View more on these topics

Identity crisis

Identity theft is the major new crime of the decade. In just a few years, it has gone from being virtually unheard of to being a big issue which is seriously undermining many consumers’ attitude towards more efficient methods of working.

The cost to the UK economy is quoted as £1.3bn a year, with more than 100,000 people affected. This figure seems to go back to 2002 when it was published as part of the Government’s attempt to convince people that identity cards would be a good thing.

This probably means that the £1.3bn estimate is considerably below the real figure. This view is easily supported if you look at recent US data. The American Federal Deposit Insurance Corporation estimates that during 2003 no fewer than 10 million Americans suffered identity theft at a total cost to business and consumers of a staggering $50bn.

The risk of identity theft and fraud has to be a major issue for any organisation holding personal inform-ation about consumers and their investments.

For online access to information, the life and pension industry does, at least, have some framework for digital security with the Unipass certificates. You may, like me, feel that Unipass is flawed and have yet to be convinced that it meets the needs of the adviser community. There is, however, some merit in the argument that, in the absence of a more suitable solution, Unipass is better than nothing.

Increasingly, I believe there is a far more serious weakness in security than online services. For example, providers’ call centres. The security practices they use must be the cause of increasing concern. An adviser wanting information from a product provider concerning a client’s investment will simply call up and go through some basic security questions and be given the requested information.

Let us not panic here. Those in the front line are banks and other financial institutions holding retail deposits, where, if they can be tricked into releasing funds, once they are in the money transmission system, can travel around the world in seconds and disappear. But as these organisations are strengthening their security against identify fraud, it is inevitable that criminal elements will seek out softer targets.

Given the far bigger amounts which sit within medium to long-term investments, compared with balances on instant access bank deposits, there may be rich pickings if fraudsters can penetrate life office and fund management groups.

Let us look briefly at how this might happen. Having extracted the basic details of the contract and policy number, plus the sort of information that might enable them to predict passwords, a fraudster might call to notify a change of address. An innocent enough activity. A few weeks later, the bank account might be changed. Shortly after this a request is made for a partial encashment of the value of the investment, with the proceeds going to the spoof bank account. Having not been greedy and asked for less than a full encashment, they are less likely to have had to produce physical documentation such as the original policy.

How many investment providers procedures would identify the fraud risk in such a series of events? As a side issue, this makes a further case for all such notifications to be communicated to the adviser as well as the client. The main issue, however, must be how robust are current procedures to protect against such risks?

There is ample research to prove how staggeringly easy it can be for criminals to gather the necessary information. In one survey, 79 per cent of people, when stopped on the street and asked questions, revealed information that would give a good indication of what their passwords might be. Very few people use alpha-numeric passwords.

According to one study, 15 per cent of people use the names of their partners as passwords, 11 per cent the football teams they support and 8 per cent use their pet’s name. This is an example of a process the security industry calls social engineering – human interaction to obtain confidential information discreetly, without the victim realising the value of the information they are revealing. It is easy to see how a major problem is building.

Earlier this year, Which? published a report on how to avoid becoming a victim of identity theft. As part of its research, it persuaded a major high-street supermarket to reveal details of the stores that its editor had visited, how much he had spent and confidential medical information, all without checking the identity of the people asking for the information. It nearly succeeded in changing his address on a credit card and possibly would have succeed in doing so, if the editor had not failed to keep the bank aware of his current address.

To me, this makes a strong case for far more rigorous security at all levels of customer and adviser contact. This may run contrary to the 21st Century ethos of give the customer or adviser whatever they want whenever they want it. Security needs to be effective but not intrusive.

Ideally, it needs to be robust but operate in a way that the client may not even realise it is taking place. It also should not be tied to a single item of hardware and should not require additional technology that the user will not already have.

Recently, I have been looking at a number of tech- nologies which could meet this requirement. One is voice recognition. Using such systems, the identity of a client can be measured against a voiceprint as the conversation with the call centre operative commences. Customers could still be taken through simple validation of primary details such as postcode and date of birth but the real security check is not being carried pout against the replies the caller gives but against a more accurate and secure check against the voice- print records.

This technology has the capacity to be used for online security mechanisms, where a microphone can be connected to the PC, so they could have an application in more than just the call-centre environment.

We are at the beginning of our investigation into advanced security practices and will be publishing an analysis of some of the options in the next couple of months. Any organisation wanting to receiving a copy can email me, with their contact details, at ian.mckenna@ftrc.co.uk

Recommended

ScotEq Intl setting up property portfolio with four fund firms

Scottish Equitable International is setting up a property portfolio with four fund firms and is offering 6 per cent commission on the scheme. New Star property unit trust, M&G property fund, Brandeaux and Norwich Union property trust have signed up to Scottish Equitable International’s portfolio which will give IFAs the opportunity to pick an investment […]

Yule tide

Those Lanson girls really are eager. Ex-Money Marketing hack now at the Daily Mail James Coney got a pleasant call from a Lansonette with a press release which she described as being “really relevant at the moment”. Was it on the subject of the party political conferences taking place over the next few weeks, the […]

Make A-Day while the sun shines

Origen technical manager Bob Perkins says: “In common with other providers who are looking to secure business ahead of and after April 6, 2006, Winterthur has updated its s32 offering. As we would expect, it has designed a very flexible product with a wide range of options, including self-investment.” Perkins feels the charging structure is […]

Fairclough quits as Ailo chief exec

Association of International Life Offices chief executive Stuart Fairclough has resigned after two years to pursue other interests. A meeting is taking place at Ailo next week to decide if a replacement needs to be found.

Newsletter

News and expert analysis straight to your inbox

Sign up

Comments

    Leave a comment

    Close

    Why register with Money Marketing ?

    Providing trusted insight for professional advisers.  Since 1985 Money Marketing has helped promote and analyse the financial adviser community in the UK and continues to be the trusted industry brand for independent insight and advice.

    News & analysis delivered directly to your inbox
    Register today to receive our range of news alerts including daily and weekly briefings

    Money Marketing Events
    Be the first to hear about our industry leading conferences, awards, roundtables and more.

    Research and insight
    Take part in and see the results of Money Marketing's flagship investigations into industry trends.

    Have your say
    Only registered users can post comments. As the voice of the adviser community, our content generates robust debate. Sign up today and make your voice heard.

    Register now

    Having problems?

    Contact us on +44 (0)20 7292 3712

    Lines are open Monday to Friday 9:00am -5.00pm

    Email: customerservices@moneymarketing.com