Identity Theft Check

The identity verification service (IVS) will allow accredited organisations to check your identity safely and quickly, with your permission of course. The intention here is to provide an efficient and secure way for banks, GPs, benefits offices and other organisations to check who you are when you approach them for any reason, thereby minimising the possibility of identity fraud in your name.

The IVS will work in a number of different ways depending on what information is needed at any given moment. So for example for a basic transaction that requires that you prove your age, the IVS would simply confirm that the ID card you are using is valid.

If you are not a British citizen and you are applying for a job within the UK the IVS would confirm that your particular visa allows you to work. Similarly, if someone is applying for work in a caring job or in a position of trust (such as a teacher or perhaps as a nanny) the service could confirm that this person does not have a criminal record or any outstanding warrants for his or her arrest.

But don’t worry too much about all this information being available. For any organisation to be able to access the IVS to find out any information about you, they would have to be fully accredited first, and even then only to access the sort of information relevant to your likely contact with them – so an off-license wouldn’t need or necessarily be able to access whether you have a criminal record or not, but it would be able to confirm your date of birth, as an example.

The utility of the British ID card programme is predicated wholly upon the success and efficiency of brand spanking new the National Identity Register (NIR) – started just this year (2008).

The system has been described by Government as being easy-to-use and extremely secure, containing personal identification for adults living in the UK – adults, in this case, being anyone over the age of 16 years.

The NIR scheme will be run by the Identity and Passport Service (IPS). The Government predicts that it will take several years yet for the NIR to become fully operational with everyone registered on and with it. Although this year saw the first enrolments of foreign nationals into the scheme, ID cards for British citizens are not expected to be available for issue in the UK before 2009.

The initial stages of the ID card programme will see them being issued to British citizens who apply for passports, either for a first time or to renew and old one, although they will eventually be available to people who do not want passports as well.

 For those who are resident within the UK but who are not British citizens, all residency permits, registration certificates or residency cards will take the form of an ID card instead.

The NIR scheme will eventually become compulsory, although the exact timescale of this has not been ironed out yet. Once it does become compulsory, all British citizens over the age of 16 will be required to have an ID card by law, although we are told that it will not be compulsory to carry it around with us at all times.

The information that will be stored on UK citizens will be a mix of unique biometric data, such as retinal scans and fingerprinting, and more other more mutable Person-Identifying Information.

We can expect the following personal details to be stored as part of the state-wide ID card programme:

- names

- fingerprints

- iris patterns

- facial image (as on passports and modern driving licenses)

- gender

- place and date of birth

- immigration status

- postal/living address

Details that we are told will not be part of our accessible personal database will include information such as:

Medical records

ethnic origin

tax records

religious beliefs

Your PII data will be stored on the National Identity Register database. Only Parliament will be able to amend what sorts of information can be stored on this database and access to the information will be very strictly limited and controlled.

That said, in addition to state agencies like the Benefits Office, the Police and perhaps certain elements of local government, certain private sector organisations will also be able to access your PII in the National Identity Register. So banks, for example, could ask you to prove your identity whenever you wish to open a new account, and accessing your PII will be part of that process. The same will apply when you register with a new GP.

In December 2005 representatives from a range of government departments and all the police forces in England and Wales were brought together into a network of Single Points of Contact (SPOC) for detecting and prosecuting identity related crimes in the UK.

Each of these individual ‘SPOCs’ act a focal points within the organisations they work within for issues dealing with identity fraud. So, as an example, at any point a police force could contact a SPOC at the Immigration Office or even the Security Service (MI5) to request information regarding an issue relating to a specific instance of ID.

The role of ‘SPOCs’ is also to monitor particular cases of ID crime from start to finish and to volunteer any information to other agencies that they may think relevant to any particular investigation, even if they have not been asked for that information.

Indeed the Home Office, the Identity and Passport Service and the DVLA have worked with APACS, FLA and CIFAS to produce ‘Identity Fraud - The UK Manual’, which is designed to improve the awareness and training of people within financial institutions in order to combat ID fraud at the ‘cutting edge’ (so the checking and verifying potential customers’ PII)

All of the above, when put together, means that steps have been taken to link up thinking and better co-ordinate authorities on the matter of ID crime as well create joined up, and therefore more effective, counter measures to combat it.

In order to prevent ID fraud across borders – a kind of ID fraud that is often associated with some of the worst crimes we have laws against, such as abduction, people smuggling and forced prostitution, the drugs trade and terrorism to name but a few – the UK’s Identity and Passport Service (IPS) has created and deployed a special database of all known lost and stolen passports, which is open to use by Interpol and other cross-border authorities in order to combat these sorts of crimes.

A passport validation service has become available to the public at large that allows employers, banks and other private and public institutions that are given passports as ID to check the passport they are given against a database of known stolen and lost passports. This can cut down on fake bank accounts (as one example) and is a great tool in the battle against this sort of fraud.

Likewise, all adults who wish to get a passport for the first time must now submit to an interview, cutting down on the possibility of misrepresentation to gain a passport. This will help prevent people from pretending to be someone else while applying for passports, because whereas fake-passports are detectable, a genuine passport for an identity that does not really exist or with a name and other PII for someone else is harder to detect during the immigration procedures and customs.

On June the 7th 2006 the British Government’s Identity Cards Act came into force. This Act essentially detailed various crimes pertaining to possessing and/or creating and/or intending to use documents for false identities for criminal purposes and of using someone else’s identity, or rather the genuine documentation pertaining to their identity (like their passports for instance) for the same purposes.

These offences detailed in the Act apply to all documents that can be used as Person-Identifying Information (PII) – so passports, immigration documents, birth certificates, national insurance cards, driving licenses and indeed the identity cards that will eventually be issued under the National Identity Scheme.

The Fraud Act was also passed in 2006, coming into force on January 15th of that year, stipulating three ‘new’ ways in which fraud can be enacted:

- false representation, which includes dishonestly causing loss or the risk of loss to another with intent of gaining yourself
- failing to disclose information
- abuse of position
- obtaining services dishonestly
- possessing equipment to commit frauds
- supplying articles for use in frauds

Alongside the Criminal Justice Act of 2003 that altered law so that the same penalties for stealing and fraudulently using a driving license are comparable for doing the same with another person’s passport (making them both offences criminal offences that one can be arrested and imprisoned for), these are responses to the increased ease and likelihood of fraud crimes due to the IT based social systems we have in place, that make access to our PII all the more easy.

Over the next few articles we’ll be taking an in depth look at identity cards, their introduction to the UK, the reasons for their introduction and the controversies surrounding them.

The Government’s decision to start a National Identity Scheme, which involves the phasing in of mandatory identity cards for all British citizens, was announced on May 17th 2005 in the Queen’s Speech. The actual Identity Cards Act 2006 received Royal Assent a little under a year later on March 30th 2006.

The intention of the National Identity Scheme is to provide British residents, including foreign nationals, with a means to provide proof of their identity when necessary in a quicker, simpler and more secure manner, and also to make it much harder for criminals to create false identities or utilise someone else’s PII for criminal ends.

ID cards of different sorts are used in most other countries in the global north-west and have been for many years. The British system is intended to be even more hi-tech than these existing ID card systems in other countries, including such hard to fake details as a photo, holograms, a PIN and certain biometric information (such as fingerprints) which will be stored electronically in the card. The intention is that even if the card is stolen, all these details together will make it very hard for the thief to use the card without falling foul of the security measures implicit within it.

The Government regards the introduction of ID cards as a vital step in combating the growing number and manner identity crimes of the 21st Century. Although the exact details of what the British ID cards will consist of has not been decided upon yet, it is more than likely that they will be plastic and roughly the same size as a credit card, bearing the holder’s photograph and with a computer chip (like chip-based credit and debit cards) that will hold the bearer’s personal information.

The British Government has made numerous noises about the importance of tackling the growing problem of ID fraud that has been brought about by our IT culture.

ID fraud affects private individuals, businesses, multinational companies and even government agencies, and it has been implicated in serious crimes including the illegal drugs trade and human trafficking, so there is no understatement of the seriousness of this sort of crime.

A study carried out by the British Cabinet Office in 2002 found that crimes that had been facilitated or exacerbated by identity fraud costs the UK as much as £1.3 billion per year, which is a considerable sum by any measure.

In 2006 the Home Office Identity Fraud Steering Committee updated the findings of the Cabinet Office’s report in order to better establish any trends or changes in the overall cost of ID fraud in the years since the report was made.

The estimate they came up with shows ID fraud costing the British economy as much as £1.7 billion. One can only imagine how much it has gone up since 2006. Even so, these are just estimates of the problem, although they are ‘best’ estimates.

Click here for more details on this report with a detailed breakdown of the findings.

As discussed in previous articles, it is very important that you protect any PII that may allow criminals to defraud you or an institution in your name. As such, always report any lost or stolen passports, driving licences, credit cards, debit cards, cheque-books, or anything else as soon as you become aware that they are missing.

The sooner you report them missing the less likely it is that a criminal will be able to use them undetected.

If you suspect that your mail is being stolen, or if you have started receiving mail that is not your own through a fraudulent mail redirection service, notify the Royal Mail immediately. They have their own internal investigations unit who are very capable and able to help.

If you are definitely a victim of identity fraud but still posses your credit card (as an example), you should not have to pay anything back for things bought without your explicit consent by third parties – although there are often terms and conditions that you should be familiar with from the financial institution in question. Be sure to check their blurb thoroughly.

If you have actually lost your credit or debit cards, or if they have been stolen, you usually will not have to pay for anything unless you are the fraudster yourself (which we are assuming you won’t be!) or unless you can be shown to have acted negligently yourself, like by keeping your PIN attached to your cash-card or somesuch – never a good idea…!

If you have reason to believe that you have been a victim of identity fraud concerning credit or debit cards, or online banking, or any cheques, you should report your concerns to the financial institution that is honouring that debt for you by extending you credit or cashing your cheques (or whatever).

State your case clearly and give as many details as possible. Every financial institution has some sort of hotline for this kind of thing, just check the back of your statements or online for details.

Wherever possible it should be the account holder who makes contact with the financial institution. Once you have reported the matter it becomes the responsibility of the institution to run its own investigation to ascertain the extent and nature of the fraud.

Where deemed appropriate, the institution will contact the police, logging the criminal activity with these correct authorities and allowing matters to proceed to formal police investigations and/or any arrests

This process only applies to plastic card, cheque and internet banking fraud and was introduced just last year in 2007, in an effort to minimise the red tape and difficulty for consumers to report their suspicions reduce and thereby streamline the commencement of appropriate action by the authorities..

If the suspected fraud does not involve your credit or debit cards, or cheques or online banking, you should still report your concerns to the relevant financial institution and then depending on how they advise you, you may have to go to your local police station to report the crime.