Two new studies on fraud and cybersecurity revealed, yet again the scale of the problems in society and business today.

CIFAS identity fraud report

Cifas, the UK’s leading fraud prevention service, has released new figures showing that identity fraud in the UK has continued to rise at record levels in the first six months of 2017.  A record 89,000 identity frauds were recorded, up 5% from last year. Representing over half of all fraud recorded by the UK’s not-for-profit fraud data sharing organisation, 83% of identity frauds were perpetrated online.

The latest figures show there has been a sharp rise in identity fraudsters applying for loans, online retail, telecoms and insurance products. Although the number of identity fraud attempts against bank accounts and plastic cards has fallen these still account for more than half of all identity fraud cases.  

The vast majority of identity fraud happens when a fraudster pretends to be an innocent individual to buy a product or take out a loan in their name. Often victims do not even realise that they have been targeted until a bill arrives for something they did not buy or they experience problems with their credit rating. To carry out this kind of fraud successfully, fraudsters need access to their victim’s personal information such as name, date of birth, address, their bank and who they hold accounts with. Fraudsters get hold of this in a variety of ways, from stealing mail through to hacking; obtaining data on the ‘dark web’; exploiting personal information on social media, or though ‘social engineering’ where innocent parties are persuaded to give up personal information to someone pretending to be from their bank, the police or a trusted retailer. 

Identity fraud cases by product

Source & Copyright©2017 - CIFAS

Head of the City of London Police’s Economic Crime Directorate, Detective Superintendent Glenn Maleary said: 

“Identify fraud continues to be a significant issue in law enforcement and the new figures which Cifas has released today come as no surprise. The more our lives move online the easier it becomes for fraudsters to steal our identity. It has become normal for people to publish personal details about themselves on social media and on other online platforms which makes it easier than ever for a fraudster to steal someone’s identity.”

Symantec 2017 Internet Security Threat Report

Symantec has established the largest civilian threat collection network in the world, and one of the most comprehensive collections of cyber security threat intelligence through the Symantec Global Intelligence Network™. The Symantec Global Intelligence Network tracks over 700,000 global adversaries and records events from 98 million attack sensors worldwide. Cyber attackers revealed new levels of ambition in 2016, a year marked by extraordinary attacks, including multi-million dollar virtual bank heists, overt attempts to disrupt the US electoral process by state-sponsored groups, and some of the biggest distributed denial of service (DDoS) attacks on record powered by a botnet of Internet of Things (IoT) devices.

The 2017 ISTR report found that there were:

• A record 15 reaches with more than 10 million identities exposed in 2016
• In the last 8 years more than 7.1 billion identities have been exposed in data breaches
• Average ransom amount hit a record of $1,077
• Increasing vulnerabilities from increased cloud Apps usage
• It takes 2 minutes for an Internet of Things device to be attacked.

Overall businesses and society are becoming increasingly vulnerable and there is an underground market to buy the tools for hacking and to sell the identities collected. 

Fortunately, in Symantec’s 2017 Internet Security Threat Report each section contains a section on the Best Practices to avoid and/or minimise the impact for each type of threat. 

BELLIN’s best practices to minimise cyberfraud

BELLIN TV’s “Curing the digital disease: How to outwit cybercrime” using analogies from a castle as to how to minimise cybercrime by the corporate treasury department having firewalls and IT technology to protect corporate treasury by:

• Only having one entrance or gateway (or at least minimse them)
• Only one consolidated payment platform with single point of entry
• Internal processes: not have set up where one single person can enter and approve a payment, and not allow a single device can be used for whole process
• In user security: uses biometrics to immediately identify strangers, always follow the standard proscribed procedures 
• Using TMS provider that you can rely on for complete security
• Being aware that the increased use of mobile technology brings with it new risks and new types of attacks that need to be covered too.

---

CTMfile take: Identity fraud - internally and externally - is probably the biggest threat to the corporate treasury department  today. Having a vision and visibility of the risks involved in the corporate treasury department is key.