Identity Theft Check

The utility of the British ID card programme is predicated wholly upon the success and efficiency of brand spanking new the National Identity Register (NIR) – started just this year (2008).

The system has been described by Government as being easy-to-use and extremely secure, containing personal identification for adults living in the UK – adults, in this case, being anyone over the age of 16 years.

The NIR scheme will be run by the Identity and Passport Service (IPS). The Government predicts that it will take several years yet for the NIR to become fully operational with everyone registered on and with it. Although this year saw the first enrolments of foreign nationals into the scheme, ID cards for British citizens are not expected to be available for issue in the UK before 2009.

The initial stages of the ID card programme will see them being issued to British citizens who apply for passports, either for a first time or to renew and old one, although they will eventually be available to people who do not want passports as well.

 For those who are resident within the UK but who are not British citizens, all residency permits, registration certificates or residency cards will take the form of an ID card instead.

The NIR scheme will eventually become compulsory, although the exact timescale of this has not been ironed out yet. Once it does become compulsory, all British citizens over the age of 16 will be required to have an ID card by law, although we are told that it will not be compulsory to carry it around with us at all times.

The information that will be stored on UK citizens will be a mix of unique biometric data, such as retinal scans and fingerprinting, and more other more mutable Person-Identifying Information.

We can expect the following personal details to be stored as part of the state-wide ID card programme:

- names

- fingerprints

- iris patterns

- facial image (as on passports and modern driving licenses)

- gender

- place and date of birth

- immigration status

- postal/living address

Details that we are told will not be part of our accessible personal database will include information such as:

Medical records

ethnic origin

tax records

religious beliefs

Your PII data will be stored on the National Identity Register database. Only Parliament will be able to amend what sorts of information can be stored on this database and access to the information will be very strictly limited and controlled.

That said, in addition to state agencies like the Benefits Office, the Police and perhaps certain elements of local government, certain private sector organisations will also be able to access your PII in the National Identity Register. So banks, for example, could ask you to prove your identity whenever you wish to open a new account, and accessing your PII will be part of that process. The same will apply when you register with a new GP.

Biometric identifiers are any unique elements of your Person-Identifying Information (PII) that can positively identify you above another person – so, for existence, your iris and fingerprint patterns are good examples of biometric identifiers.

The proposed British ID cards will have certain biometric identifiers coded into them, or, at the very least, certain biometric identifiers may be kept on a central database which can be accessed through use of the ID cards.

This means that the identity upon the cards will be linked even more closely with the individual it belongs to, making it harder for others to use. Indeed, because biometric data is even more personal to individuals and unique they can, generally speaking, be used to identify an individual even more accurately than other already existent forms of official authentication, such as passwords and PIN numbers that can be stolen, hacked or even guessed in some cases.

Biometric data is already being used in the British ‘E-Passports’, introduced in the UK back in 2006. In fact in the face of our globalising world where travel and the transmission and accessibility of information has and is becoming ever more easy, there has been a concerted effort across much of the rest of the world to further fortify state borders and personal and public databases against the possibility of intrusion by criminals and those who have no right to access them. In fact, at the time of writing, 21 of the 25 EU Members States have already brought in their own ID cards programmes, so the UK is far from being alone in this venture.

Because of the nature of the information stored on and through them, each ID card will exceptionally hard to fake, combining as they will the cardholder’s biometric identifiers (like iris scans and fingerprints) along with other checked and authenticated PII details (such as family names and home addresses), sometimes referred to as our ‘biographical footprint’.

Although most of the PII attached to the ID card programme will be stored on the as yet still nascent National Identity Register, some basic information will also be stored on the card itself,\probably in a chip as with bank and credit cards.

The British Government’s decision to bring in a National Identity Scheme, involving the creation and distribution of ID cards to the population, was announced formally on the 17^{th of May, 2005, in the Queens Speech. The Identity Cards Act subsequently received royal assent the on the 30th of March, 2006, becoming law.}

The Government commenced the introduction of biometric residence permits for foreign nationals this year (2008), and they have said that they anticipate that they will issue the first British ID cards to citizens in 2009.

The Government has said that its reasons for pushing through the legislation and issue of ID cards are predicated upon the national interest.

They suggest that ID cards will:

- make it easier to make use of public services and ensure that only those eligible for them can access them

- help prevent identity fraud by ensuring that people are who they say they are (at banks, shops and to any civil authorities etc)

- help tackle immigration abuse, ‘people smuggling’, and illegal working in the UK

- disrupt the wider implications and uses associated with identity crime including terrorist activities

Over the next few articles we will take an in depth look at what the Government has said concerning British ID cards and the state system that will surround them. We will also look at some of the controversies surrounding ID cards and will try to ascertain just how useful they will be to the public at large.

In December 2005 representatives from a range of government departments and all the police forces in England and Wales were brought together into a network of Single Points of Contact (SPOC) for detecting and prosecuting identity related crimes in the UK.

Each of these individual ‘SPOCs’ act a focal points within the organisations they work within for issues dealing with identity fraud. So, as an example, at any point a police force could contact a SPOC at the Immigration Office or even the Security Service (MI5) to request information regarding an issue relating to a specific instance of ID.

The role of ‘SPOCs’ is also to monitor particular cases of ID crime from start to finish and to volunteer any information to other agencies that they may think relevant to any particular investigation, even if they have not been asked for that information.

Indeed the Home Office, the Identity and Passport Service and the DVLA have worked with APACS, FLA and CIFAS to produce ‘Identity Fraud - The UK Manual’, which is designed to improve the awareness and training of people within financial institutions in order to combat ID fraud at the ‘cutting edge’ (so the checking and verifying potential customers’ PII)

All of the above, when put together, means that steps have been taken to link up thinking and better co-ordinate authorities on the matter of ID crime as well create joined up, and therefore more effective, counter measures to combat it.

In order to prevent ID fraud across borders – a kind of ID fraud that is often associated with some of the worst crimes we have laws against, such as abduction, people smuggling and forced prostitution, the drugs trade and terrorism to name but a few – the UK’s Identity and Passport Service (IPS) has created and deployed a special database of all known lost and stolen passports, which is open to use by Interpol and other cross-border authorities in order to combat these sorts of crimes.

A passport validation service has become available to the public at large that allows employers, banks and other private and public institutions that are given passports as ID to check the passport they are given against a database of known stolen and lost passports. This can cut down on fake bank accounts (as one example) and is a great tool in the battle against this sort of fraud.

Likewise, all adults who wish to get a passport for the first time must now submit to an interview, cutting down on the possibility of misrepresentation to gain a passport. This will help prevent people from pretending to be someone else while applying for passports, because whereas fake-passports are detectable, a genuine passport for an identity that does not really exist or with a name and other PII for someone else is harder to detect during the immigration procedures and customs.

On June the 7th 2006 the British Government’s Identity Cards Act came into force. This Act essentially detailed various crimes pertaining to possessing and/or creating and/or intending to use documents for false identities for criminal purposes and of using someone else’s identity, or rather the genuine documentation pertaining to their identity (like their passports for instance) for the same purposes.

These offences detailed in the Act apply to all documents that can be used as Person-Identifying Information (PII) – so passports, immigration documents, birth certificates, national insurance cards, driving licenses and indeed the identity cards that will eventually be issued under the National Identity Scheme.

The Fraud Act was also passed in 2006, coming into force on January 15th of that year, stipulating three ‘new’ ways in which fraud can be enacted:

- false representation, which includes dishonestly causing loss or the risk of loss to another with intent of gaining yourself
- failing to disclose information
- abuse of position
- obtaining services dishonestly
- possessing equipment to commit frauds
- supplying articles for use in frauds

Alongside the Criminal Justice Act of 2003 that altered law so that the same penalties for stealing and fraudulently using a driving license are comparable for doing the same with another person’s passport (making them both offences criminal offences that one can be arrested and imprisoned for), these are responses to the increased ease and likelihood of fraud crimes due to the IT based social systems we have in place, that make access to our PII all the more easy.

Over the next few articles we’ll be taking an in depth look at identity cards, their introduction to the UK, the reasons for their introduction and the controversies surrounding them.

The Government’s decision to start a National Identity Scheme, which involves the phasing in of mandatory identity cards for all British citizens, was announced on May 17th 2005 in the Queen’s Speech. The actual Identity Cards Act 2006 received Royal Assent a little under a year later on March 30th 2006.

The intention of the National Identity Scheme is to provide British residents, including foreign nationals, with a means to provide proof of their identity when necessary in a quicker, simpler and more secure manner, and also to make it much harder for criminals to create false identities or utilise someone else’s PII for criminal ends.

ID cards of different sorts are used in most other countries in the global north-west and have been for many years. The British system is intended to be even more hi-tech than these existing ID card systems in other countries, including such hard to fake details as a photo, holograms, a PIN and certain biometric information (such as fingerprints) which will be stored electronically in the card. The intention is that even if the card is stolen, all these details together will make it very hard for the thief to use the card without falling foul of the security measures implicit within it.

The Government regards the introduction of ID cards as a vital step in combating the growing number and manner identity crimes of the 21st Century. Although the exact details of what the British ID cards will consist of has not been decided upon yet, it is more than likely that they will be plastic and roughly the same size as a credit card, bearing the holder’s photograph and with a computer chip (like chip-based credit and debit cards) that will hold the bearer’s personal information.

As discussed in previous articles, it is very important that you protect any PII that may allow criminals to defraud you or an institution in your name. As such, always report any lost or stolen passports, driving licences, credit cards, debit cards, cheque-books, or anything else as soon as you become aware that they are missing.

The sooner you report them missing the less likely it is that a criminal will be able to use them undetected.

If you suspect that your mail is being stolen, or if you have started receiving mail that is not your own through a fraudulent mail redirection service, notify the Royal Mail immediately. They have their own internal investigations unit who are very capable and able to help.

If you are definitely a victim of identity fraud but still posses your credit card (as an example), you should not have to pay anything back for things bought without your explicit consent by third parties – although there are often terms and conditions that you should be familiar with from the financial institution in question. Be sure to check their blurb thoroughly.

If you have actually lost your credit or debit cards, or if they have been stolen, you usually will not have to pay for anything unless you are the fraudster yourself (which we are assuming you won’t be!) or unless you can be shown to have acted negligently yourself, like by keeping your PIN attached to your cash-card or somesuch – never a good idea…!

If you have reason to believe that you have been a victim of identity fraud concerning credit or debit cards, or online banking, or any cheques, you should report your concerns to the financial institution that is honouring that debt for you by extending you credit or cashing your cheques (or whatever).

State your case clearly and give as many details as possible. Every financial institution has some sort of hotline for this kind of thing, just check the back of your statements or online for details.

Wherever possible it should be the account holder who makes contact with the financial institution. Once you have reported the matter it becomes the responsibility of the institution to run its own investigation to ascertain the extent and nature of the fraud.

Where deemed appropriate, the institution will contact the police, logging the criminal activity with these correct authorities and allowing matters to proceed to formal police investigations and/or any arrests

This process only applies to plastic card, cheque and internet banking fraud and was introduced just last year in 2007, in an effort to minimise the red tape and difficulty for consumers to report their suspicions reduce and thereby streamline the commencement of appropriate action by the authorities..

If the suspected fraud does not involve your credit or debit cards, or cheques or online banking, you should still report your concerns to the relevant financial institution and then depending on how they advise you, you may have to go to your local police station to report the crime.