2Content Background about Experian What is Identity theft? Is there a problemID Fraud victimsHow does it happenWays to protect yourselfCredit Card Fraud
3What kind of decisions? Whether a credit application is fraudulent Whom to select for a new gold cardWhat premium to set for an insurance policyWhere to locate a new retail storeWhich company to trade withWhether to accept or reject a credit application and what credit limit to offerWhich pages to show to a web site visitorWhether a second hand car has been stolen or written off
4What we do Consumer credit databases Direct to consumer Business databasesScoringRisk managementApplication processingAccount processingSo, we have three key activities, each of which supports and drives the other two. Clearly, within each area we have a number of specific products and services which are shown on this slide to help illustrate our key capabilities.Marketing databasesAutomotive, insurance andproperty databasesList enhancementDatabase managementMicromarketingCustomer RelationshipManagement (CRM)Cheque, debit and document processing Call centres
5Our major client sectors Financial ServicesRetail and CatalogueAutomotiveInsuranceTelecomms, Energy and CableGovernmentLeisure
6Some of our clients ABN AMRO Bang & Olufsen Bank Renaissance Capital BarclaysBarclaycardBNP ParibasBrasil TelecomCapital OneChina Trust Commercial BankCommerzbankHBOSHilton InternationalHMVHondaJCBKookmin BankLEGOM&S MoneyMAX BAHRMBNAMorgan StanleyCommonwealth Bank of AustraliaCoors Brewers UKDirect LineEggFrance TelecomGE Consumer FinancePendragonPowergenRoyal MailSociete GeneraleStandard Bank SAUNICEFYahoo!
7Company profile Annual sales in excess of £1.4 billion 12,000 people worldwideOffices in 28 countriesMore than 50,000 clients in over 60 countriesPart of the GUS Group
8Our parent company – GUS plc UK’s largest non-food retailerArgos Retail GroupLeading global information services companyExperian
9Our structure GUS plc Experian Group Argos Retail Group Experian AmericasExperian InternationalExperian-ScorexExperian UK/ Ireland / Northern EuropeExperian Rest of WorldManagement team: Chief Executive Officer Don Robert Chief Executive Global Operations John SaundersOperating businesses: President, Experian-Scorex Roger Aubrook Managing Director, Experian UK/Ireland and Northern Europe Richard Fiddis Managing Director, Experian Rest of World Nigel Fine Chief Executive Officer, Experian Americas Chris Callero
10Our structure Experian Americas Experian International Experian Group Experian UK/ Ireland / Northern EuropeExperian Rest of WorldExperian-ScorexBusiness StrategiesMarketing ServicesManagement SystemsInformation SolutionsCorporateDirect to Consumer BusinessIrelandNorthern EuropeCommercial BusinessInsurance Services BusinessFraud Solutions BusinessConsumer BusinessAutomotive Business
11Experian, a global company :ArgentinaAustraliaAustriaBelgiumBrazilCanadaChinaDenmarkFinlandFranceGermanyGreeceHong KongIrelandItalyJapanMonacoThe NetherlandsNorwayRussiaSingaporeSouth AfricaSouth KoreaSpainSwedenTurkeyUnited KingdomUnited StatesCountries in which we have offices:
12Experian, a global company North AmericaCosta MesaLincolnSchaumburgDallasAtlantaParsippanyNew York CityTorontoLatin AmericaSao PauloBuenos AiresAsia PacificShanghaiSydneyMelbourneHong KongTokyoSouth KoreaAfricaJohannesburgEuropeNottinghamLondonEdinburghDublinParisHamburgViennaMilanRomeThe HagueMoscowStockholmMadridMonacoIstanbulCopenhagenAthensOsloExperian people numbers: Experian North America = 5, Experian UK = 3, Experian Rest of World = 3,500
13Statutory obligations Provision of a credit report within seven working days subject to authenticationResolution of any credit report related queries
14Credit reports Electoral roll Court judgments and bankruptcies Credit account informationPrevious searchesCIFASGoneaway informationAddress linksFinancial associations and aliases
15What is Identity Fraud?“Identity Fraud occurs when the perpetrator knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit an act that constitutes a violation of UK law.”Source Identity Fraud - The UK Manual“Identity fraud is the use of a misappropriated identity in criminal activity, to obtain goods or services by deception. This usually involves the use of stolen or forged identity documents such as a passport or driving licence.”Source CIFAS
16What is Identity Fraud?Stealing someone’s identity by various means, using name, date of birth and sometimes address details to apply for credit facilities.Account takeover, previous address fraudThe creation of a brand new identity.Where has the individual come from? We are seeing a lot of cases whereby an individual has no previous history – where have they come from, have they really been abroad for the past 3-4 years???
21Bust-out Fraud: Supporting Terrorist Financing The broker then passes the money onto the player. The player is a major figure in terrorist financing.The player will deposit the funds he has received from the broker into a bank account. This can be a personal account, but is more likely to be either a business account, or an account linked to a charitable organisation.The money will then either be sent to a foreign account by wire transfer, or will be added to a Paypal account, so that it can be accessed anywhere, by anyone with the user id and password.The money can then be used for whatever purpose the terrorists see fit. It could be used, as in 9/11 for flight training, or it could be used to procure arms and armament for training camps. However it is used, it will be aimed at the Western world and their allies.Unfortunately, the deals arranged by the broker are not legitimate ones. He passes on the credit cards he has received to dishonest merchants, known as bust-out merchants, who have agreed to put fraudulent transactions through their accounts for the broker.The credit cards they obtain are then passed onto the broker, who, as his name suggests, arranges deals.It all starts with the terrorists, or their associates, attempting to obtain credit cards. This is done either through Identity theft to create new accounts, or by threatening individuals, like international students, to hand over genuine accounts when they leave the country.When the bust-out merchant receives payment for the transaction from the credit card company, he transfers the money that he has received to the broker, minus his fee for processing the transaction, which is normally around 10%In this example, he will therefore return £900.Each bust-out merchant will put through an invented charge for a large value through his account with any credit cards they receive. In this example, it will be £1000.The credit card company will process the fraudulent transaction in good faith and return the sum of the transaction back to the merchant.This information was derived from investigations made by the FBI into terrorism post 9/11. It involved examining not just how the actual attacks were planned, but also how they were funded. It is now applied for stopping the flow of money for further potential attacks.
22Developed identities Attempts to obtain credit reports and monitoring Indicatorsnew voters rollcurrent account/credit card/personal loanmultiple identitiesaddresses in similar street/locationDocumentation in placeSpanish, Belgium, Pakistani, French, Syrian passports
29Types of Fraud Previous address fraud Current address fraud Forwarding address fraudAccount takeoverCard not presentMoney Laundering
30Previous Address Fraud Not usually the organised gang, but the opportunist.Very easy to commit – the victim looks as though they still reside at the address.Voters Roll still current.Accounts still at the address.Address links not yet created.Mail not on redirect.Junk mail received.
31Current Address Fraud Fraud committed by someone at your own address. PartnerTenantShared mailboxesMail Interception
32Forwarding Address Fraud Your address is used as the applicant’s previous address.The applicant’s current address is a ‘drop address’ quite often somewhere you wouldn’t choose to visit.
33Account TakeoverA fraudulent change of address is accepted by a company.Insiders changing account details.Phishing and bogus calls enable access to accounts with the correct password and security details.New cards intercepted in the postThe account is used by the fraudster who asks for new cards to be issued to the new address.
34Card Not PresentThe card and customer are not present at the point of sale.Transactions take place over the internet or by telephone.CVV code not asked for – the digits on the card signature strip.Card could be cloned or skimmed.
35Money LaunderingMoney that is illegally obtained being cleaned up and made to look legal.Large cash deposits going into a bank account through a company and then being taken out by cashpoint.Businesses set up purely to balance cash flow.Consumer Operations see suspicious activity on some bank statements.
36Information sharing Full members of CIFAS Loading fraudulent applications (Category 1, 2 and occasionally 3, 4)Innocent party reportsCredit reference agency fraud circlehighlight current activitydubious disassociation requestsPolice liaisoncredit report requestsS29’s
37What is CIFAS?Founded by major UK lenders in 1988 when it was accepted that fraud prevention is a non-competitive issue.Enables members to share known fraud to help prevent fraud and to protect innocent consumers.Currently have 122 members from all sectors, including:banking/credit cardsmortgagestelecommsinsurancemail ordercredit reference agenciesInsurance services such as Credit Expert partners
38Category 0 – Protective Registration Category 0 (Protective Registration) - This is registered at an individual’s own request. They may have had documents stolen and wish to protect themselves.
39Category 1 – Use of a False Name Category 1 (use of a false name) - A name of an individual has been used despite the fact that they do not currently reside at the address. The name used could be that of a former occupant, an individual who is deceased, or could be completely bogus.
40Category 2 – Victim of Impersonation Category 2 (Victim of Impersonation) - Another individual has used a genuine person’s name and/or address details.If a genuine party can be located a category 2 must be added and a letter sent to them.
41The name is Bond ...Derek Bond, a retired civil engineer, found out for himself how insidious modern fraud can be. As he stepped on to the tarmac at Cape Town airport, the 72-year-old grandfather of six was arrested and thrown into jail. That he could have been mistaken for one of the FBI's 'most wanted' was worrying enough. Despite enjoying an impeccable reputation in his home town, it took three weeks before Mr Bond's family could convince the authorities that they'd made a mistake. Away from people who knew him, and could vouch for him, Mr Bond's standing rested solely on the contents of a file on someone's' desk. And if that file said that Derek Bond, of medium build and height, was in fact Derek Lloyd Sykes, a British-born conman responsible for a multi-million-dollar telemarketing scam in Texas, then who was to say it wasn't true?
43Victims of ID fraud Provision of credit report - post authentication Advice line and dedicated case workersPassword Notice of CorrectionRecommendcontact with the policePreference servicesCIFAS Protective Registrationcheck postal Change of Address fileContact lenders and amend
44Analysis of ID fraud victims Young professionalsAsian communitiesEthnic minoritiesMultiple occupancyPrimarily urban
48Knowledge of fraudster 95% of victims had no knowledge of the fraudster. Of those who knew who had used their identity, the breakdown is as follows:Ex-partner 14%Family member 16%Friend 15%Tenant 54%Work colleague 1%
49Police reaction82% of cases were not reported to the police. Of those that were, the action taken was as follows:Under caution 1%Prosecution 7%Under investigation 61%Not pursued 31%
52Number of confirmed fraudulent searches by CAPS type
53Cost of fraud by sector - top five CAIS members Number of casesMail Order 182Bank 162Mail Order 90Telecom 87Retail 83CostBank £96KBank £83KBank £72KCredit card £52KBank £37K
54Quote From victim“Please treat as an urgent request from somebody who is literally being torn apart by this unfortunate set of circumstances. At present I cannot lease a car, buy a house or apply for a credit card. My life has been taken other by another!!!"
58Bin raidingExperian’s white paper - Closing the Lid on ID Fraud was published in 2003focussed on household waste and commercial waste in Camdenshowed that 1 in 10 consumers discarded enough information for someone to commit card not present fraudmajority of businesses binned personal data with little or no attempt to destroy personal data“My information is that criminal gangs are paying bin raiders £5.00 per letter. Proceeds of bin raiding are fuelling ID fraud, which in turn feeds back into other criminal activity such as drugs, prostitution and people trafficking.” Street Warden, London Borough of Camden
59Burglary Break in - nothing taken? Where are your utility bills, passport, blank cheques??Estate agenciesWho is looking around your house? Never let them go off alone.
60The bogus surveyorFraudsters in Kent recruited a bogus surveyor to accompany them when viewing recently vacated properties – without the estate agent.Post was stolen during the viewingKeys were cut for the property – just in case they needed accessPost was redirected to a ‘drop address’Telephone lines reconnected and transferred to a mobile numberInternet applications made for bank accounts and credit cardsAnd on to the next one…………a nice little earner!
61Postal RedirectPost is forwarded to a ‘drop address’ or postal boxes unbeknown to the genuine partyPostal collection is arranged from a local sorting office.There are instances of post that is not required being delivered whilst you are out – so you do not suspectCollusion – staff working within the postal service aiding the fraudsters
62Postal Redirect Service – how it works A form is completed and taken to the Post Office or sent by post.The fraudster has all relevant details – they have done their homeworkIt must be accompanied by ID.The fraudster already has your ID. They have an insider working at the Post Office or they have enough information to send the form direct to the Administration Centre, by-passing the checks.A confirmation is sent to both the previous and forwarding address.The fraudster relies on this not being questioned.
63Stealing an Identity - do your research Bin raidingBurglaryPostal redirectShoulder surfing
64Shoulder Surfing Completing applications in shop or business Overhearing calls in public placesPIN numbers
65Phishing and PharmingScam s - redirecting you to bogus internet sitesRe-confirm security detailsPharming - using holes in computer security to reprogram so that it appears that you are on the correct site.
66Bogus Calls Incoming calls from financial institutions Requesting identity information and passwords to authenticate youREMEMBER A REPUTABLE COMPANY WILL NOT ASK YOU FOR THESE DETAILS.
67Preventing ID fraud Don’t respond to cold calling Ensure post is re-directed when you moveRegister on the electoral roll immediatelyShred all personal correspondenceDon’t respond to cold calling/ sDon’t respond to surveysDon’t discuss personal details over the phoneMonitor bank statements etc. and get regular credit reportsDon’t keep PIN numbers
68Indicators of ID fraudBank statements/correspondence failing to arriveUnexpectedly declined credit/contact by debt collection companyContact to advise that you have been approved credit you have not applied for
70Chip & PIN ramps up fear factor Finextra, 01/02/06Almost one-in-four consumers now feel more exposed and vulnerable when making a purchase following the introduction of PINs in place of signatures at the point-of-sale in the UK, according to research from polling organisation Ipso Mori. The research among more than 2000 UK consumers was conducted on behalf of IT services group Xansa. The study found that one in four (23%) of female card holders and one in ten (11%) of male shoppers feels less secure using the new payment method. Despite a fall in the amount of cardholder present fraud, the safety improvements are not clear to some of the shopping community (17%) who now feel more vulnerable when making a purchase, because of entering a PIN number rather than signing. From 14 February, cards will only be accepted at retailer tills when accompanied by a PIN number. Xansa is recommending credit card providers appeal directly to female cardholders, to allay their fears, as well as to encourage them to use the mechanism for in-store payments.