New YouGov survey reveals UK perceptions of identity fraud

This week a YouGov poll, commissioned by Equifax, and supported by City of London Police and Cifas has revealed some interesting findings around the extent to which people take steps to protect themselves, and how at risk they feel from identity fraud. 

The research shows that there is more to do in terms of helping consumers protect their personal information online. For instance, 40% of people still don’t have anti-virus software on their device and 27% of people admit to using the same password for multiple accounts. These numbers need to be lower. There were, though, two aspects of this research that I found particularly interesting. 

Firstly, when asked how someone thought they would first find out about having been a victim of identity fraud, where new accounts for products or services were opened in their name, 38% thought they would find out when they checked their bank account and another 23% thought they would find out when their bank told them. That’s 61% of people that think impersonation is solely to do with their bank and directly affects their bank account. 

This shows there is a fundamental lack of understanding about the scope of identity fraud – that their details could be used to obtain a mobile phone contract, for example – and that this is not something that is within their bank’s gift to either identify or do anything about. 

Equally, their bank would not know if their customer’s details had been used to open another bank account with a different bank. This raises the question around whether we as the fraud prevention industry have done enough, not just to inform people what they can do to protect themselves, but what they are actually protecting themselves from. And, as an extension, what they can expect if they are a victim. We are clearly not getting these messages across well enough. 

The immediate impact of being a victim of impersonation can be reduced if the person knows from the outset what the implications are and what to expect, not after they’ve gone through a period of frantic internet research.

The second finding that I thought telling was that 52% of people stated that they wouldn’t be willing to share their personal information with an organisation that had been known to have lost customer data under any circumstances. Another 32% would only do so if the organisation had taken steps to ensure that it didn’t happen again. 

While I treat this with a degree of caution (for instance I wonder about the extent to which an individual’s commitment to the protection of their personal information would stand firm in the face of a compelling customer offer), nevertheless I think that this is something that organisations everywhere should take note of. 

Data security has to be a board level priority because an organisation’s potential new customer base could be halved in the event of a breach. Any organisation that wasn’t already giving concerted attention to data security in light of the potential fines outlined in GDPR now has an additional incentive to reconsider their stance. 

An organisation that is able to evidence remedial action, however, stands a much better chance of swaying those who may be prepared to give them the benefit of the doubt.  The message from consumers here is clear: losing data will not be tolerated, but the damage can be mitigated by being open about the steps taken to address identified shortcomings.

These findings, together with the others from the research, show that there are a number of facets to the identity fraud problem where there is more to be done. We need to ensure that we let people know that their concern about the security of the information which they entrust to organisations is a high priority, and that everyone is playing their part. 

We must help individuals understand the nature of the threat and therefore be able to make more informed decisions about protecting and monitoring their identity, free of any misconceptions. 

And, of course we must continue to make people aware of the steps that they should be taking to protect their identity from abuse by fraudsters, and for this reason Cifas welcomes the City of London Police #AreYouOneofThem campaign.