In the wake of the latest CIFAS report, and in honour of National ID Fraud Prevention Week, Brian Sims offers some perspectives on what companies and consumers might do to ensure personal details remain the preserve of their rightful owner.
During my hugely enjoyable secondary school years I used to watch Police Five. You remember… That five-minute slot of (relatively) prime time TV on a Saturday in which bespectacled, officious looking actor-turned-presenter Shaw Taylor would cajole members of the public into helping the police service solve crimes.
The Hackney-born former RAF servant and RADA-trained thespian – whose other claim to fame is that he was the first DJ to interview The Beatles – used all manner of devices to do so, including silhouetted figures (complete with fulsome descriptions of same courtesy of police officers who knew not which way to turn) and still images of crime scenes.
To round it all off, there was that classic catchphrase “Keep ’em peeled” (accompanied by a knowing index finger jabbed close to both eyes before pointing screenward). Sublime. Absolutely sublime. You didn’t mess with Shaw Taylor, that’s for shaw [sic].
While fronting Police Five, Shaw – who, at the veteran age of 84, now has his own blog, would you believe – still found the time to present other programmes (among them a motoring magazine entitled Drive-In and the profoundly middle class enticement to Try Bridge with Shaw Taylor).
The latter eventually resulted in him being invited to partner Omar Sharif in an international Bridge contest… Taylor politely declined, perhaps not wishing to find himself on the sharp end of a scimitar if he ever dared to beat The Great Man in front of a live audience.
Laying the foundations for CrimeWatch
Anyway, Police Five famously ran from 1962 right through until 1992 and, to all intents and purposes, laid the very foundations upon which CrimeWatch (latterly with Nick Ross), Police Camera Action, Street Crime UK, Traffic Cops et al that we see on screen today were built.
Make no mistake. The premise of this ATV programme that later transferred to its successor London Weekend Television (at least in part so that Shaw could be filmed next to the gargantuan revolving Rubik’s Cube outside New Scotland Yard for maximum effect) was nothing less than a sensational idea in the 1960s. This weekend slot on The Magic Rectangle was indeed London-centric and not networked, although ATV did run a separate Midlands edition on weekdays.
As a young lad mad keen on football (a passion that I’ll never lose), I can’t say that I ever watched Police Five for any other reason than that it was a necessary ‘stepping stone’ – not to say hurdle – towards my evening meal with the folks, some kind of ‘light entertainment’ (God forbid it be Seaside Special, though… that was car crash TV) and then the fulcrum of my Saturday night: Match of the Day (at the time fronted by The Chinned Fulham Wonder that is Jimmy Hill).
Today, it’s a different story. Literally. I watch pretty much all of the fly-on-the-wall police and security-related programmes, among them Nightwatch (ably hosted by ITV News presenter Steve Scott with his impossibly white gnashers, and usually broadcast into the small hours).
Well, I make no apologies for that fact that I never really switch off from being a security professional. Once the crime-fighting and security bug has gripped you it’s there for life, isn’t it?
Anything to declare, Sir?
So it was no surprise when, on Monday this week, I happened across the televisual feast on the Living channel that is Nothing To Declare. Another fly-on-the-wall documentary, this time assiduously following the men and women who determinedly defend Australia’s borders from drug runners, smugglers, terrorists and all other forms of n’er-do-wells.
Fascinating it was, too. One holidaymaker arriving in the country from America was most aggrieved when the authorities had the brazen affrontery to ask to search his bags after he’d declared an intent for a significantly long stay, and yet had little funds about his person (or in his bank account) with which to pay for it.
The bloke said he’d never go back to Australia again, and that the whole experience had left “a sour taste” in his mouth (although judging from his accent I don’t think he was a member of the ECB looking forward to another 5-0 drubbing in The Ashes).
Presumably, this guy would rather the Aussie customs officers just let any miscreant in to rob, rape, steal and pillage, and perhaps blow half the continent to Kingdom Come at some point for good measure?
This kind of attitude beggars belief, it really does, and yet we see it manifested on Airline and other airport-related programmes all the time by people who are nothing but ignorant in the extreme.
While the polite and efficient officials and police stationed at Border Control were checking this bloke’s passport, I thought back to an article I’d written that very morning on SMT Online heralding the start of National ID Fraud Prevention Week (which runs until this Friday).
Do you know that, in the first nine months of this year, there have been 59,000 recorded victims of impersonation? To put this into perspective, that little sum isn’t far off equalling the total for the whole of last year (recorded at 62,658). Putting it mildly, that’s pretty scary.
In short, this means that – according to fraud prevention service CIFAS latest study – the curse of ID fraud has increased by more than one third in 2009 in comparison with the same period last year. It also means that the UK is currently experiencing the highest numbers of ID fraud throughout Europe.
Online purchasing and customer carelessness
Account takeovers – whereupon a third party hacks into an existing bank account rather than creating a new and legitimate one – have more than tripled in the last two years alone. Over half of all account takeover victims, meanwhile, discovered that they’d had their credit cards targeted, with both online purchasing and customer carelessness being blamed for the increase.
From what I can gather, customer carelessness with personal details is a fair accusation to level (I’ll touch on this in due course), but what about the responsibility for online purchasing? Is that really the fault of the consumer?
In today’s world we’re pretty much forced to buy certain goods – concert and airline tickets and, to some extent, music and household goods, etc – online. That’s not the fault of the consumer (and particularly not so if the vendor’s systems are insecure and thus open to widespread abuse by Johnny Hacker down Templeton Road).
Surprise, surprise. On first inspection, the CIFAS report duly reveals that many companies responsible for handling sensitive customer data do not always pay due care and attention to what they’re doing, with a third of employees questioned admitting to throwing risky information in the bin rather than shredding it (and shredding it securely by procuring the services of a recognised, bona fide document destruction company such as those belonging to the BSIA’s excellent Information Destruction Section).
Interestingly, the report – appropriately entitled The Anonymous Attacker – reveals ID crime ‘hot spots’ across London and the rest of the UK. Apparently, the area harbouring the most victims of ID theft in the Capital is Barnet, with south east London blighted to the tune of 2,680 incidents so far this year.
High numbers were also reported in Birmingham (where, so far this year, there have been 2,111 cases of ID fraud). Barnet (again) ‘enjoys’ the highest number of account takeovers, being equal in ‘status’ to occurrence levels across the London Boroughs of Wandsworth, Lambeth and Croydon.
Nationwide, Wales has the least number of reported ID fraud cases and south east England the highest. No great surprise there, although coming in the wake of what the morally bereft bankers and politicians have done in recent times you’d be forgiven for thinking there were no funds left to steal.
“Fraud is an insidious crime,” comments CIFAS chief executive Peter Hurst. Indeed so, and none more so than when it’s seemingly perpetrated by those who purport to govern the nation.
I feel strongly that the whole expenses scandal really is the straw that has finally broken the camel’s back as far as the UK’s voting public is concerned, as I’m sure will be proven at the General Election next summer when Joe Public stays at home rather than making the trek to the Polling Station to pledge allegiance.
Taking steps towards protection
Commenting in the CIFAS report, Hurst continues: “Not only does ID fraud affect consumers and businesses from a financial perspective, but also its impact in terms of reputation, trust and time are unquantifiable. Fraud prevention is a shared responsibility, and must become a shared duty across both private and public sectors.” That last point is so true.
However, although most people know about ID fraud, the CIFAS research alone shows that consumers and businesses are neither aware of – nor taking – the steps they could (and should) be to fully protect themselves.
National Identity Fraud Prevention Week is a nationwide effort to help in the battle against this type of fraud. The dedicated website offers a range of resources to help you and/or your business avoid the costly and debilitating effects of such criminality. You can even sign up to receive tips and updates on the best ways to protect yourself.
It’s easy, so do it now (but not until you’ve finished reading what I have to say on the matter!)
Corporate identity fraud is said to occur ‘when a false corporate identity or another company’s identity details are used to support unlawful activity’. In the real world, this can entail anything from stealing a corporate logo to setting up a false website.
At its extreme, corporate ID fraud might involve theft on a massive scale, such as selling property or even assuming the identity of a major corporation.
In such cases, of course, there could well be substantial damage inflicted, not just to partners who deal with the company, but to the company’s most valuable asset – its brand/reputation. As Companies House duly notes, you’ll only need to lose your company once.
Safeguarding the individual from ID fraud
Personal ID fraud is said to have occurred when an individual’s personal information is appropriated in a fraudulent manner and subsequently used by someone else without their knowledge to obtain credit, goods or other services. It can even extend to securing a passport in their name.
To date, in the UK alone there have been 4.3 million victims of ID fraud. As such, it’s important that all of us understand – and make a point of finding out – exactly how fraudsters can lay their hands on our private information. By doing so, we can take the necessary steps to protect ourselves, our families and work colleagues.
A quick assessment of how much we are at risk of ID fraud may be determined by taking an online risk assessment test.
According to the National ID Fraud Prevention Week website, education and awareness is the first important step. “It’s critical that companies have a clear policy in place, and can easily explain to staff the ways in which they can contribute to protecting their identities and that of the company,” states the site.
The steps you might like to take in your company are many and varied.
First of all, if you haven’t done so then register with Companies House immediately, and make sure you sign up to its PROOF and Monitor services (which will help to prevent fraudsters changing the names of directors and effectively ‘hijacking’ the company).
Always make sure that you and your members of staff properly destroy unwanted information. Use a cross-cut or microshred shredder (more of which anon), and don’t forget to shred CDs and DVDs.
Ensure that all employees are fully informed about the myriad risks posed by ID fraud criminality. Create a clear set of guidelines and procedures for staff (perhaps as part of an ongoing programme initiated by the Human Resources Department) concerning the handling, storage and sharing of sensitive information, both online and offline.
Wipe clean information on old computers before disposing of them, and always check the identity of customers. Both business and consumer credit reference agencies offer a wide range of solutions to authenticate and verify that given customers are indeed who they claim to be.
Check references, qualifications and past employment records with total thoroughness. A rapid-fire CV check may not be enough, and the same goes for any partners and vendors with whom you enter into contracts before you sign on the dotted line. Crucially, make it known that you will not blame people if they approach you with concerns.
Dial-in to Companies House on a regular basis
Check your Companies House registration regularly and, if it changes, you need to take steps as soon as is practicably possible. Encourage a ‘clear desk’ policy, and remember that being professional with your corporate identity is as important as being professional in every other aspect of your work.
Network administrators must change their master passwords while the ‘ordinary’ workers are changing theirs. Research often shows that while the the latter change their passwords quite assiduously, those in charge of the whole shooting match often don’t bother. That’s not good enough.
Keep all sensitive information as secure as you can – don’t put ANY of it (such as the aforementioned directors’ signatures) online.
It’s also a good idea to protect and secure all post (assuming, of course, that members of the Communication Workers Union ‘toiling’ for their master Royal Mail can actually be bothered to deliver it in the first place). Fraudsters may attempt to redirect your company mail or that of a vendor or partner, so be on the look-out all of the time.
If he or she is doing their job properly, the IT manager in your organisation ought to be protecting you from any online threats, but be sensible if your company does allow you to use social media ‘engines’ such as Facebook, MySpace, Twitter, etc (incidentally, you can follow the progress of National ID Fraud Prevention Week and the ongoing fight against fraud on Twitter).
Make a point of asking about your company’s policy on the matter. What I would say is that the website Getsafeonline.org offers some excellent advice on keeping your details private on social networks.
Constant vigilance is the key
By all means be vigilant at all times. Beware of anybody who contacts you unexpectedly and asks for personal information or account details (even if they claim to be from your bank, the police service or another official organisation such as your local Borough Council).
Ask for the individual’s name and a contact number, and then check with the central organisation in question before calling back.
Only this week I was sent a very dodgy-looking e-mail purporting to be from United Business Medias central IT Department. It waxed not so lyrical about a server upgrade, and directed me towards a web link from which I could download security patches.
My suspicions were immediately aroused when I noted the grammar within said communication was none-too-clever. Maybe it was sent by one of the many thousands of school pupils who miraculously gained five A grades in their A Levels this summer while barely being able to spell their own name?
Anyway, I passed on said missive to a member of the IT team and, as I suspected, it hadn’t been sent by them. The point is that vigilance really is the key. If something looks odd then it probably is odd.
Guard your debit and credit cards with your life (just like I do!). Minimise the information and the number of cards you carry in your wallet. If you should happen to lose a card, contact the fraud division of the relevant credit card company immediately. Don’t wait until you get home or whatever.
Similarly, if you apply for a new credit card and it doesn’t arrive within either a reasonable timeframe or that specified by the bank, contact the issuer.
On that note, it always amazes me how the banks send out a new debit or credit card. They stick them in a standard envelope, making it obvious what’s inside. Anyone could steal it (there are plenty of reported cases of unscrupulous postmen doing so), and the PIN along with it.
The envelopes don’t even have to be signed for by the intended recipient. Surely the banks can do better than that?
Watch out for the card skimmers
Sticking with the debit and credit card theme for a moment, always keep your eye on waitresses and waitors in restaurants and sales assistants in shops when you give them your card for a purchase, and make sure you can see your credit card at all times.
It’s a known fact that restaurants and petrol stations are notorious venues for card skimming, although that problem has been eased a little thanks to the introduction (and portability) of Chip and PIN machines.
As is the case for businesses, it’s important for all individuals to shred sensitve documents. It’s the best way to ensure that criminals (and over-zealous Council mandarins) cannot build up a profile of you based on the information you stick in the bin.
As I said earlier, invest in a powerful cross-cut shredder (it was the first thing Annora and I bought when we moved into our new house last year). They’re brilliant, and afford you peace of mind by cutting paper into small, confetti-like pieces.
You might think that unwanted ‘spam’ mail containing money off vouchers, etc from Homebase or wherever isn’t important, but the fact that the header letter contains your address details makes it so.
It’s also a good idea to check your credit report regularly through an organisation like Experian to ensure no accounts or false credit arrangement has been illegally set up in your name.
Thereafter, regular monitoring of your credit report will swiftly alert you if someone has been using your identity to obtain credit, ensuring you can not only rectify your credit report as soon as possible but also stop the fraudster in their tracks (and, hopefully, see them prosecuted).
Keep your personal documents safe at all times. Store your passport, driving license, bank statements or utility bills in a safe place (preferably a metal, fire-proof, lockable file holder). On the same theme, limit the number of documents you carry around with you that contain your personal details.
Under no circumstances should you have personal documents in your car when you’re not in it. That’s just asking for trouble, and particularly so if you inadvertently leave them on display.
Going on holiday or the Internet
If you’re planning on being away from home either for a holiday or an extended period due to work commitments overseas, contact Royal Mail about its Keepsafe service. This holds all of your mail for up to two months, with immediate delivery (in theory, anyway) upon your return.
If you use the Internet at home – and most of us do these days – then for goodness sake make sure you have the latest security patches and up-to-date anti-virus software installed.
As I said, social networking has become enormously popular over the last few years, pretty much to the extent that anyone with a digital camera and a keyboard thinks they’re (respectively) David Bailey or Dan Brown. They’re not, but that’s another story.
In truth, you can easily avoid the risks and enjoy social networking sites by following a few sensible guidelines.
Don’t let peer pressure – or what other people are doing on these sites – force you into doing something you’re not in any way comfortable with. Just because other people post their mobile phone number or details of their birthday on the Internet doesn’t mean you have to do the same. They’re the stupid ones.
Most important of all, be wary of publishing any identifying information about yourself. In particular things like pictures of your home or workplace, your address details or even your full name.
I’m astonished by the idiots who think it’s clever to upload photographs while on holiday in some far flung corner of the globe. That pretty much invites thieves to target their nice little abode in suburbia. Then those same Flickr addicts wonder why, when they return to Blighty, their home has been ransacked and all of their valuables have somehow vanished into thin air.
It’s also a good idea to establish a separate e-mail account that doesn’t employ your real name. Use this to register and receive e-mail from your social media networking site. That way, if you want to shut down your connection, you merely cease using that mailing account. This is very simple and quick to do by way of e-mail providers like Hotmail or Yahoo!
What goes online stays online
Remember too that, although the web may seem like a transient medium, it isn’t. As is the case with print, what goes online generally stays online (the initial cached item will at any rate).
Don’t say anything or publish pictures that might cause you embarrassment at a later stage. As a general rule, if you wouldn’t say it to your boss or your grandmother, don’t ‘voice’ certain sentiments online.
Posting pictures of yourself cavorting naked on a beach in Spain probably isn’t a good idea, and neither is loading images of a bloated and drunken night out in town. People have lost their job, career and/or all self-respect over this type of pseudo ‘journalism’, so be warned.
Back on core topic, I’d thoroughly recommend that you download the new CIFAS document. It’s well worth a read, and could save you or your business so much grief.
Until next time…