With news that fraud in the UK has surged by 22% in just the past year and 226,000 cases of identity fraud reported in the period, Terry Greenhow, Financial Crime Manager and MLRO at Ultimate Finance sheds the light on the differences between identity theft and identity fraud, and how businesses and individuals can act to protect themselves against fraudsters.
What is Identity theft?
Identity theft involves not only stealing the identity of a real person i.e. their names, date of birth and all other data used to identify someone, but can also apply to our business identities i.e., the legal persons we represent as directors or Beneficial owners. The purpose in stealing the identity of an individual or company is generally to commit identity fraud through use of that stolen identity data.
What is Identity Fraud?
Identity fraud on the other hand, is the use of that stolen data to commit fraud i.e., identity fraud. Again, this can be in terms of us as individuals and or the companies we represent. This can be to access and / or obtain by fraud valuable financial and or public services by pretending to be someone or a company without their knowledge.
Likewise, identity fraud (as opposed to identity theft) can involve creating an entirely fictitious identity whether an individual or legal person such as companies.
How can identity data be stolen?
Identity data is difficult to protect as the recording and provision of it is so integral and vital to everything that we do both in the offline physical world as well as the online digital world. You cannot access or obtain financial or public services without the provision of this data to verify your identity. Criminals seek to steal this data by exploiting security weaknesses and vulnerabilities in accessing and harvesting it (identity theft) or by tricking us into unwittingly disclosing it through various means. They then either sell it to others or use themselves for identity fraud purposes.
How is identity data used for fraud?
In short, where your identity data or that of your company is stolen, it is used to pose as you or your company to commit fraud by accessing and obtaining financial and or other public services without you or your companies’ knowledge or permission. Likewise, your company data may be used fraudulently to purport to be your company for the purpose of ordering goods, raising invoices etc. in your companies’ name to further a fraud by another company without your knowledge.
How can we protect our data?
If we become overly cautious and overly protective of the provision of our data, it restricts the access to financial and other public services we can access, which can have a negative impact on us as individuals as well as our businesses.
The truth is, you cannot entirely protect yourselves from crime and fraud online any more so than you can entirely protect yourself from crime and fraud offline. Just as you can mitigate risks in the physical world, you can mitigate risks online by being crime and fraud aware. This includes having appropriate anti-fraud policies, procedures, and training etc., including, risks of identity theft / fraud. Such strategies include exercising appropriate oversight and review of the security of your personal and company data and updating access methods such as digital access doors, windows, security keys and being aware of common online scams such as mandate fraud.
How we protect our clients, introducers, suppliers and third parties’ data alongside our own
- We embrace both the offline physical and online digital world as one in which our clients operate. We seek to reap the benefits of both whilst recognising and mitigating the risks for the benefit of our clients, third parties as well as Ultimate Finance.
- We conduct robust identification and verification checks of companies and individuals we onboard over and above the regulatory requirements through innovative and speedy tools for this purpose. These checks not only ensure that an individual or company exists but that the person or company we believe we are dealing with really is that person or company – to safeguard you and your company against the risks of identity theft and fraud.
- The same applies as above, to having robust systems and controls to ensure customers and invoices raised against your company are bone-fide and not raised fraudulently against your company without your knowledge to again safeguard you and your company against identity theft and fraud.
- We ensure that your personal and company data is kept secure and inaccessible other than to those internal staff who have a need to do so and with appropriate authority. We take digital security seriously so ensure our systems are protected. We enforce the use of strong passwords and multi-factor authentication including biometrics and that data is encrypted. We proactively monitor activities to detect and block unusual behaviour.
- Not only do we exercise appropriate due diligence on our clients and their customers to safeguard against identity theft and fraud, but we also exercise appropriate due diligence and oversight on third parties such as brokers, introducers, and suppliers etc. which in in turn protects our clients from fraud.
- We take our social responsibilities extremely seriously. We are members and work in partnership with government recognised anti-fraud organisations (CIFAS being one) specifically created to protect you, your companies and Ultimate Finance from fraud – including identity theft and fraud.
- We are regulated and overseen for our due diligence and personal data security by both the Financial Conduct Authority and Information Commissioners Office as well as being members of our professional trade associations.
- We exercise a zero-tolerance approach to persons or companies who commit fraud.