Blog article
See all stories »

It's official - fraud is influenced by the recession

This week CIFAS, the UK’s Fraud Prevention Service, published its 2009 annual fraud statistics, and in line with expectations, the number of people affected by fraud continues to increase.

Since the recession started to bite 18 months ago the general view has been that fraud increases in a recession and fraudsters change their tactics depending on what promises to be most profitable for them.

Well we now have some definitive numbers to prove this hypothesis.

The assumption was that with a reduction in the amount of lending taking place we would see a reduction in the amount of application fraud taking place (the use of lies and forged documents in an attempt to obtain products or services). The CIFAS numbers support this with a 25 per cent reduction in application fraud.

That’s the good news; the bad news is fraudsters don’t just disappear into thin air. They have to protect their profits and margins.

The second part of the hypothesis was that fraudsters change tactics and this is exactly what we are seeing. Fraudsters have returned to stealing the identities of others in order to benefit financially. Across 2009, there were over 85,000 UK victims of impersonation (people whose identities have been hijacked by identity fraudsters) up 35 per cent and 24,000 victims of account takeover (existing accounts hijacked by fraudsters) up 16 per cent.

Indeed account takeover has increased by a staggering 250 per cent during the last 24 months, thanks to the ubiquitous use of phishing e-mails and malware. There has also been a 55 per cent increase in fraudulent insurance claims as claimants become more dishonest.

However, there is more good news. CIFAS reports a 241 per cent increase in the use of protective registration – a service that makes it more difficult for fraudsters to apply for credit under somebody else’s name. The increase has been put down to a heightened awareness of identity fraud, the damage it can do and the problems associated with resolution. People are now proactively looking for ways to stop identity fraud taking place in the first place.

This is huge cultural shift, albeit by a small population, but significant nevertheless.

There is also further good news. Now we know that fraudsters change their tactics, we can, to a certain extent, try to pre-empt their next move by tightening up existing fraud detection processes and implementing best practice to stop them in their tracks. The adoption of credit monitoring services and identity protection services can only help as consumers become more responsible for their personal and financial information.

The battle against fraud will continue to ebb and flow, but learning from recent trends, continued education and heightened consumer responsibility might just make a difference.


Comments: (1)

Uri Rivner
Uri Rivner - BioCatch - Tel Aviv 11 February, 2010, 11:19Be the first to give this comment the thumbs up 0 likes

Account takeover using Telephony is massive in the UK. In an October meeting of the leading card issuers RSA held in London, every single issuer pointed to account takeover fraud as the number one trend; and most of it is done by calling the issuer and using a mix of social engineering and credentials collected via phishing.

Other than the facts mentioned in this blog, there are 2 additional things to consider: first, fraudsters who do not speak English can use a service running out of Moscow to call UK banks. The service operates 24/7, costs $7 per call, and all you need is the phone banking credentials (which you can phish).

Second, a new attack vector is called Chat in the Middle - see

In this attack, fraudsters pop up a fake chat box after you click on a link in a standard phishing email, present themselves as the fraud department of the bank, and ask for your phone number. They'll ask you all the 'security questions' and then say that all is well in your account after all... Then use the stolen credentials to take over the account.

Technologies to stop these are biometrics (which still does not seem mature enough in terms of false rejections and ease of deployment), and Knowledge Based Authentication in which you're being asked multiple choice questions based on your background; the questions are built in a way that confuses fraudsters but is very 'top of mind' for the genuine users.

Retired Member

Member since

19 Mar


Blog posts




This post is from a series of posts in the group:

Online Banking

This community is for discussion of developments in the e-banking world, including mobile banking. This can include all the functional, business, technical, marketing, web site design, security and other related topics of Internet Banking segment, including public websites of the banks and financial institutions across the globe.

See all