Identity fraud grew by 5% from 2013 to 2014 as criminals eschewed account takeover scams in favour of creating new accounts in the name of their victims, according to Cifas.
The not-for-profit fraud prevention service claimed in its annual Fraudscape report that identity fraud accounts for the largest chunk of overall fraud (41%), with almost 114,000 separate cases recorded last year.
It added that in the first quarter of 2015, as much as four-fifths of of identity fraud incidents were perpetrated online.
There was some good news in that “enhanced security procedures” had led to an impressive 38% reduction in so-called “facility takeover fraud” – where criminals typically takeover or hijack an existing bank or store account without the owner’s knowledge.
However, account creation fraud, where the scammers use stolen identities to open new accounts in the victim’s name, continued to be popular. Some 41% of identity fraud was comprised of criminals opening up new credit card accounts while 27% related to new bank account openings, the report found.
To stem further rises in fraud over the coming year, Cifas called on the government to work with industry to create a “national measure” of fraud levels, claiming its members cannot provide the whole picture across the UK.
There also needs to be more research undertaken into the exact point at which identities are compromised and into the involvement of organized crime, the report argued.
Finally, we need a national education and awareness raising campaign, and comprehensive review of sentencing for related crimes, Cifas said.
The body also claimed that cross-sector prevention efforts are bearing fruit – stating that £1 billion was saved thanks to the Cifas National Fraud Database in 2014, and that 63% of fraud detected last year was done so by matching data across industries.
Tony Larks, director of research at fraud prevention firm ThreatMetrix, argued that the picture of UK identity fraud observed by Cifas is just the tip of the iceberg.
“The number high-risk fraud events is even higher than the Cifas figures as they are based on people reporting fraud, while our data shows actual attempts of fraud that were stopped,” he told Infosecurity. “Companies need to put in place technologies that can identify whether people visiting their sites are good or malicious."
The ThreatMetrix Cybercrime Report for the past two quarters revealed that 11.4 million fraud incidents were spotted by its filters in the run up to Christmas alone, with scammers increasingly using VPNs and proxy servers to trick prevention tools.
The report did chime with Cifas figures on account creation fraud, however, branding it the highest risk type – more so than account log-in or payment fraud.
Richard Parris, CEO of security firm Intercede, argued that the rise in identity theft could be seen as a result of users being forced to continue with “outdated” password-based authentication.
“This already porous level of security is then made even less effective by the continued use of basic password combinations, which are then used for multiple logins,” he added.
“The fact is that multiple complex passwords are difficult to remember and so inherently insecure. Instead it’s time companies took responsibility for the security of their consumers and governments took responsibility for the security of their citizens.”