Rise in facility takeovers reveals need for better fraud education as fraudsters target customers and staff
10 May 2017
Today, Wednesday 10 May 2017, Cifas, the UK’s leading fraud prevention service, has released a new report detailing the fraud trends from over 325,000 fraud cases recorded in 2016. The data, from 387 organisations, including many major UK brands, is one of the most comprehensive pictures of fraud and fraudulent attempts made in the UK.
Key findings from our annual report Fraudscape include:
- Over 325,000 (325,092) internal and external fraud cases were recorded in total, up from 321,092 (1% increase) in the previous year
- Organisations successfully prevented £1.03 billion in fraud losses through non-competitive data sharing
- Identity crimes (identity fraud and facility takeover) remain the biggest threat, representing 60% of all fraud recorded
- Facility takeovers increased by 45% from 15,497 to 22,525
- Over 50% of the facility takeovers recorded were enabled over the phone, typically to call centre staff
- 88% of identity frauds were committed online, compared to 30% of facility takeovers occurring online
A facility takeover happens when a fraudster poses as a genuine customer, gains control of an existing account and uses it for their own ends – such as making transactions or ordering new products or product upgrades. Any account can be taken over by fraudsters, including bank, credit card, telephone, email and other services.
The increase in facility takeover, particularly those committed over the phone, is a sign that, as security for customer accounts has increased, criminals target individuals instead and trick them into revealing personal details. For this fraud to be successful over the telephone, fraudsters must have obtained enough of their victim’s personal and security information (for example date of birth, address, details of bank or other accounts and sometimes passwords) to convince the person on the other end of the phone that they are actually the genuine person they are impersonating.
Fraudsters will collate personal data and identify targets in a variety of ways, such as data breaches, social media footprints and other open source information. In order to get hold of the level of detailed information needed to conduct a successful takeover, fraudsters will often then contact their victims directly and manipulate them into revealing yet further personal details. Once they have enough personal data, fraudsters go on to call the bank, phone retailer, or service provider armed with enough information to convince call centre staff that they are their genuine customer.
Cifas Chief Executive, Simon Dukes said:
“Working together, organisations prevented £1 billion worth of fraud last year, but we know that as one method gets harder, fraudsters change tactic rather than stop. We are now seeing that the advances made in securing online access to customer accounts have led to fraudsters targeting the human being at the end of the phone.
“Using old-fashioned but highly-effective con artistry, they are tricking individuals into giving away their personal details and deceiving call centre staff into making transactions on their victims’ accounts. The proliferation of personal data that is available either online or through data breaches only makes this easier.
“When people are targeted, education is key and we urge the next government to do more to ensure that individuals know how to avoid these tricks and can recognise the signs of a scam. Organisations, too, must focus on education for call centre staff and ensure they make the most out of new technology.”
City of London Police’s National Coordinator for Economic Crime, Commander Dave Clark said:
“Whilst national reporting of fraud and cyber crime has some way to go in representing the true scale and threat to our citizens and businesses in the UK; I welcome the stark reality that Cifas’ Fraudscape figures show from their member organisations.
“There are clear indicators in Fraudscape as to the key enablers of fraud being exploited by criminals; such as the telephone, online targeting and the fraudulent use of identity. The City of London Police and Cifas will continue to work with cross sector partners to pursue and disrupt fraud whilst also providing the most up to date protection advice to citizens and businesses."
Anyone can be a victim of fraud and with a General Election only four weeks away Cifas is asking that the next Government makes tackling fraud a priority by adopting three key measures:
- Fraud education should be in the national curriculum. Cifas wants to see every child from Key Stage 3 onwards receive consistent education on how to protect their identities online and protect themselves from fraud. Our data shows that young people are increasingly at risk from identity fraud.
- Tackling fraud should be a strategic priority for UK policing. The latest Office of National Statistics crime figures showed that almost half of all crime is fraud, and Cifas figures show that 66% of frauds recorded by our members is cyber enabled. We want to see the next Government earmark funding and give a clear policy steer to law enforcement that tackling this high volume crime needs to be a priority.
- Conduct a comprehensive review of the sentencing guidelines for fraud. Currently the maximum sentence for fraud is seven years. Compared to other offences where theft of money takes place, fraud has much lower sentences.
Cifas supports the Take Five campaign which asks consumers to help protect themselves from financial fraud by remembering some simple advice:
- Never disclose security details, such as your PIN or full password - it’s never right to reveal these details.
- Don’t assume an email request or caller is genuine - people aren’t always who they say they are.
- Don’t be rushed – a bank or genuine organisation won’t mind waiting to give you time to stop and think.
- Listen to your instincts – if something feels wrong then it is usually right to pause and question it.
- Stay in control – have the confidence to refuse unusual requests for information.
Notes to editors
For more information or if you would like a copy of Fraudscape, please contact:
T: +44 (0)20 3004 3609
M: +44 (0)753 553 7229
Table 1 - Year on year breakdown of identity crimes (identity fraud and facility takeover fraud)
Table 3 - Regional breakdown of 2016 recorded fraud
Yorkshire and the Humber
Total identity crime
% identity crime for region
Cifas aims to make the UK a safer place to do business, by enabling organisations in every sector to prevent fraud and protect the public through the sharing of confirmed fraud data.
We are a not-for-profit organisation with over 380 member organisations spanning the public and private sectors. In 2016 alone, our members prevented over £1 billion of avoidable fraud losses by using our databases. We also offer Protective Registration for individuals whose identities are at risk of being used fraudulently, for instance after a burglary.
Our Protective Registration service is offered free of charge to local authorities to protect vulnerable people – those under the care of Court Deputies who are unable to access financial products and whose identities may be at risk.
Back to newsroom >
Company directors at greater risk of identity fraud – Cifas and LexisNexis® Risk Solutions report reveals
15 June 2017
A new report by Cifas and LexisNexis highlights that 19% of identity fraud victims are company directors – one of the most at-risk groups for this type of crime.
Identity fraud reaches record levels
15 March 2017
Cifas figures show identity fraud has hit the highest levels ever recorded – with a large percentage of financial product applications taking place online.