1. Identity Theft
Helen Lord
Experian

2. Content Background about Experian What is Identity theft?
Is there a problem
ID Fraud victims
How does it happen
Ways to protect yourself
Credit Card Fraud

3. What kind of decisions? Whether a credit application is fraudulent
Whom to select for a new gold card
What premium to set for an insurance policy
Where to locate a new retail store
Which company to trade with
Whether to accept or reject a credit application and what credit limit to offer
Which pages to show to a web site visitor
Whether a second hand car has been stolen or written off

4. What we do Consumer credit databases Direct to consumer
Business databases
Scoring
Risk management
Application processing
Account processing
So, we have three key activities, each of which supports and drives the other two. Clearly, within each area we have a number of specific products and services which are shown on this slide to help illustrate our key capabilities.
Marketing databases
Automotive, insurance and
property databases
List enhancement
Database management
Micromarketing
Customer Relationship
Management (CRM)
Cheque, debit and document processing Call centres

5. Our major client sectors
Financial Services
Retail and Catalogue
Automotive
Insurance
Telecomms, Energy and Cable
Government
Leisure

6. Some of our clients ABN AMRO Bang & Olufsen Bank Renaissance Capital
Barclays
Barclaycard
BNP Paribas
Brasil Telecom
Capital One
China Trust Commercial Bank
Commerzbank
HBOS
Hilton International
HMV
Honda
JCB
Kookmin Bank
LEGO
M&S Money
MAX BAHR
MBNA
Morgan Stanley
Commonwealth Bank of Australia
Coors Brewers UK
Direct Line
Egg
France Telecom
GE Consumer Finance
Pendragon
Powergen
Royal Mail
Societe Generale
Standard Bank SA
UNICEF
Yahoo!

7. Company profile Annual sales in excess of £1.4 billion
12,000 people worldwide
Offices in 28 countries
More than 50,000 clients in over 60 countries
Part of the GUS Group

8. Our parent company – GUS plc
UK’s largest non-food retailer
Argos Retail Group
Leading global information services company
Experian

9. Our structure GUS plc Experian Group Argos Retail Group
Experian Americas
Experian International
Experian-Scorex
Experian UK/ Ireland / Northern Europe
Experian Rest of World
Management team: Chief Executive Officer Don Robert Chief Executive Global Operations John Saunders
Operating businesses: President, Experian-Scorex Roger Aubrook Managing Director, Experian UK/Ireland and Northern Europe Richard Fiddis Managing Director, Experian Rest of World Nigel Fine Chief Executive Officer, Experian Americas Chris Callero

10. Our structure Experian Americas Experian International Experian Group
Experian UK/ Ireland / Northern Europe
Experian Rest of World
Experian-Scorex
Business Strategies
Marketing Services
Management Systems
Information Solutions
Corporate
Direct to Consumer Business
Ireland
Northern Europe
Commercial Business
Insurance Services Business
Fraud Solutions Business
Consumer Business
Automotive Business

11. Experian, a global company:
Argentina
Australia
Austria
Belgium
Brazil
Canada
China
Denmark
Finland
France
Germany
Greece
Hong Kong
Ireland
Italy
Japan
Monaco
The Netherlands
Norway
Russia
Singapore
South Africa
South Korea
Spain
Sweden
Turkey
United Kingdom
United States
Countries in which we have offices:

12. Experian, a global company
North America
Costa Mesa
Lincoln
Schaumburg
Dallas
Atlanta
Parsippany
New York City
Toronto
Latin America
Sao Paulo
Buenos Aires
Asia Pacific
Shanghai
Sydney
Melbourne
Hong Kong
Tokyo
South Korea
Africa
Johannesburg
Europe
Nottingham
London
Edinburgh
Dublin
Paris
Hamburg
Vienna
Milan
Rome
The Hague
Moscow
Stockholm
Madrid
Monaco
Istanbul
Copenhagen
Athens
Oslo
Experian people numbers: Experian North America = 5, Experian UK = 3, Experian Rest of World = 3,500

13. Statutory obligations
Provision of a credit report within seven working days subject to authentication
Resolution of any credit report related queries

14. Credit reports Electoral roll Court judgments and bankruptcies
Credit account information
Previous searches
CIFAS
Goneaway information
Address links
Financial associations and aliases

15. What is Identity Fraud?
“Identity Fraud occurs when the perpetrator knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit an act that constitutes a violation of UK law.”
Source Identity Fraud - The UK Manual
“Identity fraud is the use of a misappropriated identity in criminal activity, to obtain goods or services by deception. This usually involves the use of stolen or forged identity documents such as a passport or driving licence.”
Source CIFAS

16. What is Identity Fraud?
Stealing someone’s identity by various means, using name, date of birth and sometimes address details to apply for credit facilities.
Account takeover, previous address fraud
The creation of a brand new identity.
Where has the individual come from? We are seeing a lot of cases whereby an individual has no previous history – where have they come from, have they really been abroad for the past 3-4 years???

17. Is it a problem?

18. Is it a problem?

21. Bust-out Fraud: Supporting Terrorist Financing
The broker then passes the money onto the player. The player is a major figure in terrorist financing.
The player will deposit the funds he has received from the broker into a bank account. This can be a personal account, but is more likely to be either a business account, or an account linked to a charitable organisation.
The money will then either be sent to a foreign account by wire transfer, or will be added to a Paypal account, so that it can be accessed anywhere, by anyone with the user id and password.
The money can then be used for whatever purpose the terrorists see fit. It could be used, as in 9/11 for flight training, or it could be used to procure arms and armament for training camps. However it is used, it will be aimed at the Western world and their allies.
Unfortunately, the deals arranged by the broker are not legitimate ones. He passes on the credit cards he has received to dishonest merchants, known as bust-out merchants, who have agreed to put fraudulent transactions through their accounts for the broker.
The credit cards they obtain are then passed onto the broker, who, as his name suggests, arranges deals.
It all starts with the terrorists, or their associates, attempting to obtain credit cards. This is done either through Identity theft to create new accounts, or by threatening individuals, like international students, to hand over genuine accounts when they leave the country.
When the bust-out merchant receives payment for the transaction from the credit card company, he transfers the money that he has received to the broker, minus his fee for processing the transaction, which is normally around 10%
In this example, he will therefore return £900.
Each bust-out merchant will put through an invented charge for a large value through his account with any credit cards they receive. In this example, it will be £1000.
The credit card company will process the fraudulent transaction in good faith and return the sum of the transaction back to the merchant.
This information was derived from investigations made by the FBI into terrorism post 9/11. It involved examining not just how the actual attacks were planned, but also how they were funded. It is now applied for stopping the flow of money for further potential attacks.

22. Developed identities Attempts to obtain credit reports and monitoring
Indicators
new voters roll
current account/credit card/personal loan
multiple identities
addresses in similar street/location
Documentation in place
Spanish, Belgium, Pakistani, French, Syrian passports

23. ID websites www.nextdayid.co.uk www.uwantid.co.uk www.phidentity.com

26. Establishing the Identity
Voters roll
published for viewing at the local library
Form ‘A’s come pre-printed
Local authority checks are minimal

27. *Deceased identity fraud
*Source - CIFAS

28. Popular Names Chloe Sophie Hannah Deborah Patricia Dorothy 5th Olivia
Jessica
Charlotte
Jacqueline
Joan
Edith
4th
Sophia
Megan
Karen
Mary
Doris
3rd
Emily
Lauren
Julie
Jean
Florence
2nd
Rebecca
Susan
Margaret
1st
Females
Oliver
Joshua
Matthew
John
David
Arthur
James
Daniel
Mark
Brian
Thomas
Jack
Andrew
William
George
Paul
Peter
Males
2005
1999
1994
1964
1934
1904

29. Types of Fraud Previous address fraud Current address fraud
Forwarding address fraud
Account takeover
Card not present
Money Laundering

30. Previous Address Fraud
Not usually the organised gang, but the opportunist.
Very easy to commit – the victim looks as though they still reside at the address.
Voters Roll still current.
Accounts still at the address.
Address links not yet created.
Mail not on redirect.
Junk mail received.

31. Current Address Fraud Fraud committed by someone at your own address.
Partner
Tenant
Shared mailboxes
Mail Interception

32. Forwarding Address Fraud
Your address is used as the applicant’s previous address.
The applicant’s current address is a ‘drop address’ quite often somewhere you wouldn’t choose to visit.

33. Account Takeover
A fraudulent change of address is accepted by a company.
Insiders changing account details.
Phishing and bogus calls enable access to accounts with the correct password and security details.
New cards intercepted in the post
The account is used by the fraudster who asks for new cards to be issued to the new address.

34. Card Not Present
The card and customer are not present at the point of sale.
Transactions take place over the internet or by telephone.
CVV code not asked for – the digits on the card signature strip.
Card could be cloned or skimmed.

35. Money Laundering
Money that is illegally obtained being cleaned up and made to look legal.
Large cash deposits going into a bank account through a company and then being taken out by cashpoint.
Businesses set up purely to balance cash flow.
Consumer Operations see suspicious activity on some bank statements.

36. Information sharing Full members of CIFAS
Loading fraudulent applications (Category 1, 2 and occasionally 3, 4)
Innocent party reports
Credit reference agency fraud circle
highlight current activity
dubious disassociation requests
Police liaison
credit report requests
S29’s

37. What is CIFAS?
Founded by major UK lenders in 1988 when it was accepted that fraud prevention is a non-competitive issue.
Enables members to share known fraud to help prevent fraud and to protect innocent consumers.
Currently have 122 members from all sectors, including:
banking/credit cards
mortgages
telecomms
insurance
mail order
credit reference agencies
Insurance services such as Credit Expert partners

38. Category 0 – Protective Registration
Category 0 (Protective Registration) - This is registered at an individual’s own request. They may have had documents stolen and wish to protect themselves.

39. Category 1 – Use of a False Name
Category 1 (use of a false name) - A name of an individual has been used despite the fact that they do not currently reside at the address. The name used could be that of a former occupant, an individual who is deceased, or could be completely bogus.

40. Category 2 – Victim of Impersonation
Category 2 (Victim of Impersonation) - Another individual has used a genuine person’s name and/or address details.
If a genuine party can be located a category 2 must be added and a letter sent to them.

41. The name is Bond ...
Derek Bond, a retired civil engineer, found out for himself how insidious modern fraud can be. As he stepped on to the tarmac at Cape Town airport, the 72-year-old grandfather of six was arrested and thrown into jail. That he could have been mistaken for one of the FBI's 'most wanted' was worrying enough. Despite enjoying an impeccable reputation in his home town, it took three weeks before Mr Bond's family could convince the authorities that they'd made a mistake. Away from people who knew him, and could vouch for him, Mr Bond's standing rested solely on the contents of a file on someone's' desk. And if that file said that Derek Bond, of medium build and height, was in fact Derek Lloyd Sykes, a British-born conman responsible for a multi-million-dollar telemarketing scam in Texas, then who was to say it wasn't true?

43. Victims of ID fraud Provision of credit report - post authentication
Advice line and dedicated case workers
Password Notice of Correction
Recommend
contact with the police
Preference services
CIFAS Protective Registration
check postal Change of Address file
Contact lenders and amend

44. Analysis of ID fraud victims
Young professionals
Asian communities
Ethnic minorities
Multiple occupancy
Primarily urban

45. How fraud was uncovered

46. Modus Operandi

47. Age Analysis

48. Knowledge of fraudster
95% of victims had no knowledge of the fraudster. Of those who knew who had used their identity, the breakdown is as follows:
Ex-partner 14%
Family member 16%
Friend 15%
Tenant 54%
Work colleague 1%

49. Police reaction
82% of cases were not reported to the police. Of those that were, the action taken was as follows:
Under caution 1%
Prosecution 7%
Under investigation 61%
Not pursued 31%

50. Cost of fraud by account type

51. Average cost of fraud case by account type

52. Number of confirmed fraudulent searches by CAPS type

53. Cost of fraud by sector - top five CAIS members
Number of cases
Mail Order 182
Bank 162
Mail Order 90
Telecom 87
Retail 83
Cost
Bank £96K
Bank £83K
Bank £72K
Credit card £52K
Bank £37K

54. Quote From victim
“Please treat as an urgent request from somebody who is literally being torn apart by this unfortunate set of circumstances. At present I cannot lease a car, buy a house or apply for a credit card. My life has been taken other by another!!!"

56. Account opening Full application details VAT number checks DPA/CCL
Consent wording checks
Business Information database
Experian fraud prevention tools
Handling of potential “fraud” referrals
Site visits

58. Bin raiding
Experian’s white paper - Closing the Lid on ID Fraud was published in 2003
focussed on household waste and commercial waste in Camden
showed that 1 in 10 consumers discarded enough information for someone to commit card not present fraud
majority of businesses binned personal data with little or no attempt to destroy personal data
“My information is that criminal gangs are paying bin raiders £5.00 per letter. Proceeds of bin raiding are fuelling ID fraud, which in turn feeds back into other criminal activity such as drugs, prostitution and people trafficking.” Street Warden, London Borough of Camden

59. Burglary Break in - nothing taken?
Where are your utility bills, passport, blank cheques??
Estate agencies
Who is looking around your house? Never let them go off alone.

60. The bogus surveyor
Fraudsters in Kent recruited a bogus surveyor to accompany them when viewing recently vacated properties – without the estate agent.
Post was stolen during the viewing
Keys were cut for the property – just in case they needed access
Post was redirected to a ‘drop address’
Telephone lines reconnected and transferred to a mobile number
Internet applications made for bank accounts and credit cards
And on to the next one…………a nice little earner!

61. Postal Redirect
Post is forwarded to a ‘drop address’ or postal boxes unbeknown to the genuine party
Postal collection is arranged from a local sorting office.
There are instances of post that is not required being delivered whilst you are out – so you do not suspect
Collusion – staff working within the postal service aiding the fraudsters

62. Postal Redirect Service – how it works
A form is completed and taken to the Post Office or sent by post.
The fraudster has all relevant details – they have done their homework
It must be accompanied by ID.
The fraudster already has your ID. They have an insider working at the Post Office or they have enough information to send the form direct to the Administration Centre, by-passing the checks.
A confirmation is sent to both the previous and forwarding address.
The fraudster relies on this not being questioned.

63. Stealing an Identity - do your research
Bin raiding
Burglary
Postal redirect
Shoulder surfing

64. Shoulder Surfing Completing applications in shop or business
Overhearing calls in public places
PIN numbers

65. Phishing and Pharming
Scam s - redirecting you to bogus internet sites
Re-confirm security details
Pharming - using holes in computer security to reprogram so that it appears that you are on the correct site.

66. Bogus Calls Incoming calls from financial institutions
Requesting identity information and passwords to authenticate you
REMEMBER A REPUTABLE COMPANY WILL NOT ASK YOU FOR THESE DETAILS.

67. Preventing ID fraud Don’t respond to cold calling
Ensure post is re-directed when you move
Register on the electoral roll immediately
Shred all personal correspondence
Don’t respond to cold calling/ s
Don’t respond to surveys
Don’t discuss personal details over the phone
Monitor bank statements etc. and get regular credit reports
Don’t keep PIN numbers

68. Indicators of ID fraud
Bank statements/correspondence failing to arrive
Unexpectedly declined credit/contact by debt collection company
Contact to advise that you have been approved credit you have not applied for

69. Chip and Pin
APACS - 10/10/2005

70. Chip & PIN ramps up fear factor
Finextra, 01/02/06
Almost one-in-four consumers now feel more exposed and vulnerable when making a purchase following the introduction of PINs in place of signatures at the point-of-sale in the UK, according to research from polling organisation Ipso Mori. The research among more than 2000 UK consumers was conducted on behalf of IT services group Xansa. The study found that one in four (23%) of female card holders and one in ten (11%) of male shoppers feels less secure using the new payment method. Despite a fall in the amount of cardholder present fraud, the safety improvements are not clear to some of the shopping community (17%) who now feel more vulnerable when making a purchase, because of entering a PIN number rather than signing. From 14 February, cards will only be accepted at retailer tills when accompanied by a PIN number. Xansa is recommending credit card providers appeal directly to female cardholders, to allay their fears, as well as to encourage them to use the mechanism for in-store payments.