It’s National Identity Fraud Prevention Week this week in the UK. As part of my identity fraud awareness push I’d like just go over some old ground. Fellowes a paper-shredding supplier commissioned a report which highlighted that 7 per cent of the UK population (4 million people) have been a victim of identity fraud at one time or another.
If you visit CIFAS the UK’s fraud prevention agency they claim that the average cost per person of identity fraud is 1190 GBP. This figure is misleading as we don’t know whether this refers to the ‘consumer’ or ‘financial institution’. If it is the consumer, then this is the cost of recovering an individuals identity, however if it is the latter then this is the cost per individual to the financial institution i.e. bank. When referring to statistics on fraud I generally use CIFAS as they are an independent body. That said my company has also compiled research over the years, however we have never used it for commercial gain – only providing our data to the media. This moves us on to the topic of identity theft or is that identity fraud…
If you didn’t know already there is a major difference between identity theft and identity fraud. The media keep on misleading by nearly always referring to “identity theft” rather than “identity fraud”. Let’s clear this up – identity theft is theft of data but not actually doing anything with it, while identity fraud on the other hand is actually using stolen data to commit a fraud in someone else’s name. If it’s identity theft, then the data has not been used for fraudulent purposes. So, the 4m number would just be another major data breach. Serious – yes but stats can be misleading. Anyone remember the HMRC data breach in the UK? The media slipped away as did the missing CD and as yet the data has never materialised in the public domain – and that was a 25m+ data breach and not an ‘identity fraud’.
I’m sceptical on statistics especially when companies are commissioned to compile data on identity fraud – in particular if some companies are using it to sell shredders. Most researchers also appear unable to distinguish between theft of data and actually doing something fraudulent with the stolen data. Identity fraud is all about impersonating someone, using their good name to obtain credit – financial gain – it’s not about anything else.
Safe surfing folks!