Can you talk about some of the technological, social and economic trends that are driving identity fraud? How these trends have been amplified by the Covid-19 pandemic?
Covid has accelerated some known trends, but I would call out the following specific examples:
- Customers at home and isolated: An increase in the number of customers at home creates more opportunities for fraudsters to target them over the phone; customers feeling isolated are also more susceptible to fraudsters’ techniques. For example, we can see an increase in investment fraud as fraudsters target cold calling with too good to be true investments.
- Government payments: The offer of personal payments, business loans and grants is a new opportunity for fraudsters to create new scams via impersonation and collect customer sensitive data to be used for applications and fraud at a later date. For example, impersonation of HMRC to offer payments whilst collecting data and installing malware.
- Rapid drive to digital: Customers are being forced to very quickly move to new digital journeys, often those that are not yet comfortable increasing the risk of them clicking suspicious links and creating new ‘easy’ targets for fraudsters. For example, impersonating banks and calling vulnerable customers to ‘help’ setup online or mobile banking.
- Increase in internal fraud: As more businesses move to home working solutions there is an increased risk of internal fraud due to the feeling of being less ‘watched’. It may also make home workers more susceptible to be contacted and exploited by fraudsters. For example, small accountancy firms working from home may be approached by fraudsters to manipulate government payments.
- Sensitive data collection: Fraudsters and hackers are collecting sensitive data about individuals which will be sold on the dark web, ultimately leading to a spike in fraud at a later date. For example, fraudsters are setting up ‘health’ apps to trace COVID-19 but are in fact collecting users’ sensitive data to be sold on dark web.
How do you see this impact the public sector specifically?
I would expect to see a further increase in identity abuse – both at citizen level, but most noticeably by businesses. The COVID-19 stimulus package, whilst providing some much needed relief, also provided the incentive for fraudsters and some struggling businesses to make fraudulent claims. Those that were successful are more likely to continue to commit abuse going forward.
Do developments in the UK reflect what is happening elsewhere globally?
Fraud is moving to a global problem. It is becoming more sophisticated, and fraudsters are migrating to digital and scams; we have seen this happen in the UK and elsewhere. Some countries have specific nuances due to the culture and systems in place.
What do organisations need to do to be more proactive in their stance against identity fraud?
Accenture believes that fraud management of the future will have six characteristics:
1. The data required to build sophisticated ID fraud detection models are available to decision scientists
2. Decision scientists have the tools to create models using the latest analytical techniques like AI/ML, NLP and image/video analytics
You might also like
3. Fraud detection models are deployed across the lifecycle of transactions and services
4. Where ID fraud is detected or suspected there are a range of interventions available which are efficient and effective at preventing loss to the enterprise, its customer and society
5. Victims of ID fraud can report fraud digitally and get instant restitution across the eco-system
6. The enablers of ID fraud have the same level of focus as fraud detection
Can you talk about your personal experience in the fraud space – what have been the biggest surprises in terms of what’s changed or remained unchanged during this time?
I am fortunate enough to have worked in the fraud space for 20+ years, working with a variety of customers from different sectors and different parts of the world. I am constantly surprised at the lack of basic fraud management practice, for example, having a clear understanding of the fraud risks at a granular level and having someone responsible for those fraud risks.
In terms of what has changed, without doubt it is the speed and sophistication of attack – it is getting faster each year. Despite this, fraudsters still continue to make lazy mistakes (e.g. re-using phone numbers, email addresses, poor grammar, same handwriting etc) but many firms overlook the benefits of linking these breadcrumbs. My favourite fraud is still the elderly married couple who borrowed a significant sum of money to do home improvements, and instead bought a motorhome to travel the world!
On a more serious note, the harm done to individuals, businesses and UK PLC is heart-breaking.
Disappointedly, I still see resistance to consortium/data sharing approaches to manage fraud which I believe is misplaced as we can only defeat fraud if we work collaboratively.