Nigel Evans MP

IDENTITY FRAUD

Nigel Evans MP, Chair of the All Party Parliamentary Group on Identity Fraud, evaluates the current methods and initiatives for combating identity fraud and calls for the government to put its house in order.

In December 2005, I helped establish the All Party Parliamentary Group on Identity Fraud, of which I am Chair. Over that period of time we have collated a huge amount of evidence, conducted meetings with government ministers and civil servants and have worked closely with a range of public and private organisations in an effort to gain an understanding of, and highlight the issue of, identity fraud.

The figures associated with fraud in general are staggering. In purely economic terms, a report commissioned in 2007 by the Association of Chief Police Officers (ACPO) estimated the cost of fraud to be at least £13.9bn a year. According to the UK Payments Association (APACS), plastic-card fraud alone cost £535mn in 2007, an increase of more than £100mn over 2006. Furthermore, these costs are not just affecting the UK, as the global economy is speculated to be losing over $200bn every year to online fraudsters.

Over the past three years, the group has submitted a full and an annually updated report to the government with recommendations relating to the fight against identity fraud. Fraudsters’ tactics are changing, and we must keep abreast of changes. To that end, I have become aware of what is known as ‘boiler room fraud’ and have witnessed the rise in phishing scams, which is the subject of my latest project.

I learnt about boiler room fraud when I was contacted by the BBC. A reporter on Radio 4’s You and Yours programme had done extensive research and case studies in this area. Essentially, boiler room fraud is a share scam. People with existing shares (information readily available) or elderly people (who are likely to have savings or pensions) are contacted by well-spoken, professional-sounding young men purporting to be brokers. Typically, the first conversation will be a ‘heads up’ phone call where the victim is informed of a fantastic upcoming deal that they might be interested in. Weeks later there is further contact, often through numerous phone calls, to establish trust. Finally, the fraudster offers a relatively low-cost venture. If the victim buys the suggested shares, they are sent a well-forged share certificate or a share certificate that is virtually worthless. At this point, with trust gained and no suspicion aroused, the victim is encouraged to ‘invest’ ever increasing amounts of money.

More often than not, there is very little that anybody can do once they realise that their money has gone, because so have the fraudsters. In fact, a lot of the phone calls are made from Spain, and for every boiler room that gets shut down another one opens. The London Metropolitan Police have set up ‘Operation Archway’ specifically to deal with boiler room fraud, but it is still an issue that needs greater publicity. I strongly believe that public awareness is one of the greatest tools against fraud.

It is for that reason that I have started my most recent project. The All Party Group’s Follow Up Report established that the number of incidents of card cloning and phishing increased by 182 per cent in the second quarter of 2008 compared with the same period in 2007. Phishing in particular has caught my attention. This new type of identity fraud occurs where fraudsters target bank accounts and credit cards already in use, rather than stealing someone's identity to open new accounts. According to CIFAS, the UK’s fraud-prevention service, fraudsters are changing their methods in favour of this kind of theft because it is getting harder to obtain credit from providers, which have tightened their criteria in the wake of the financial crisis. There is no longer a guarantee that they will get credit by applying under another person's identity so they are, instead, tapping into accounts which already exist.

We have all had emails from people in Spain or Africa saying that they have been left vast sums of money and want to transfer that money to your account for a short period of time; we have all probably ‘won’ lotteries that, miraculously, we have never entered (I can safely say I have never played the Dutch lottery!).

These attempts at fraud are easier to spot but, as ever, and aided by technology, crime evolves and becomes more sophisticated. Emails are now being sent purporting to be from your banks, Paypal or Ebay — all recognisable and trusted brands. They will say that an administrative error of some kind requires you to enter your log in details or actual bank details. No bank or company such as the ones above will ever email you to solicit this type of information. All emails of this nature are phishing scams. They may have cloned the banks logo but nothing about the correspondence is legitimate.

I have kept every such email that has come through to my private email account since the turn of the New Year. I was genuinely amazed at the sheer volume of the phishing or scam emails that I received. At the last count, it was over 70 — which is almost two a day. These scam phishing emails even alert you to the issue of ID fraud and how to protect yourself from it.

Worryingly, the group found evidence that HMRC’s logo was being used in a similar fashion asking for National Insurance numbers and other such information. Any trusted brand is a potential front, and I believe that the 2012 Olympic logo may well become prevalent amongst these scams.

Results clearly show that ‘Chip and PIN’ has had a beneficial impact on card fraud in the UK, as was recognised by a Cabinet Office report in February 2008. The success of Chip and PIN in the UK means that fraudsters are having to turn to other countries to perpetrate their crime. Companies such as CRA Equifax are taking a lead to warn British holidaymakers to take extra care when heading overseas, especially to countries such as the USA. Card-not-present fraud, though, is on the increase. Which leads me very nicely to the most recent meeting that I have had with the Met Police at the launch of the Prevention Of Fraud In Travel (PROFIT) initiative.

PROFIT is a coalition of organisations that have come together to eliminate fraud from the travel industry. The travel industry accounted for a turnover of approximately £70bn in 2008, and the fraud can take many forms including ‘bust outs’, where criminals pose as legitimate travel companies, ‘infiltration’, where criminals infiltrate a legitimate company and ‘e-ticket’ fraud. In addition, the Lonely Planet reported recently that 82 per cent of travellers admit to taking their mobile phone on holiday with them. According to recent Equifax research, mobile phones are often used to store PINs and passwords and so even more fraud occurs. PROFIT is exactly the sort of venture that we should be praising from the rooftops and that we should be supporting as much as we can.

As I said earlier, I sincerely believe that the strongest weapon against fraud is public awareness. It is incumbent on politicians, the police and businesses to ensure that their constituents, the public and customers are as informed as possible. It is also important that businesses invest in the technology that makes it as difficult as possible for fraudsters to commit their crimes.

On top of that, there are a number of other actions that I believe that the government could take. It has become clear that the information commissioner should work with the Ministry of Justice to assess whether a legal requirement to report data breaches would be a proportionate and effective tool for promoting higher standards of data security across the private sector. The information commissioner is also best placed to take on the role of identity fraud Tsar. Increased powers (currently under consultation) will help to achieve this goal, and I would hope that with the appropriate resources the information commissioner will make a real difference to efforts to tackle identity fraud in the UK.

The government must also get its own house in order. In November [2008] I was dismayed at a ministers’ admission that one government computer a week has been going missing on average in recent months. In the last year, government departments have lost the data of nearly 30 million people. Sensitive top-secret documents have been lost: in July 2008 officials revealed 658 Ministry of Defence laptops had been stolen over the past four years and 26 portable memory sticks containing classified information had been either stolen or misplaced since January; NHS records have been lost; and a memory stick containing the personal data of 84,000 prisoners has also disappeared. To be so lackadaisical with personal data is unacceptable in an age when identity fraudsters are using information to make many people’s lives a misery.

We must practice what we preach. We must make information relating to constituents and the public at large as secure as possible. It is vital that Westminster takes a lead in its actions. We must show the way forward, strive to promote the dangers of identity fraud and encourage the public and businesses to be alert, wary and prepared.

Biography of Nigel Evans MP

In December 2005, Nigel returned to the backbenches to concentrate on his work in Parliament. He joined the Council of Europe and the Western European Union as an appointee of the Prime Minister.