RSS Alerts

Related Links

  • CIFAS
  • Symantec
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Card spending research reveals UK electronic fraud hotspots
    Research by the 3rd Man, an electronic fraud and security specialist, has uncovered some interesting statistics about cardholder-not-present transactions, as well as fraudulent mail order plus online card purchases in the UK.
  • UK should introduce data breach notification law, say Lords
    The UK should make banks liable for online fraud and follow US states in forcing organisations to notify victims of information leaks, according to a wide-ranging report published on 10 August by the House of Lords science and technology select committee.
  • Lloyds TSB turns fraud-detection software on staff
    Lloyds TSB has purchased pattern-recognition software from US vendor Actimize for detecting employee fraud within its retail banking operation. Use of such software is already common in financial services for spotting fraud in external transactions, such as credit card spending.
  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace
  • Serious Fraud Office warns on social networking data harvesting
    The Serious Fraud Office (SFO) has warned that Facebook and Twitter – two of the most popular social networking sites – are actively being used by criminals to harvest users' personal financial details.

News

CIFAS reports identity theft fraud soaring

09 March 2010

CIFAS, the UK's fraud prevention service, has reported a surge of almost a third in identify theft fraud during 2009, something that it says points to collusion between criminal gangs and staff working inside financial services companies.

This apparently damning indictment on the morals of call centre staff and management working in the financial services industry stems from a surge of 31% in ID thefts during 2009, as compared to 2008. The CIFAS findings are gathered from the association's 260-plus members across industries including banking, retail and telecommunications.

The 48-page document – Fraudscape – from CIFAS claims to show that total fraud rose by 10% during 2009. CIFAS chief executive Peter Hurst said that the figures are just the "tip of the iceberg".

"At a time when every responsible member of society feels the strain of current economic conditions, the findings presented in Fraudscape reveal many of the problems and challenges ahead", he said.

Delving into the report shows that over 74% of identity fraud took place online in 2009, pushing this segment of fraud up by the headline rate of 31%.

According to Andy Ng, data loss prevention consulting manager with Symantec's EMEA operation, businesses need to be better protected against the dangers of the enemy within, particularly in industries such as finance and banking, where the value of the personal data held in online databases can be incredibly high.

Ng pointed to Symantec's recent `State of Enterprise Security' report, which found that 40% of businesses experienced a high number of internal, malicious attacks in 2009.

In addition, he said, a great deal of damage was also done unintentionally by staff, with 39% of IT managers surveyed saying it is a "high" or "extremely high" problem.

Ng noted that IT security was, for many years, focused on protecting against external threats and attacks.

"While those threats still remain, a more insidious threat – the malicious insider – has been steadily rising. The fact that cybercriminals are so well networked within UK businesses in order to bring about this kind of ID fraud, points to their increased professionalism and savviness", he said.

Because of the surge in ID theft fraud, Symantec is recommending that companies assess their policies and processes around employee access to sensitive data ensuring that they are appropriate for the employee's position and are enforced and regularly reviewed.

The veteran IT security vendor advises that data loss prevention solutions that offer protection at the end point, network and storage levels can also help.

 

This article is featured in:
Application Security Compliance and Policy

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water