Accelerate digital ID, review verification trust framework often to fight fraud: report
In the twentieth century, a phone call most often meant family or friends reaching out to catch up or share news. In the twenty-first, for many people, it most often means scams. A new report from Cifas and the Royal United Services Institute (RUSI) sounds the alarm on how AI, deepfakes and other techniques are fueling a surge in identity fraud – a global epidemic and “the most commonly experienced crime in the UK.”
According to “Who Do You Think You Are: Recommendations on the Future Response to Large-Scale Identity Fraud,” identity fraud now costs the UK an estimated £1.8 billion every year. And, it says, “these figures are set to soar.” One contributor “used the metaphor of the frog being slowly boiled over time to explain how the threat of identity fraud has been allowed to grow unchecked.”
The report argues that in response, the government must beef up its fraud strategy in an imminent update. Take the threat more seriously, it says, by initiating better intelligence sharing between public and private entities and by offering better support for victims of identity theft and fraud losses. Consider introducing a specific law for identity theft – the illegal acquisition of personal details – rather than waiting until those details have been used to commit fraud to declare a criminal offense.
More support needed for victims of identity fraud
Identity fraud represents the largest category of cases filed to the UK’s National Fraud Database. Victims suffer “considerable administrative, financial, and also psychological harms following the fraudulent use of their identity,” says Helena Wood, director of public policy at Cifas and a co-author of the report, in a release. “However, there is no support when repairing the damage that has been done. It is imperative that the Government’s Fraud Strategy treats this threat with the seriousness it deserves.”
Generated from a roundtable discussion hosted by Wood and Kathryn Westmore, senior research fellow at the RUSI Centre for Finance and Security, the report aims to capture what participants from financial institutions, regulatory and digital ID tech firms, credit rating agencies and the policy world think about the evolving nature of threat, and to identify “a range of policy, legislative, operational and technical interventions.”
Mobile account openings, biometric data leaks, phishing, the dark web, deepfakes: it all adds up to a massive shadow looming on the horizon – a fog of fraud that stands to disintegrate current data protection strategies. And it’s coming for everyone. “Essentially,” the report says, “we should all assume our data is out there and at risk” and that the problem is getting worse, fast.
“The industry is in an arms race; over time, the use of AI will improve, making fake documentation harder to spot, and the industry may struggle to keep up.”
Criminalizing ID theft could tackle problem at root
What to do? The authors list nine key recommendations for policymakers to consider.
Recommendation 1 says the government should “commission further research into the changing nature of the identity fraud threat and its societal and economic impact, as well as its intersection with other national security threats, including transnational organised crime and hostile state activity.”
Recommendation 2, concerning identity theft, says ‘The UK government’s planned review of fraud legislation should consider the pros and cons of expressly criminalising acts that contribute to identity theft.”
Recommendation 3 is related, noting that “tackling the enabling criminal architecture and those individuals key to the sale of identity details” is the best use of limited law enforcement resources for fighting fraud.
The fourth recommendation references a specific police initiative, Operation Amberhill, which facilitates the sharing of “‘fraudulently obtained genuine’ (FOG) identity document data” between the private and public sector. It urged the government to “revitalise Operation Amberhill, with additional resources and funding.”
Recommendation five notes the problem of friction and customer experience, and urges the financial industry to “conduct consumer attitudes surveys to explore consumer tolerance for increased ‘friction’ in the consumer credit application process, designed to reduce the threat of identity fraud.” Biometric options are implicit here.
Digital ID verification trust framework fixable; ‘culture’ trickier
The sixth recommendation concerns digital identity and the introduction of the Data (Use and Access) Bill 2024, which establishes a trust framework for digital ID verification services. But the framework is non-compulsory, meaning “variability in standards may lead to digital identities becoming a new vector of the identity fraud threat.”
The proposed solution is to “ensure that counter-fraud measures within the digital verification services trust framework are kept fit for purpose through robust annual review.” But it also touches on the more intangible problem of “the lack of a ‘culture’ of national identity verification” in the UK – liable to be a bigger problem in societies that are less accustomed to broad human accounting projects such as physical national ID cards, which are common in many developing nations where digital ID uptake is trending upward more quickly, leading to better fraud protection.
Recommendation 7 encourages more support for fraud victims and “further work to understand the impact, beyond financial losses.”
The final two recommendations return to the theme of data sharing: “law enforcement should consider a pilot to share with industry live operational non-identity attributes related to identity theft and fraud, and “the UK government should work with industry to develop real-time UK government-issued identity-checking solutions and provide a data feed to industry on false identities.”
Better coordination will lead to better defense. “At the heart of the response,” says the report, “must be a better collective understanding of the nature of the threat and increased knowledge and data connectivity between actors on the frontline of tackling the threat in the public and private sectors.”
Article Topics
Cifas | Data (Use and Access) Bill (DUA) | digital ID | digital identity | digital trust | fraud prevention | identity verification | market report | trust framework
Comments