Identity fraud has hit ‘epidemic levels’ in the UK – but could a cure be found in biometrics?
Identity fraud has hit “epidemic levels” in the UK, according to new findings from fraud prevention service Cifas.
The number of identity fraud cases has soared to almost 500 every day, with a record 89,000 cases reported in the first six months of this year in the UK. This number is a huge 5% rise from the same period last year, with 83% of cases committed online.
Simon Dukes, the chief executive at Cifas, said: “We have seen identity fraud attempts increase year on year, now reaching epidemic levels, with identities being stolen at a rate of almost 500 a day.
“These frauds are taking place almost exclusively online. The vast amounts of personal data that is available either online or through data breaches is only making it easier for the fraudster.”
Criminals are able to commit identity fraud by usually pretending to be someone else, fooling a bank or a business in order to get money or a certain product. Usually the innocent person does not even know that they are a victim of fraud until unknown bills turn up from banks or businesses.
The key to defrauding a business or bank lies in the use of personal information, with criminals usually being able to use a persons name, age, and address to commit fraud. This information can be obtained in a number of ways – from hacking companies to stealing mail.
However, there could be a cure to this spreading disease, with biometrics touted by many experts as the solution to fraud. The standard way of protecting customers on websites is passwords, with many sites setting parameters and requiring numbers, different cases and special symbols. The more complicated the better.
However, password fatigue alongside the number of people duplicating the same simple passwords remains, with biometrics singled out as the most effective successor to passwords of old. Not only will biometrics tackle password problems, but it also offers greater defence against identity fraud.
“In an era where data is becoming the new currency, all personal data, be it used to shop online or bank accounts, needs to be properly protected. Cyber criminals are entrepreneurial, well-sourced and motivated. They’re capable at targeting areas where people may not be thinking too seriously about how their data is being protected, and thereby allowing hackers to get what they want,” said Bryan Campbell, senior security researcher at Fujitsu UK&I.
“The obvious thing to do is to create strong and varied passwords across each application. However, given the rising sophistication of cyber-crime, new technologies such as biometrics are set to rise. For some time now we’ve been familiar with biometrics as a way to unlock phones with a thumb print as one example, and as such consumers are increasingly warming to biometric authentication, even as a way of making financial transactions. There is no silver bullet for stopping identity fraud for good, but from contactless palm vein scanning to iris scanners; biometrics is essential for protecting both consumers and organisations in a data driven world.”
The case for biometrics as the best weapon for identity fraud is shared by many experts, with biometrics delivering to consumers wants and needs in the digital world. Not only will customers benefit, but biometrics will increase transparency across a business, equalling more efficient processes and increased consumer trust.
“Today’s identity fraud figures from Cifas highlight a growing trend that’s, unfortunately, affecting more people every day. While peoples’ desire for convenience often trumps security concerns, it’s clear that individuals need greater support to operate both conveniently and securely in an increasingly digital world,” said Paco Garcia, CTO at Yoti.
“Websites need to protect customers by giving them a better, safer way to create and access online accounts. Once websites overcome this secure login challenge, we’ll be on the way to overcoming the threat of ID fraud. In future, far more websites will use biometric authentication – a selfie, fingerprint or heartbeat – to verify the identity of users. Biometrics introduce better fraud detection, better identity management, better audit trails, better internal controls and, as a result of all of that, more trust from consumers.”
It would, however, to be foolish to think that biometrics is the one and only solution to the UK’s identity fraud epidemic. Instead, businesses need to address the epidemic from multiple angles, all the more important as we are less than a year away from GDPR.
Phil Beckett from Alvarez and Marsa advocates efficient patches, restricting administration privileges, multi-factor authentication, regular back-ups, application whitelisting and the disabling of Microsoft Office macros by default.
“More importantly than anything is not to get complacent or be ignorant of the threat. A good starting point on this is to perform a holistic vulnerability assessment based on one of the well-defined frameworks that provides an organisation with a benchmarked assessment of their controls and readiness as well as a path to improvement,” said Mr Beckett.
It is imperative that both businesses and individuals step up their game when it comes to security online as there is so much to lose – customers can lose their identity, while businesses can lose their reputation, customers and money.
Although there are a myriad of methods that can be taken to bolster security online, there is no denying the case for biometrics. The thing about identity is that it is unique, no two people are alike. In order to fight identity fraud, fight it with identity – a palm print, fingerprint or retina scan.