In January, when Niraj Virji and his girlfriend were preparing to buy their first home, the 27-year old noticed something was wrong. Despite always paying his bills on time, he was told his credit rating was terrible.
“It was strange and I must admit I was quite shocked,” says Mr Virji, who works as a buyer for WHSmith. Over the following weeks, he gradually understood he’d become the victim of an elaborate and complex case of identity theft and financial fraud, the repercussions of which would impact him for months.
Apps are integrated into their everyday lives and they expect financial services to be a seamless part of this digital lifestyle
Though Mr Virji is still unsure how fraudsters managed to swipe his personal information, allowing them to change his home address with the Driver and Vehicle Licensing Agency as well as on the electoral register. They then took out two loans in his name, with a combined value of almost £20,000. They opened several bank accounts and maxed out a credit card. They even tried buying a BMW. Mr Virji was oblivious to all this because any related correspondence was going to an address that wasn’t his.
“When I understood the true extent of the damage, it was just awful,” he says. “The worst thing was that when I tried to explain myself, some of the banks and financial institutions just didn’t believe me. I felt like there was a black mark against my name for ages. I even had debt collectors calling me.”
Digital natives under identity threat
Mr Virji’s experience is an extreme example of the potential risks associated with impersonation scams, but less severe incidents of personal information theft are occurring daily. In an on-demand economy, where cash is swiftly becoming a relic of the past and e-payments the norm, it’s increasingly common for spenders, particularly millennials, to lose sight of where their money is going and, crucially, whether it’s reaching the intended recipient.
“Millennials are digital natives who freely use digital channels and are happier [than other demographics] to share data,” explains Richard Petley, UK head of tech giant Oracle. “Their use of apps is integrated into their everyday lives and they expect financial services to be a seamless part of this digital lifestyle. In some cases, they may have more of a propensity to try out new services on digital platforms, which can create a higher susceptibility to financial fraud unless proper checks have been conducted.”
According to research recently published by Lloyds Banking Group, there was a near four-fold increase in the number of 18 to 34 year olds being caught out by impersonation scams in the year to July, making that demographic, along with the over 55 year olds, the most at risk of being the target of financial fraud.
Millennials are more likely than their older peers to have grown up with mobile phones and the internet, which means they tend to be more trusting of virtual services in entertainment, retail and transport, but also banking. And anecdotal evidence suggests they’re less likely to check their bank statements regularly if they don’t get alerts on their smartphone.
“An increase in people living on their mobile phones and the expectation that all the things you can do on them are safe, for example using social media, being able to spend money at the touch of a button and having access to any information you want at any time, has unfortunately led to a rise in scams and fraud, as well as other serious crimes,” says Natasha Vernier, head of financial crime at Monzo bank.
“It is really important our younger customers are educated on the risks involved in making payments to people posing as investors on social media and more generally on the risks that come with trusting everything found online or on mobile phones.”
Financial fraud becoming increasingly sophisticated
Impersonation scams usually involve somebody pretending to be from law enforcement or a bank and asking the victim to transfer money into a supposedly safe bank account. But financial fraud is taking on many increasingly sophisticated guises. The challenge to stay safe is becoming like a burdensome game of tag.
An extensive report on the matter published by KPMG earlier this year found that banks across all regions of the world consider cybercrimes, notably hacks and data breaches, to be the greatest challenge in the field of fraud risk. The report also highlights that the pace of technological developments means constant innovation is critical to safeguard defences.
“In the context of a changing global banking landscape, where the demand for face-to-face banking is decreasing, volumes of digital payments are increasing and payments are being processed in seconds, fraudsters are creatively finding new ways to steal from banks and their customers,” according to Natalie Faulkner, KPMG’s global fraud lead. “Banks need to be agile to respond to new threats, and embrace new approaches and technologies to predict and prevent fraud.”
Technology for safety imperative
Appetite for new technologies to help combat this rise in cybercrime is something a whole spectrum of organisations, from large, established businesses to fledgling startups, is capitalising on. Several companies are exploring the use of biometrics and tokenisation to safeguard customers’ sensitive personal information, particularly among millennials.
In tokenisation, each transaction is completed by generating a unique token which allows a customer’s sensitive data to be stored remotely. NatWest, meanwhile, in early October announced it was launching a three-month trial of biometric fingerprint credit cards in partnership with Mastercard and the software company Gemalto. The bank says the credit cards would offer contactless payments using fingerprint verification for transactions up to £100. Previously, NatWest had launched a trial for transactions up to £30.
“This is the biggest development in card technology in recent years and not having to enter a PIN not only increases security, but also makes it easier for our customers when paying for goods or services,” says Georgina Bulkeley, director of strategy and innovation at NatWest.
Bob Reany, executive vice president for identity solutions at Mastercard, echoes this. “Feeling confident that your information is protected is paramount,” he says. “Biometrics are more secure, more trusted and better suited to a world that requires more frequent authentication.”
Though there is evidence that digital banking has made customers more susceptible to financial fraud, Monzo says its technology has actually made it easier to spot anything unusual and take swift action against any form of risk.
The more than three million customers of the challenger bank get instant notifications the moment they pay for something, enabling them to spot an unauthorised use of their card immediately. They can then freeze their card instantly in the Monzo app.
Natasha Vernier, Monzo’s head of financial crime, says that because of this technology her team has been able to spot signs of a data breach at other companies before these have even been made public.
For example, the company alerted Ticketmaster in April last year when it detected high levels of suspicious activity in bank accounts used to make payments to the ticketing business. Ticketmaster later confirmed that a breach had occurred, affecting thousands of its customers.
“When British Airways was affected by a similar data breach, we identified the 1,300 Monzo customers who had been affected and ordered them replacement cards as a precaution,” says Ms Vernier.
Monzo has also built a proprietary 3D Secure system which verifies online purchases in-app.
“More generally, Monzo does not rely on passwords to access the app, but just on the customer's PIN to make payments, because passwords are inherently insecure. Who hasn’t used the same password twice?,” says Ms Vernier. “And we never contact our customers by SMS as this is easy to spoof and a route for a large amount of social engineering scams.”