Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Theft Helen Lord Experian Content Background about Experian Background about Experian What is Identity theft? What is Identity theft? Is there.

Similar presentations


Presentation on theme: "Identity Theft Helen Lord Experian Content Background about Experian Background about Experian What is Identity theft? What is Identity theft? Is there."— Presentation transcript:

1

2 Identity Theft Helen Lord Experian

3 Content Background about Experian Background about Experian What is Identity theft? What is Identity theft? Is there a problem Is there a problem  ID Fraud victims How does it happen How does it happen Ways to protect yourself Ways to protect yourself Credit Card Fraud Credit Card Fraud

4 What kind of decisions? Whether a credit application is fraudulent Whether a credit application is fraudulent Whom to select for a new gold card Whom to select for a new gold card What premium to set for an insurance policy What premium to set for an insurance policy Where to locate a new retail store Where to locate a new retail store Which company to trade with Which company to trade with Whether to accept or reject a credit application and what credit limit to offer Whether to accept or reject a credit application and what credit limit to offer Which pages to show to a web site visitor Which pages to show to a web site visitor Whether a second hand car has been stolen or written off Whether a second hand car has been stolen or written off

5 What we do Consumer credit databases Direct to consumer Business databases Scoring Risk management Application processing Account processing List enhancement Database management Micromarketing Customer Relationship Management (CRM) Cheque, debit and document processing Call centres Marketing databases Automotive, insurance and property databases

6 Our major client sectors Automotive Insurance Telecomms, Energy and Cable Retail and Catalogue Leisure Financial Services Government

7 Some of our clients ABN AMRO ABN AMRO Bang & Olufsen Bang & Olufsen Bank Renaissance Capital Bank Renaissance Capital Barclays Barclays Barclaycard Barclaycard BNP Paribas BNP Paribas Brasil Telecom Brasil Telecom Capital One Capital One China Trust Commercial Bank China Trust Commercial Bank Commerzbank Commerzbank Commonwealth Bank of Australia Commonwealth Bank of Australia Coors Brewers UK Coors Brewers UK Direct Line Direct Line Egg Egg France Telecom France Telecom GE Consumer Finance GE Consumer Finance Pendragon Pendragon Powergen Powergen Royal Mail Royal Mail Societe Generale Societe Generale Standard Bank SA Standard Bank SA UNICEF UNICEF Yahoo! Yahoo! HBOS HBOS Hilton International Hilton International HMV HMV Honda Honda JCB JCB Kookmin Bank Kookmin Bank LEGO  LEGO  M&S Money M&S Money MAX BAHR MAX BAHR MBNA MBNA Morgan Stanley Morgan Stanley

8 Company profile Annual sales in excess of £1.4 billion Annual sales in excess of £1.4 billion 12,000 people worldwide 12,000 people worldwide Offices in 28 countries Offices in 28 countries More than 50,000 clients in over 60 countries More than 50,000 clients in over 60 countries Part of the GUS Group Part of the GUS Group

9 Our parent company – GUS plc UK’s largest non-food retailer Argos Retail Group Leading global information services company Experian

10 Management team: Chief Executive OfficerDon Robert Chief Executive Global OperationsJohn Saunders Operating businesses: President, Experian-ScorexRoger Aubrook Managing Director, Experian UK/Ireland and Northern EuropeRichard Fiddis Managing Director, Experian Rest of WorldNigel Fine Chief Executive Officer, Experian AmericasChris Callero Experian UK/ Ireland / Northern Europe Experian Rest of World Experian-Scorex GUS plc Experian International Experian Group Argos Retail Group Experian Americas Our structure

11 Experian Americas Experian International Experian Group Experian UK/ Ireland / Northern Europe Experian Rest of World Experian-Scorex Commercial Business Insurance Services Business Fraud Solutions Business Consumer Business Automotive Business Business Strategies Marketing Services Management Systems Information Solutions Corporate Direct to Consumer Business Ireland Northern Europe

12 Experian, a global company : Argentina Australia Austria Belgium Brazil Canada China Denmark Finland France Germany Greece Hong Kong Ireland Italy Japan Monaco The Netherlands Norway Russia Singapore South Africa South Korea Spain Sweden Turkey United Kingdom United States Countries in which we have offices:

13 Experian, a global company North America Costa Mesa Lincoln Schaumburg Dallas Atlanta Parsippany New York City Toronto Latin America Sao Paulo Buenos Aires Asia Pacific Shanghai Sydney Melbourne Hong Kong Tokyo South Korea Africa Johannesburg Europe Nottingham London Edinburgh Dublin Paris Hamburg Vienna Milan Rome The Hague Moscow Stockholm Madrid Monaco Istanbul Copenhagen Athens Oslo Moscow Experian people numbers: Experian North America = 5,000 Experian UK = 3,500 Experian Rest of World = 3,500

14 Statutory obligations Provision of a credit report within seven working days subject to authentication Provision of a credit report within seven working days subject to authentication Resolution of any credit report related queries Resolution of any credit report related queries

15 Credit reports Electoral roll Electoral roll Court judgments and bankruptcies Court judgments and bankruptcies Credit account information Credit account information Previous searches Previous searches CIFAS CIFAS Goneaway information Goneaway information Address links Address links Financial associations and aliases Financial associations and aliases

16 What is Identity Fraud? “Identity Fraud occurs when the perpetrator knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit an act that constitutes a violation of UK law.” Source Identity Fraud - The UK Manual “Identity fraud is the use of a misappropriated identity in criminal activity, to obtain goods or services by deception. This usually involves the use of stolen or forged identity documents such as a passport or driving licence.” Source CIFAS

17 What is Identity Fraud? Stealing someone’s identity by various means, using name, date of birth and sometimes address details to apply for credit facilities. Stealing someone’s identity by various means, using name, date of birth and sometimes address details to apply for credit facilities.  Account takeover, previous address fraud The creation of a brand new identity. The creation of a brand new identity.  Where has the individual come from? We are seeing a lot of cases whereby an individual has no previous history – where have they come from, have they really been abroad for the past 3-4 years???

18 Is it a problem?

19

20

21

22 Bust-out Fraud: Supporting Terrorist Financing It all starts with the terrorists, or their associates, attempting to obtain credit cards. This is done either through Identity theft to create new accounts, or by threatening individuals, like international students, to hand over genuine accounts when they leave the country. Each bust-out merchant will put through an invented charge for a large value through his account with any credit cards they receive. In this example, it will be £1000. The credit card company will process the fraudulent transaction in good faith and return the sum of the transaction back to the merchant. When the bust-out merchant receives payment for the transaction from the credit card company, he transfers the money that he has received to the broker, minus his fee for processing the transaction, which is normally around 10% In this example, he will therefore return £900. The credit cards they obtain are then passed onto the broker, who, as his name suggests, arranges deals. Unfortunately, the deals arranged by the broker are not legitimate ones. He passes on the credit cards he has received to dishonest merchants, known as bust-out merchants, who have agreed to put fraudulent transactions through their accounts for the broker. The broker then passes the money onto the player. The player is a major figure in terrorist financing. The player will deposit the funds he has received from the broker into a bank account. This can be a personal account, but is more likely to be either a business account, or an account linked to a charitable organisation. The money will then either be sent to a foreign account by wire transfer, or will be added to a Paypal e-mail account, so that it can be accessed anywhere, by anyone with the user id and password. The money can then be used for whatever purpose the terrorists see fit. It could be used, as in 9/11 for flight training, or it could be used to procure arms and armament for training camps. However it is used, it will be aimed at the Western world and their allies. This information was derived from investigations made by the FBI into terrorism post 9/11. It involved examining not just how the actual attacks were planned, but also how they were funded. It is now applied for stopping the flow of money for further potential attacks.

23 Developed identities Attempts to obtain credit reports and monitoring Attempts to obtain credit reports and monitoring Indicators Indicators  new voters roll  current account/credit card/personal loan  multiple identities  addresses in similar street/location Documentation in place Documentation in place  Spanish, Belgium, Pakistani, French, Syrian passports

24 www.nextdayid.co.uk www.uwantid.co.uk www.phidentity.com www.foolthem.com www.identacard.co.uk www.ypurphoto-id.com www.noveltyid.co.uk www.phakeid.co.uk www.legalfakeid.com www.fakeidexpress.com www.europeanid.co.uk www.fakeid.co.uk www.mrbateman.co.uk ID websites

25

26

27 Establishing the Identity Voters roll Voters roll  published for viewing at the local library  Form ‘A’s come pre-printed  Local authority checks are minimal

28 *Deceased identity fraud * Source - CIFAS

29 Popular Names

30 Types of Fraud Previous address fraud Previous address fraud Current address fraud Current address fraud Forwarding address fraud Forwarding address fraud Account takeover Account takeover Card not present Card not present Money Laundering Money Laundering

31 Previous Address Fraud Not usually the organised gang, but the opportunist. Not usually the organised gang, but the opportunist. Very easy to commit – the victim looks as though they still reside at the address. Very easy to commit – the victim looks as though they still reside at the address.  Voters Roll still current.  Accounts still at the address.  Address links not yet created.  Mail not on redirect.  Junk mail received.

32 Current Address Fraud Fraud committed by someone at your own address. Fraud committed by someone at your own address.  Partner  Tenant  Shared mailboxes  Mail Interception

33 Forwarding Address Fraud Your address is used as the applicant’s previous address. Your address is used as the applicant’s previous address. The applicant’s current address is a ‘drop address’ quite often somewhere you wouldn’t choose to visit. The applicant’s current address is a ‘drop address’ quite often somewhere you wouldn’t choose to visit.

34 Account Takeover A fraudulent change of address is accepted by a company. A fraudulent change of address is accepted by a company. Insiders changing account details. Insiders changing account details. Phishing and bogus calls enable access to accounts with the correct password and security details. Phishing and bogus calls enable access to accounts with the correct password and security details. New cards intercepted in the post New cards intercepted in the post The account is used by the fraudster who asks for new cards to be issued to the new address. The account is used by the fraudster who asks for new cards to be issued to the new address.

35 Card Not Present The card and customer are not present at the point of sale. The card and customer are not present at the point of sale. Transactions take place over the internet or by telephone. Transactions take place over the internet or by telephone. CVV code not asked for – the digits on the card signature strip. CVV code not asked for – the digits on the card signature strip. Card could be cloned or skimmed. Card could be cloned or skimmed.

36 Money Laundering Money that is illegally obtained being cleaned up and made to look legal. Money that is illegally obtained being cleaned up and made to look legal. Large cash deposits going into a bank account through a company and then being taken out by cashpoint. Large cash deposits going into a bank account through a company and then being taken out by cashpoint. Businesses set up purely to balance cash flow. Businesses set up purely to balance cash flow. Consumer Operations see suspicious activity on some bank statements. Consumer Operations see suspicious activity on some bank statements.

37 Information sharing Full members of CIFAS Full members of CIFAS  Loading fraudulent applications (Category 1, 2 and occasionally 3, 4)  Innocent party reports Credit reference agency fraud circle Credit reference agency fraud circle  highlight current activity  dubious disassociation requests Police liaison Police liaison  credit report requests  S29’s

38 What is CIFAS? Founded by major UK lenders in 1988 when it was accepted that fraud prevention is a non-competitive issue. Founded by major UK lenders in 1988 when it was accepted that fraud prevention is a non-competitive issue. Enables members to share known fraud to help prevent fraud and to protect innocent consumers. Enables members to share known fraud to help prevent fraud and to protect innocent consumers. Currently have 122 members from all sectors, including: Currently have 122 members from all sectors, including:  banking/credit cards  mortgages  telecomms  insurance  mail order  credit reference agencies  Insurance services such as Credit Expert partners

39 Category 0 – Protective Registration Category 0 (Protective Registration) - This is registered at an individual’s own request. They may have had documents stolen and wish to protect themselves. Category 0 (Protective Registration) - This is registered at an individual’s own request. They may have had documents stolen and wish to protect themselves.

40 Category 1 – Use of a False Name Category 1 (use of a false name) - A name of an individual has been used despite the fact that they do not currently reside at the address. The name used could be that of a former occupant, an individual who is deceased, or could be completely bogus. Category 1 (use of a false name) - A name of an individual has been used despite the fact that they do not currently reside at the address. The name used could be that of a former occupant, an individual who is deceased, or could be completely bogus.

41 Category 2 – Victim of Impersonation Category 2 (Victim of Impersonation) - Another individual has used a genuine person’s name and/or address details. Category 2 (Victim of Impersonation) - Another individual has used a genuine person’s name and/or address details. If a genuine party can be located a category 2 must be added and a letter sent to them. If a genuine party can be located a category 2 must be added and a letter sent to them.

42 The name is Bond... Derek Bond, a retired civil engineer, found out for himself how insidious modern fraud can be. As he stepped on to the tarmac at Cape Town airport, the 72-year-old grandfather of six was arrested and thrown into jail. That he could have been mistaken for one of the FBI's 'most wanted' was worrying enough. Despite enjoying an impeccable reputation in his home town, it took three weeks before Mr Bond's family could convince the authorities that they'd made a mistake. Away from people who knew him, and could vouch for him, Mr Bond's standing rested solely on the contents of a file on someone's' desk. And if that file said that Derek Bond, of medium build and height, was in fact Derek Lloyd Sykes, a British-born conman responsible for a multi-million-dollar telemarketing scam in Texas, then who was to say it wasn't true? Derek Bond, a retired civil engineer, found out for himself how insidious modern fraud can be. As he stepped on to the tarmac at Cape Town airport, the 72-year-old grandfather of six was arrested and thrown into jail. That he could have been mistaken for one of the FBI's 'most wanted' was worrying enough. Despite enjoying an impeccable reputation in his home town, it took three weeks before Mr Bond's family could convince the authorities that they'd made a mistake. Away from people who knew him, and could vouch for him, Mr Bond's standing rested solely on the contents of a file on someone's' desk. And if that file said that Derek Bond, of medium build and height, was in fact Derek Lloyd Sykes, a British-born conman responsible for a multi-million-dollar telemarketing scam in Texas, then who was to say it wasn't true?

43

44 Victims of ID fraud Provision of credit report - post authentication Provision of credit report - post authentication Advice line and dedicated case workers Advice line and dedicated case workers Password Notice of Correction Password Notice of Correction Recommend Recommend  contact with the police  Preference services  CIFAS Protective Registration  check postal Change of Address file Contact lenders and amend Contact lenders and amend

45 Analysis of ID fraud victims Young professionals Young professionals Asian communities Asian communities Ethnic minorities Ethnic minorities Multiple occupancy Multiple occupancy Primarily urban Primarily urban

46 How fraud was uncovered

47 Modus Operandi

48 Age Analysis

49 Knowledge of fraudster 95% of victims had no knowledge of the fraudster. Of those who knew who had used their identity, the breakdown is as follows: 95% of victims had no knowledge of the fraudster. Of those who knew who had used their identity, the breakdown is as follows:  Ex-partner14%  Family member16%  Friend15%  Tenant54%  Work colleague1%

50 Police reaction 82% of cases were not reported to the police. Of those that were, the action taken was as follows: 82% of cases were not reported to the police. Of those that were, the action taken was as follows:  Under caution1%  Prosecution7%  Under investigation61%  Not pursued31%

51 Cost of fraud by account type

52 Average cost of fraud case by account type

53 Number of confirmed fraudulent searches by CAPS type

54 Cost of fraud by sector - top five CAIS members Number of cases Mail Order182 Bank162 Mail Order90 Telecom87 Retail83 Cost Bank£96K Bank£83K Bank£72K Credit card£52K Bank£37K

55 Quote From victim “Please treat as an urgent request from somebody who is literally being torn apart by this unfortunate set of circumstances. At present I cannot lease a car, buy a house or apply for a credit card. My life has been taken other by another!!!"

56

57 Account opening Full application details Full application details VAT number checks VAT number checks DPA/CCL DPA/CCL Consent wording checks Consent wording checks Business Information database Business Information database Experian fraud prevention tools Experian fraud prevention tools Handling of potential “fraud” referrals Handling of potential “fraud” referrals Site visits Site visits

58

59 Bin raiding Experian’s white paper - Closing the Lid on ID Fraud was published in 2003 Experian’s white paper - Closing the Lid on ID Fraud was published in 2003  focussed on household waste and commercial waste in Camden  showed that 1 in 10 consumers discarded enough information for someone to commit card not present fraud  majority of businesses binned personal data with little or no attempt to destroy personal data “My information is that criminal gangs are paying bin raiders £5.00 per letter. Proceeds of bin raiding are fuelling ID fraud, which in turn feeds back into other criminal activity such as drugs, prostitution and people trafficking.” Street Warden, London Borough of Camden

60 Burglary Break in - nothing taken? Break in - nothing taken?  Where are your utility bills, passport, blank cheques?? Estate agencies Estate agencies  Who is looking around your house? Never let them go off alone.

61 The bogus surveyor Fraudsters in Kent recruited a bogus surveyor to accompany them when viewing recently vacated properties – without the estate agent. Fraudsters in Kent recruited a bogus surveyor to accompany them when viewing recently vacated properties – without the estate agent. Post was stolen during the viewing Post was stolen during the viewing Keys were cut for the property – just in case they needed access Keys were cut for the property – just in case they needed access Post was redirected to a ‘drop address’ Post was redirected to a ‘drop address’ Telephone lines reconnected and transferred to a mobile number Telephone lines reconnected and transferred to a mobile number Internet applications made for bank accounts and credit cards Internet applications made for bank accounts and credit cards  And on to the next one…………a nice little earner!

62 Postal Redirect Post is forwarded to a ‘drop address’ or postal boxes unbeknown to the genuine party Post is forwarded to a ‘drop address’ or postal boxes unbeknown to the genuine party Postal collection is arranged from a local sorting office. Postal collection is arranged from a local sorting office. There are instances of post that is not required being delivered whilst you are out – so you do not suspect There are instances of post that is not required being delivered whilst you are out – so you do not suspect Collusion – staff working within the postal service aiding the fraudsters Collusion – staff working within the postal service aiding the fraudsters

63 Postal Redirect Service – how it works A form is completed and taken to the Post Office or sent by post. A form is completed and taken to the Post Office or sent by post.  The fraudster has all relevant details – they have done their homework It must be accompanied by ID. It must be accompanied by ID.  The fraudster already has your ID. They have an insider working at the Post Office or they have enough information to send the form direct to the Administration Centre, by-passing the checks. A confirmation is sent to both the previous and forwarding address. A confirmation is sent to both the previous and forwarding address.  The fraudster relies on this not being questioned.

64 Stealing an Identity - do your research Bin raiding Bin raiding Burglary Burglary Postal redirect Postal redirect Shoulder surfing Shoulder surfing

65 Shoulder Surfing Completing applications in shop or business Completing applications in shop or business Overhearing calls in public places Overhearing calls in public places PIN numbers PIN numbers

66 Phishing and Pharming Scam e-mails - redirecting you to bogus internet sites Scam e-mails - redirecting you to bogus internet sites Re-confirm security details Re-confirm security details Pharming - using holes in computer security to reprogram so that it appears that you are on the correct site. Pharming - using holes in computer security to reprogram so that it appears that you are on the correct site.

67 Bogus Calls Incoming calls from financial institutions Incoming calls from financial institutions Requesting identity information and passwords to authenticate you Requesting identity information and passwords to authenticate you REMEMBER A REPUTABLE COMPANY WILL NOT ASK YOU FOR THESE DETAILS. REMEMBER A REPUTABLE COMPANY WILL NOT ASK YOU FOR THESE DETAILS.

68 Preventing ID fraud Don’t respond to cold calling Don’t respond to cold calling Ensure post is re-directed when you move Ensure post is re-directed when you move Register on the electoral roll immediately Register on the electoral roll immediately Shred all personal correspondence Shred all personal correspondence Don’t respond to cold calling/e-mails Don’t respond to cold calling/e-mails Don’t respond to surveys Don’t respond to surveys Don’t discuss personal details over the phone Don’t discuss personal details over the phone Monitor bank statements etc. and get regular credit reports Monitor bank statements etc. and get regular credit reports Don’t keep PIN numbers Don’t keep PIN numbers

69 Indicators of ID fraud Bank statements/correspondence failing to arrive Bank statements/correspondence failing to arrive Unexpectedly declined credit/contact by debt collection company Unexpectedly declined credit/contact by debt collection company Contact to advise that you have been approved credit you have not applied for Contact to advise that you have been approved credit you have not applied for

70 Chip and Pin APACS - 10/10/2005

71 Chip & PIN ramps up fear factor Finextra, 01/02/06 Almost one-in-four consumers now feel more exposed and vulnerable when making a purchase following the introduction of PINs in place of signatures at the point-of-sale in the UK, according to research from polling organisation Ipso Mori. The research among more than 2000 UK consumers was conducted on behalf of IT services group Xansa. The study found that one in four (23%) of female card holders and one in ten (11%) of male shoppers feels less secure using the new payment method. Despite a fall in the amount of cardholder present fraud, the safety improvements are not clear to some of the shopping community (17%) who now feel more vulnerable when making a purchase, because of entering a PIN number rather than signing. From 14 February, cards will only be accepted at retailer tills when accompanied by a PIN number. Xansa is recommending credit card providers appeal directly to female cardholders, to allay their fears, as well as to encourage them to use the mechanism for in-store payments.


Download ppt "Identity Theft Helen Lord Experian Content Background about Experian Background about Experian What is Identity theft? What is Identity theft? Is there."

Similar presentations


Ads by Google