Identity crimes remain among the greatest threats to UK businesses online.
The offences made up three in five (60 per cent) of all fraud recorded by Cifas, the UK's leading fraud prevention service. Cifas' annual report, published Wednesday, collates statistics from 325,092 instances of fraud recorded in 2016. These internal and external cases represent a modest increase from the 321,092 recorded in 2015.
Facility or account takeover sharply increased last year. A facility takeover happens when a fraudster poses as a genuine customer, gains control of an existing account and uses it for their own ends – such as making transactions or ordering new products. Any account can be hijacked by fraudsters, including online banking, credit cards, telephone, email and other services.
Facility takeovers increased by 45 per cent from 15,497 in 2015 to 22,525 in 2016. More than half of these takeovers were enabled over the phone, typically through call centre staff.
The vast majority (88 per cent) of identity frauds were committed online, as were 30 per cent of facility takeovers. To pull off account takeovers crooks must first have obtained enough of their victim's personal and security information (date of birth, address, details of bank or other accounts, and sometimes passwords) to fool call centre staff. Data breaches, social media footprints and other open-source information can help facilitate this process. Often fraudsters need to approach their intended mark to get enough information, according to Cifas.
Cifas reckons the growing tactic of contacting call centre staff prior to attempting account takeover is, at least in part, a displacement effect. As online access to accounts is locked down with better authentication technologies, fraudsters are switching tactics in response.
Cifas chief executive Simon Dukes said: "Working together, organisations prevented £1 billion worth of fraud last year, but we know that as one method gets harder, fraudsters change tactic rather than stop. We are now seeing that the advances made in securing online access to customer accounts have led to fraudsters targeting the human being at the end of the phone.
"Using old-fashioned but highly effective con artistry, they are tricking individuals into giving away their personal details and deceiving call centre staff into making transactions on their victims' accounts. The proliferation of personal data that is available either online or through data breaches only makes this easier."
Cifas is pushing education as a means to help both call centre staff and targets to stay ahead of fraudsters. The service asks that the next UK government prioritises tackling fraud by putting fraud education in the national curriculum so kids get schooled on security practices early in life as well as making fraud prevention a "strategic priority for UK policing". In addition, the post-election government should run a comprehensive review of the sentencing guidelines for fraud. ®