Identity Theft Check

In December 2005 representatives from a range of government departments and all the police forces in England and Wales were brought together into a network of Single Points of Contact (SPOC) for detecting and prosecuting identity related crimes in the UK.

Each of these individual ‘SPOCs’ act a focal points within the organisations they work within for issues dealing with identity fraud. So, as an example, at any point a police force could contact a SPOC at the Immigration Office or even the Security Service (MI5) to request information regarding an issue relating to a specific instance of ID.

The role of ‘SPOCs’ is also to monitor particular cases of ID crime from start to finish and to volunteer any information to other agencies that they may think relevant to any particular investigation, even if they have not been asked for that information.

Indeed the Home Office, the Identity and Passport Service and the DVLA have worked with APACS, FLA and CIFAS to produce ‘Identity Fraud - The UK Manual’, which is designed to improve the awareness and training of people within financial institutions in order to combat ID fraud at the ‘cutting edge’ (so the checking and verifying potential customers’ PII)

All of the above, when put together, means that steps have been taken to link up thinking and better co-ordinate authorities on the matter of ID crime as well create joined up, and therefore more effective, counter measures to combat it.

In order to prevent ID fraud across borders – a kind of ID fraud that is often associated with some of the worst crimes we have laws against, such as abduction, people smuggling and forced prostitution, the drugs trade and terrorism to name but a few – the UK’s Identity and Passport Service (IPS) has created and deployed a special database of all known lost and stolen passports, which is open to use by Interpol and other cross-border authorities in order to combat these sorts of crimes.

A passport validation service has become available to the public at large that allows employers, banks and other private and public institutions that are given passports as ID to check the passport they are given against a database of known stolen and lost passports. This can cut down on fake bank accounts (as one example) and is a great tool in the battle against this sort of fraud.

Likewise, all adults who wish to get a passport for the first time must now submit to an interview, cutting down on the possibility of misrepresentation to gain a passport. This will help prevent people from pretending to be someone else while applying for passports, because whereas fake-passports are detectable, a genuine passport for an identity that does not really exist or with a name and other PII for someone else is harder to detect during the immigration procedures and customs.

On June the 7th 2006 the British Government’s Identity Cards Act came into force. This Act essentially detailed various crimes pertaining to possessing and/or creating and/or intending to use documents for false identities for criminal purposes and of using someone else’s identity, or rather the genuine documentation pertaining to their identity (like their passports for instance) for the same purposes.

These offences detailed in the Act apply to all documents that can be used as Person-Identifying Information (PII) – so passports, immigration documents, birth certificates, national insurance cards, driving licenses and indeed the identity cards that will eventually be issued under the National Identity Scheme.

The Fraud Act was also passed in 2006, coming into force on January 15th of that year, stipulating three ‘new’ ways in which fraud can be enacted:

- false representation, which includes dishonestly causing loss or the risk of loss to another with intent of gaining yourself
- failing to disclose information
- abuse of position
- obtaining services dishonestly
- possessing equipment to commit frauds
- supplying articles for use in frauds

Alongside the Criminal Justice Act of 2003 that altered law so that the same penalties for stealing and fraudulently using a driving license are comparable for doing the same with another person’s passport (making them both offences criminal offences that one can be arrested and imprisoned for), these are responses to the increased ease and likelihood of fraud crimes due to the IT based social systems we have in place, that make access to our PII all the more easy.

Over the next few articles we’ll be taking an in depth look at identity cards, their introduction to the UK, the reasons for their introduction and the controversies surrounding them.

The Government’s decision to start a National Identity Scheme, which involves the phasing in of mandatory identity cards for all British citizens, was announced on May 17th 2005 in the Queen’s Speech. The actual Identity Cards Act 2006 received Royal Assent a little under a year later on March 30th 2006.

The intention of the National Identity Scheme is to provide British residents, including foreign nationals, with a means to provide proof of their identity when necessary in a quicker, simpler and more secure manner, and also to make it much harder for criminals to create false identities or utilise someone else’s PII for criminal ends.

ID cards of different sorts are used in most other countries in the global north-west and have been for many years. The British system is intended to be even more hi-tech than these existing ID card systems in other countries, including such hard to fake details as a photo, holograms, a PIN and certain biometric information (such as fingerprints) which will be stored electronically in the card. The intention is that even if the card is stolen, all these details together will make it very hard for the thief to use the card without falling foul of the security measures implicit within it.

The Government regards the introduction of ID cards as a vital step in combating the growing number and manner identity crimes of the 21st Century. Although the exact details of what the British ID cards will consist of has not been decided upon yet, it is more than likely that they will be plastic and roughly the same size as a credit card, bearing the holder’s photograph and with a computer chip (like chip-based credit and debit cards) that will hold the bearer’s personal information.

The British Government has made numerous noises about the importance of tackling the growing problem of ID fraud that has been brought about by our IT culture.

ID fraud affects private individuals, businesses, multinational companies and even government agencies, and it has been implicated in serious crimes including the illegal drugs trade and human trafficking, so there is no understatement of the seriousness of this sort of crime.

A study carried out by the British Cabinet Office in 2002 found that crimes that had been facilitated or exacerbated by identity fraud costs the UK as much as £1.3 billion per year, which is a considerable sum by any measure.

In 2006 the Home Office Identity Fraud Steering Committee updated the findings of the Cabinet Office’s report in order to better establish any trends or changes in the overall cost of ID fraud in the years since the report was made.

The estimate they came up with shows ID fraud costing the British economy as much as £1.7 billion. One can only imagine how much it has gone up since 2006. Even so, these are just estimates of the problem, although they are ‘best’ estimates.

Click here for more details on this report with a detailed breakdown of the findings.

As discussed in previous articles, it is very important that you protect any PII that may allow criminals to defraud you or an institution in your name. As such, always report any lost or stolen passports, driving licences, credit cards, debit cards, cheque-books, or anything else as soon as you become aware that they are missing.

The sooner you report them missing the less likely it is that a criminal will be able to use them undetected.

If you suspect that your mail is being stolen, or if you have started receiving mail that is not your own through a fraudulent mail redirection service, notify the Royal Mail immediately. They have their own internal investigations unit who are very capable and able to help.

If you are definitely a victim of identity fraud but still posses your credit card (as an example), you should not have to pay anything back for things bought without your explicit consent by third parties – although there are often terms and conditions that you should be familiar with from the financial institution in question. Be sure to check their blurb thoroughly.

If you have actually lost your credit or debit cards, or if they have been stolen, you usually will not have to pay for anything unless you are the fraudster yourself (which we are assuming you won’t be!) or unless you can be shown to have acted negligently yourself, like by keeping your PIN attached to your cash-card or somesuch – never a good idea…!

If you have reason to believe that you have been a victim of identity fraud concerning credit or debit cards, or online banking, or any cheques, you should report your concerns to the financial institution that is honouring that debt for you by extending you credit or cashing your cheques (or whatever).

State your case clearly and give as many details as possible. Every financial institution has some sort of hotline for this kind of thing, just check the back of your statements or online for details.

Wherever possible it should be the account holder who makes contact with the financial institution. Once you have reported the matter it becomes the responsibility of the institution to run its own investigation to ascertain the extent and nature of the fraud.

Where deemed appropriate, the institution will contact the police, logging the criminal activity with these correct authorities and allowing matters to proceed to formal police investigations and/or any arrests

This process only applies to plastic card, cheque and internet banking fraud and was introduced just last year in 2007, in an effort to minimise the red tape and difficulty for consumers to report their suspicions reduce and thereby streamline the commencement of appropriate action by the authorities..

If the suspected fraud does not involve your credit or debit cards, or cheques or online banking, you should still report your concerns to the relevant financial institution and then depending on how they advise you, you may have to go to your local police station to report the crime.

If you have regularly thrown out your Person Identifying Information (particularly if you live in a city or large town) or if you have recently lost or had stolen important personal documents like your passport or driving licence, you should take steps to check to see if you have already been targeted by identity fraudsters.

How can you know if your personal information has been compromised? The British Home Office suggests you look out for any of the following:

- post that you have been expecting from the bank does not arrive

-  you are receiving no post at all

- items appear on your bank / credit-card statements that you know you have not purchased

- you have applied for a state benefit of some sort but you are told that you are already claiming it

- you receive bills, invoices or receipts through the post for products or services you haven’t purchased or asked for 

- you have been refused a financial service, such as a credit card or a bank/private loan, despite knowing you have a good credit history

- you receive a new mobile-phone contract, in your name, but whicjh you have not ordered or applied for

- you have been sent correspondences from solicitors or debt collecting agencies for debts that you know are not yours

- financial institutions that you have not dealt with contact you to pursue an outstanding debt.

- you find entries in your personal credit file from organisations you do not normally deal with

To check your credit rating and to look at your entire credit file, apply to any one of the following agencies. I report costs about £2 and is well worth checking:

Call Credit – http://www.callcredit.plc.uk/

Equifax – http://www.equifax.co.uk/

Experian – http://www.experian.co.uk/

Remember, if you have been contacted by any company or organisation about bills that you know are not yours, be sure to document every conversation you have with these companies, asking for the names of the people speaking to you and reference or case numbers where relevant.

Do not wait for things to sort themselves out. If you are a victim of identity fraud you must be proactive.

One of the most endemic forms of internet fraud comes in the form of what is commonly referred to as ‘phishing’. This is when a would-be (or actual) criminal impersonates a trusted institution, company or organization in an email in an attempt to make you reveal personal information.

Can you think how many “I am the Finance Minister of an African state overrun by guerrillas. Please give me your banking details so I can put a bazillion US Dollars in it for safe keeping” scams you have seen or heard of circulating the net?

But not all of these scams are quite so embarrassingly obvious, with some being highly sophisticated forms of fraud.

Entire bogus websites have been created in the past that replicate perfectly the legitimate websites of certain banking companies, and if you follow the link in the email sent to you by such fraudsters there are often very few clues to indicate that you aren’t at the legitimate website of your online banking account. If you enter your account number and security codes you are then certain to be robbed.

The trick here is to never email you bank account details back to your bank. No bank asks you to email them your passwords or account details. Likewise, do not follow links in emails that seem to be from your bank, instead just type their web-address into your browser and go there yourself to verify whatever claims are being made in the email.

Another form of ‘phishing’ is when you receive emails offering bogus job offers. These are intended to harvest your full name, address, CV, telephone numbers and, if they can get away with it, your banking details.

Don’t be fooled into thinking that as long as you don’t send your banking details you cannot be affected by some sort of scam. A friend of mine once gave her name, postal address, email address and messenger details to what she thought was a potential employer just so that she could receive more information about the ‘job’ being offered. She then received a batch of sealed boxes in the post that her would-be ‘employer’ told her was sent by mistake and asking if he could pop around to pick them up.

He did, but it turned out that the goods were by fraud or were illegal in themselves (my friend didn’t find out which). She was arrested a fortnight later and had her laptop computer and her Nokia 6500 Classic mobile phone confiscated for analysis as part of a major investigation into whatever internet crime she was implicated in.

The whole process was very invasive, with all her private computer files, emails and mobile phone messages being analysed by the police, before finally being acquitted without charge.

Another thing to watch out for is posting too much personal information on internet social network sites like MySpace or Facebook. Some criminals spend hours surfing through accounts that do not have strict enough security settings, harvesting information that may be used for various unwholesome deeds…

You have been warned…!

One of the most common forms of illicit (if not always illegal) PII acquisition comes from the harvesting of email addresses by various companies in order to send out seemingly endless amounts of advertising in the form of ‘junk mail’.

There are, however, more acute threats to our security that come from electronic sources and resources.

Having our computers ‘hacked’ into or infected with a ‘Trojan Horse’ virus or ’spyware’ are sure-fire ways to lose sensitive information. Hacks and some viruses can give another party access to our computer files and at the very least may reveal our email addresses, our friends’ email addresses, our internet browsing habits and even internet account passwords – all of which can be used for potentially nefarious and certainly nuisance ends.

The worst that can happen from having a compromised computer would be having private files sent across the internet without our knowledge to someone who wishes to use any sensitive information contained within them for criminal activities (such as fraud and theft).

Always be sure to have an active firewall and anti-virus software running when you are online and never download any files or programs from sources you don’t trust absolutely.

Similarly, private information can be gleaned from old and discarded computer equipment that has not been reformatted, destroyed or otherwise rendered unreadable before disposal. Never throw out a computer without first having at least deleted all relevant personal information from it.

In fact the best course of action might be to send your computer to a trusted source for reformatting and recycling, that way you protect your personal data and also help minimise your carbon footprint in some small (but always important) way.