Experian, the UK's largest credit reference agency, has highlighted that many cases of "insider fraud" – where an employee defrauds his or her employer – could be prevented if companies holding personal information were to carry out adequate checks on the backgrounds of their employees before giving them access to highly confidential personal information.
As the Information Commissioner calls for the more severe penalties to prevent rogue employees from selling personal information to organisations which have no legal right to purchase that information, Richard Fiddis, Managing Director of Experian, said:
"Experian has always taken data security and the abuse or attempted abuse of data very seriously. Access to full and accurate information and data sharing are a cornerstone of the UK financial system and have played a large part in the success of the UK economy. Attempts to circumvent the system through impersonation or abuse are a crime every bit as serious as other forms of theft. Experian's work on bin raiding and ID theft shows how serious and long reaching the impact can be and we welcome the Information Commissioner's recommendation that this crime should be treated more seriously.
"Most financial institutions carry out financial background checks on new recruits with access to company or clients' funds. That's simply common sense as well as prudent management. We are also seeing increased demand for background checking for all employees among larger financial institutions but many smaller organisations and those not involved in financial services don't seem to appreciate that they are also vulnerable to insider theft of their customer information.
"The Information Commissioner has highlighted the fact that it is usually rogue employees who are the source of illegally purchased personal information, which is being used by organisations such as newspapers, tracing agents, debt collectors and private investigators in contravention of the Data Protection Act. Increasingly, professional fraud gangs are planting "sleepers" inside companies, to be activated a year or two later to begin illegally supplying them with personal data.
"Whilst we would welcome increased penalties, the best way to tackle this type of fraud is to tackle it at source.
"That's why organisations must take every precaution, including making checks during employment, to prevent employees being tempted to sell personal information illegally to a third party.
"Experian's overriding objective is the protection of individuals' personal information and their identity, which is why we employ the most robust information security systems available. It's also why we offer robust background checking services on employees and potential recruits, not just in sensitive roles, but throughout the organisation."
Separately, Experian today launched the next generation of its Knowledge-Based Authentication services platform. The platform enhancements will help Experian clients expand their authentication capabilities by offering a broader array of questions than had previously been available. New questions not related to credit topics and not under the auspices of the Fair Credit Reporting Act (FCRA) are now provided to add another dimension to the authentication process.
Identity authentication is one of the most effective methods available to protect consumers and businesses from becoming victims of identity theft. With the introduction of non-FCRA, noncredit questions, Experian provides the most comprehensive Knowledge-Based Authentication solution for fraud prevention and detection. In total, Experian's solution now offers more than 30 credit- and noncredit-based questions. Additionally, Experian's solutions meet Knowledge-Based Authentication needs across the regulatory spectrum, including guidelines outlined by the Federal Financial Institutions Examination Council (FFIEC).
"The best resource financial institutions can have against identity theft and third-party fraud is a solid knowledge-based authentication solution," said Marc Kirshbaum, president of Experian's Fraud Solutions. "Experian's enhanced KBA platform can strengthen an institution's current authentication service and provide multifactor authentication addressed in recent FFIEC guidelines."
Enhancements included in this release of Experian's Knowledge-Based Authentication solution include providing the clients the option of assigning greater importance to one or a series of questions, customizing the order of the questions and expanded reporting capabilities. The result is a solution that is adaptable to the needs and requirements of individual institutions.
Experian's Knowledge-Based Authentication is a cost-effective and easy-to-implement solution that mitigates the risk of fraudulent activity and is backed by the company's breadth of data resources. The system provides the ability to remotely authenticate individuals without delay, enabling consumers and businesses to quickly and securely conduct business with minimized risk.