’s biggest benefit scam. Last month it emerged that 13,000 Jobcentre workers had had their identities stolen and there are fears that other leading companies have also been targeted by the gangs. Suspicions are mounting that HM Revenue and Customs insiders are involved in the fraud. ...

By using the name, date of birth and NI number of Network Rail employees, gangs have been able to make fraudulent claims through the HMRC’s website and divert funds into their own website. Criminals were able to claim up to £100 per month per person, usually by changing the number of children and the employment status of the person whose identity they had stolen. The website, used by 500,000 people a year, was closed on December 2 after ministers admitted that there had been fraud. Losses already identified exceed £15 million, but that figure is expected to get much higher.

The Times, 18 January 2006

Hi-tech Cassandras foresee trouble with ID cards
Technology companies stand to benefit from the government's plans for a national identity card - but they have turned out to be the unexpected Cassandras of the scheme. A growing number of hi-tech firms say that far from improving security or cutting down fraud, the cards could actually create security risks.

The Guardian, 21 October 2005

ID cards will lead to 'massive fraud'
In an article for The Scotsman today, Jerry Fishenden, the national technology officer for Microsoft, says the proposal to place "biometrics" - or personal identifiers such as fingerprints - on a central database could perpetuate the "very problem the system was intended to prevent". He says ministers "should not be building systems that allow hackers to mine information so easily".

The Scotsman, 18 October 2005

Hackers target net call systems
Malicious hackers are turning their attention to the technology behind net phone calls, says a report. The biannual Symantec Threat Report identified Voice over IP (Voip) systems as a technology starting to interest hi-tech criminals ... The growing use of Voip could encourage the emergence of:
  • audio spam that clogs voicemail boxes with spoken adverts
  • voice phishing that tries to con people into handing over confidential details
  • caller-ID spoofing which allows conmen to make it look like they are calling from a legitimate number such as a victim's bank
  • call hi-jacking that re-directs calls to conmen and criminals

BBC News, 19 September 2005

Criminals to 'adapt to ID cards'
The UK government's proposed ID scheme will do little to stop identity theft and may actually exacerbate fraudulent behaviour in its early years. That is the view of researcher Dr Emily Finch who interviews career criminals about their activities. She has detailed how they adapt their strategies to get around new anti-crime technologies such as chip and pin. Dr Finch will tell a Dublin conference that these criminals will be undaunted by the prospect of identity cards ... Dr Finch describes how she and a male co-researcher swapped chip and pin cards and carried out a number of transactions. Not once, she says, did anyone check the gender on the card or challenge them - because our increasing reliance on technology is leading to a breakdown in the vigilance we customarily exercised.

BBC News, 4 September 2005

ID theft spyware scam uncovered
Thousands of computer users have been caught out by a huge ID theft ring. Security firm Sunbelt Software said it stumbled across a US-based server storing megabytes of data stolen from compromised computers while researching spyware infections. The server held passwords for online accounts from 50 banks, Ebay and Paypal logins, hundreds of credit card numbers and reams of personal data. The FBI has reportedly now started investigating the ring of ID thieves.

BBC News, 23 August 2005

How call centre chiefs can steal bank details
THE manager of an Indian call centre revealed to The Times yesterday the ease with which workers can steal confidential information despite claims by British banks that security is tight. His revelation came as the Information Commissioner said that banks, building societies and credit card companies could be prosecuted after 1,000 British bank and credit card details were sold to an undercover newspaper reporter in Delhi. Police in London and India are investigating the sale.

The Times, 24 June 2005

ID threat triggers exodus from online banking
The threat of identity theft and concerns over fraud has led to an estimated 2 million people opting not to use internet banking services in the past year.

The Times, 24 June 2005

Police smash £20m cheque fraud
Police have arrested 35 people over a multi-million pound cheque book scam. Up to 400 officers carried out raids on Tuesday at 36 addresses across London, Surrey, Kent, Cambridgeshire, West Midlands, West Yorks and Manchester. Cheques stolen from books sent by banks through the post to people in Golders Green, north London were being cashed for up to £1,200 each. The Metropolitan Police estimate the thefts have netted the thieves £20m from across the country.

BBC News, 26 April 2005

Fake call ID services on the rise
The internet is making it a lot easier to fake who you are via the phone. Many online services are springing up that bypass Caller-ID and can make it look like you are ringing from almost any phone number.

BBC News, 25 April 2005

UK police foil massive bank theft
Police in London say they have foiled one of the biggest attempted bank thefts in Britain. The plan was to steal £220m ($423m) from the London offices of the Japanese bank Sumitomo Mitsui. Computer experts are believed to have tried to transfer the money electronically after hacking into the bank's systems ... They managed to infiltrate the system with keylogging software that would have enabled them to track every button pressed on computer keyboards.

BBC News, 17 March 2005

Card firms plan online fraud-buster
PLANS for a high-tech mobile fraud-buster are being drawn up by banks and credit card companies as they seek to combat soaring levels of card crime. Under the plans, consumers will need to use a security device the size of a calculator each time they buy something online. The device will work in a similar way to chip and PIN. Before making a purchase, consumers will have to insert their card in the device and type in a PIN to verify that the card belongs to them.

The Times, 14 March 2005

Thieves seize on security flaws to make millions from card fraud
Introduction of chip and PIN was blighted at the outset by the decision of banks and credit companies to send out preactivated cards

FLAWED anti-fraud measures taken by banks and credit card companies gave postal thieves rich pickings last year ... Barry Stamp, joint director of Checkmyfile.com, a business that advises people on their credit files, said the fraud could easily be stopped if all banks adopted the policy of card companies such as Marks & Spencer, which puts a block on its “&more” card and requires customers to pass security checks before the card can be used ... a spokesman for Lloyds TSB said that all its credit card customers had to telephone the bank and prove their identity before a card could be used.

Apacs said that organised criminal gangs, which infiltrate organisations such as the Post Office and secure delivery companies, were behind the rise in postal fraud.

The Times, 8 March 2005

UK card fraud rises above £500m
Fraud involving credit and debit cards rose by a fifth to £504.8m last year, a bank payment body has said. Much of the rise was due to an increase in crime involving cards lost or stolen in the post, the Association of Payment Clearing Services (Apacs) said. Banks are replacing 140 million cards with new chip and pin cards, but Apacs said some of these were falling into the hands of fraudsters. Apacs also said that internet scams cost UK consumers £12m in 2004. It is the first time that Apacs has put a figure on the amount of money consumers are losing through phishing scams and computer viruses which can capture security details through keystroke logging.
MAIN AREAS OF CARD FRAUD
Counterfeit cards £129.7m (up 17%)
Card stolen or lost £114.4m (up 2%)
Card not present £150.8m (up 24%)
Card lost or stolen in the post £72.9m (up 62%)
ID fraud £36.9m (up 22%)
Source: Association of Payment Clearing Services (Apacs)
RISING CARD FRAUD
2004 £520.8m
2003 £420.4m
2002 £424.6m
Source: Apacs

BBC News, 8 March 2005

Credit card fraud hits new high despite chip and PIN
CREDIT and debit card fraud has soared to a record £500 million despite the introduction of new chip-and-PIN technology, it emerged today.

The Times, 8 March 2005

Charges brought over bank 'scam'
Police have charged 30 people after nearly £2m was allegedly siphoned illegally from people's bank accounts and several financial institutions. More than 200 Strathclyde Police officers were involved in raids at 42 addresses on Thursday morning. Confidential personal banking security details are said to have been accessed, leading to identity theft, credit and loan requests and balance transfers. The names of the institutions involved are not being made public.

BBC News, 3 March 2005

Most Britons 'fear falling victim to identity fraud'
A QUARTER of British adults have been victims of identity theft or know someone who has had their ID stolen, according to a report. An identity theft takes place every four minutes and costs the country an estimated £1.3 billion a year. It is one of the fastest-growing crimes in Britain. Which?, formerly the Consumers’ Association, has found that two thirds of people are worried about identity fraud which, for victims, can be a harrowing experience.

Malcolm Coles, editor of Which? magazine, volunteered to let one of his researchers steal his ID. “I couldn’t believe how easy it was for someone else to assume my identity,” he said. Within a short time, the researcher had obtained Mr Coles’s birth certificate, mother’s maiden name, mortgage value, medical data and details of his shopping habits and his gym visits. “If this is what an amateur can do, imagine how easy it is for an experienced criminal,” Mr Coles said.

The Times, 3 March 2005

MasterCard's new anti-fraud plan
A new anti-fraud system alerting people to suspicious purchases on their credit cards within minutes is to be launched. The system, devised by MasterCard, is designed to speed up vital information to customers and reduce cases of multiple card fraud. UK credit and debit card fraud cost £400m last year and criminal methods have become increasingly sophisticated. MasterCard said the system would boost the rate of fraud detection and provide more protection to cardholders. If they agree to sign up to the scheme, cardholders will receive a text message on their mobile phones immediately their bank is aware of a 'high risk' transaction on their card. Cases of unusual transactions are currently dealt with manually by most banks, meaning it can take an hour or more to contact a customer.

BBC News, 9 February 2005

Card fraudsters 'targeting web'
New safeguards on credit and debit card payments in shops has led fraudsters to focus on internet and phone payments, an anti-fraud agency has said. Anti-fraud consultancy Retail Decisions says 'card-not-present' fraud, where goods are paid for online or by phone, has risen since the start of 2005. The introduction of 'chip and pin' cards has tightened security for transactions on the High Street. But the clampdown has caused fraudsters to change tack, Retail Decisions said.

BBC News, 7 February 2005

ID theft surge hits US consumers
Almost a quarter of a million US consumers complained of being targeted for identity theft in 2004, official figures suggest. The Federal Trade Commission said two in five of the 635,173 reports it had from consumers concerned ID fraud. ID theft occurs when criminals use someone else's personal information to steal credit or commit other crimes. Internet auctions were the second biggest source of fraud complaints, comprising 16% of the total. The total cost of fraud reported by consumers was $546m (£290m).

BBC News, 1 February 2005

ID theft mastermind gets 14 years
A Briton involved in what is believed to be the largest identity theft case ever has been sentenced to 14 years in prison by a New York judge. Philip Cummings, 35, used his job as a computer helpdesk employee to steal personal information from more than 30,000 unwitting customers. He passed credit card and other stolen details on to other criminals ...

Cummings, who worked for Teledata Communications - a New York-based software company which helps lenders access major credit databases - had access to clients' codes and passwords. He would steal people's credit reports and pass them on to an accomplice, who would sell them on and share the profits with Cummings. The stolen identities, bought by intermediaries for about $60 per name, were then used to access the victims' bank accounts and use their credit cards. The criminals would buy expensive goods, including computers and electronic equipment, and resell them to other members of the network. By changing a customer's personal details, the thieves could even have new credit and ATM cards mailed directly to them. Stolen password More than 15,000 unauthorised credit reports were accessed by using a stolen password belonging to Ford Motor Credit, making the scam harder to detect.

BBC News, 11 January 2005

'Chip and pin' security warning
A leading security expert has warned that new chip and pin credit and debit cards could be open to fraud. Professor Ross Anderson, from Cambridge University, says villains will be able to capture card and pin data to "make up" forged cards. But the banking industry has rejected his concerns, saying the system is extremely robust. More than three-quarters of card holders already hold one of the new chip and pin cards.

BBC News, 18 December 2004

Cash machine fraud nearly doubles
Cash machine fraud increased by 85% to £61m during the past year, according to the Association of Payment Clearing Services (Apacs). Cash machine crime was the fastest growing form of card fraud in the past year, the banking payment body added. Fraudsters target cash machines using skimming devices, which copy card details, and miniature camera devices, which record cardholders' PINs.

BBC News, 10 November 2004

Dozens held over ID fraud website
Twenty-eight people, including a Briton, have been arrested after a global operation against a website allegedly involved in identity fraud. Those arrested are accused of operating Shadowcrew.com, which investigators claim was a global clearing house for criminals involved in credit card fraud ... She said criminals were using the websites to traffic counterfeit credit cards and false identification information and documents such as credit cards, driver's licences, passports and birth certificates. The websites shared tips on how to commit fraud and provided a forum by which people could buy the information and tools they needed to commit such crime, she said.

BBC News, 29 October 2004

Relaxation of ID rules pressures banks to open doors
ANTI-MONEY laundering rules for customers opening new accounts are to be relaxed as the Government prepares to pressurise banks to open more accounts for the poor. Gordon Brown, the Chancellor, is expected to lay out specific sales targets for Britain’s banks before the end of the year, as part of a drive to reduce the number of people in the UK who do not have a bank account ... The rules will also scrap the requirement of a utility bill as proof of address. A spokesman for the FSA said the requirement had proved too difficult for some people, adding that such bills were easy to fake.

The Times, 29 October 2004

Card fraud shows sharp increase (take your pick)
Credit and debit card fraud rose by nearly a fifth to £478.8m in the year to July, the Association of Payment Clearing Services (Apacs) has revealed. Crime involving cards lost or stolen in the post increased by 51%, Apacs said. All UK banks are replacing their customers' cards as chip and pin fraud-prevention technology rolls out. An Apacs spokeswoman said criminals were stepping-up their fraudulent activities during the introduction of chip and pin card technology.

BBC News, 5 October 2004

Banks sound alarm on online fraud
The banking industry has warned customers with online accounts to guard against a new wave of cyber fraud. Industry body Apacs said some 2,000 British online account holders had been taken in by scams in the past year, losing £4.5m between them. Many were duped into revealing their account passwords by phoney e-mails purporting to come from their bank. Others had their computers infected with programs which allow fraudsters to record their log-in details.

BBC News, 1 October 2004

Card fraud prevention 'pays off' (take your pick)
UK credit card fraud dropped for the first time in nine years during 2003, a survey has found. Market analyst Datamonitor said credit card fraud fell 5% to £402.4m last year, from £424.6m in 2002. It added that the introduction of chip and pin cards - where customers verify a purchase by keying in a four-digit pin - should cut the figure further.

BBC News, 25 August 2004

Faced with fraud
... The unidentified suspect was detained April 1 at Dejvicka metro station in Prague 6 after a witness tipped police that the man was tampering with a cash machine. Police said he was attempting to install a scanning device to copy data from a cash card's magnetic strip, along with a miniature camera to watch patrons enter their personal-identification codes.

The Prague Pose, 15 April 2004

Britain sees surge in 'phishing'
UK bank customers have been warned they may be targeted in a new wave of "phishing" scam emails. The Association for Payment Clearing Services (APACS) has told BBC News Online it is worried by a surge in phishing scam emails in recent days. Customers of some of the UK's largest banks are being targeted, APACS said. Phishing scamsters pose as a bank to request personal details as part of a bogus "security check". The crooks then use the details to empty accounts.

BBC News, 25 March 2004

Crackdown on identity theft
A fraudster could be arrested for mere possession of a false document, in a new attempt by the government to stem the rising tide of identity fraud. The new measures would mean criminals who were caught with stolen documents, such as fake passports or driving licences, could face up to two years in prison. Identity theft is the fastest-growing type of fraud in the UK and costs Britain £1.3bn a year.

BBC News, 18 June 2003

Anti-fraud credit cards tested
A new system designed to beat credit card fraud has gone on trial in a British town. Shoppers in Northampton will be using credit, debit or charge cards that contain a special chip. Instead of signing for goods, the users will have to enter a four-digit pin number.

BBC News, 19 May 2003

Bank fraud risk from ID theft
Enterprising crooks are pulling off multi-million pound bank frauds using the same tactics deployed in stealing credit card details, investigators have warned. Moreover, the increasing focus on "knowing your customer" - identifying who really owns a bank account - when the account is opened could be cutting into checks and balances further down the line. Scammers have long used discarded credit card information - receipts, junk mail card offers and so on - to steal from cardholders or to help in other kinds of identity theft-related crime.

BBC News, 7 March 2003

Credit card database hacked
A computer hacker has gained access to more than 5 million Visa and Mastercard credit card accounts in the US. The two companies said on Tuesday that none of the information obtained, which would include credit card numbers, was used in a fraudulent way. But a UK-based business crime expert warned account holders could still be at risk if their cards were not reissued. Visa and Mastercard said the hacker breached the security system of a company that processes credit card transactions on behalf of merchants.

BBC News, 18 February 2003

 

© 2002-2007 Business Consultancy Services Ltd
on behalf of Dematerialised ID Ltd