As promised below is a very interesting subject from one of our guest bloggers - Graeme Forward.
As a fraud analyst sitting down to pen his first offering for a security blog it seems to me there is only one topic I can kick off with if I want to seem hip and with it and on the pulse – yes, I speak of course of identity fraud. Identity fraud is the current ‘du jour’ crime, a terrifying new plague where just a few minutes trawling through a wheelie bin arms your local hoodie with sufficient ‘data’ to steal your money, your friends and family, your cat, your dog, your tv remote, and most importantly your self confidence and self esteem. Or so your average tabloid would have you believe.
“This ID Fraud is a menace” I hear you cry, “why not have a whole week devoted to making people more aware of it?” Good idea. So they did. It was called National Identity Fraud Prevention Week (unsurprisingly) and ran last week (17th-23rd Oct). You didn’t miss it did you?
 |
| Who is using your identity? |
Now don’t get me wrong, I do think ID fraud is a problem, of course it is, and it’s only right that there are groups working to make people aware of how to prevent it. ID fraud does need to be put into perspective though. The reason it gets so much press is that it is one of the only large scale frauds which is perpetrated against individuals rather than businesses. Crime against business is rarely news.
ID fraud can take many guises but invariably the aim is to gain access to money by posing as another – thus making them responsible for it. (This begs the question why is it now possible for me to get a loan in less than 10 mins via an iPhone app or over the internet with precious little in the way of security checks? – the costs of this are already becoming apparent though, and this is a topic for another day.)
ID fraud is commonly perceived as a crime against an individual, but this is a matter for debate. If a victim of ID fraud has taken reasonable steps in their day-to-day activities to mitigate the risk then in the majority of instances the bank/building society etc will be responsible for picking up the bill, and so the party left out of pocket is rarely an individual. And with that we come to the crux. National Identity Fraud Prevention Week is not the selfless, philanthropic event it seemed at first glance – businesses understand that if they can get you to do all the hard work for them they can save themselves an awful lot of money. This is corporate fraud prevention on a national scale and I have to admit I’m impressed. Just as we were all starting to feel sorry for those poor banks again.
Worryingly, in this modern world of social networking, professional hackers and spyware, the main message to come out of National Identity Fraud Prevention Week was “get a shredder”. Conveniently, most of the companies involved in the awareness drive are able to supply you with one at a very reasonable price.
Overall, NIFPW didn’t quite achieve what it set out to. As so often is the case with these initiatives, it was the security and fraud professionals who were most aware of it – yet another case of our industries preaching to the converted. Unfortunately as with so many things, it’s not until someone becomes a victim of this kind of crime that they sit up and take notice, but by then it’s too late. So maybe fraud prevention on a macro scale isn’t quite as impressive as I first thought. Guess it’s back to the drawing board. Maybe we’d more successful if we stopped trying to preach to people and allowed them to use some common sense. Protecting yourself from ID crime is after all just about being aware and being sensible about what you do with your personal information, whether it’s online or on paper.
One final thought – There was one genuinely alarming statistic to come out of NIFPW. It seems that almost a third of all ID frauds are committed by someone the victim knows – most often a member of the family. Maybe NIFPW’s message should really have been – take your chances with the wheelie bin hoodies- rather that than leave your info lying around on the bottom of the stairs where your auntie or uncle might pick it up.
My top 5 tips to help prevent you becoming a victim of ID fraud:
- Be careful how you deal with credit/debit cards particularly when out and about. Never write down pin numbers or let your card out of your site when making a transaction.
- Think carefully about the information you display on social networking sites – your settings may only let your ‘friends’ see your information, but these 250 or so people you spoke to once at school 20 years ago are not always quite as ‘friendly’ as their supposed status would suggest
- Never give any bank details out in response to unsolicited phone calls or emails. Fraudsters are very good at forging documents or presenting themselves as a bonafide company, but your bank will never ask you to provide your pin no or the whole of your password.
- Don’t stress about it, just be sensible. Use your common sense and be mindful of how personal information could be interpreted or used.
- Get a shredder.
