This apparently damning indictment on the morals of call centre staff and management working in the financial services industry stems from a surge of 31% in ID thefts during 2009, as compared to 2008. The CIFAS findings are gathered from the association's 260-plus members across industries including banking, retail and telecommunications.
The 48-page document – Fraudscape – from CIFAS claims to show that total fraud rose by 10% during 2009. CIFAS chief executive Peter Hurst said that the figures are just the "tip of the iceberg".
"At a time when every responsible member of society feels the strain of current economic conditions, the findings presented in Fraudscape reveal many of the problems and challenges ahead", he said.
Delving into the report shows that over 74% of identity fraud took place online in 2009, pushing this segment of fraud up by the headline rate of 31%.
According to Andy Ng, data loss prevention consulting manager with Symantec's EMEA operation, businesses need to be better protected against the dangers of the enemy within, particularly in industries such as finance and banking, where the value of the personal data held in online databases can be incredibly high.
Ng pointed to Symantec's recent `State of Enterprise Security' report, which found that 40% of businesses experienced a high number of internal, malicious attacks in 2009.
In addition, he said, a great deal of damage was also done unintentionally by staff, with 39% of IT managers surveyed saying it is a "high" or "extremely high" problem.
Ng noted that IT security was, for many years, focused on protecting against external threats and attacks.
"While those threats still remain, a more insidious threat – the malicious insider – has been steadily rising. The fact that cybercriminals are so well networked within UK businesses in order to bring about this kind of ID fraud, points to their increased professionalism and savviness", he said.
Because of the surge in ID theft fraud, Symantec is recommending that companies assess their policies and processes around employee access to sensitive data ensuring that they are appropriate for the employee's position and are enforced and regularly reviewed.
The veteran IT security vendor advises that data loss prevention solutions that offer protection at the end point, network and storage levels can also help.