Companies must recognise security risks from without and
within, says Optima Legal’s Emma Stirk.
Go deeper with GlobalData
Over
recent years, fraud awareness has increased rapidly within the
motor finance industry, and improvements have been made in
identifying, and limiting susceptibility to, financial crime.
However, as identity-related fraud
continues to increase, organisations need to maintain a ‘fraud
focus’, ensuring they have adequate measures in place for dealing
with data that could be used for fraudulent purposes.
Analysis by CIFAS, the UK’s fraud
prevention service, revealed identity fraud accounted for nearly
50% of all confirmed frauds during the first half of 2011.
CIFAS communications manager
Richard Hurley says: “Someone’s personal and financial details are
like a licence to print money for the modern fraudster.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalData“Whether they were obtained
digitally or physically, the fact that over a half of all frauds in
some way relate to the misuse of other people’s personal details
clearly underlines the severity of the threat.”
Such a significant statistic should
ring alarm bells for all financial organisations. Data is a
valuable commodity to fraudsters and with the number of reported
frauds so high it is worrying to estimate what the true figure
would be when unreported incidents are added.
So what can organisations do to
protect themselves and their customers?
Firms need to adopt a risk-based
approach to the financial crime systems and controls already in
place. This means undertaking financial crime-specific risk
assessments in line with Principles 2 and 3 of the Financial
Services Authority’s Principles for Business.
These should be carried out for the
business as a whole and, where an organisation provides more than
one product, for each individual product.
Following a thorough review, the
results should be recorded and a strategy produced to ensure there
are effective and appropriate controls in place (as required by the
handbook’s SYSC 3.2.6R clause). However, this needs
clarification.
Many organisations undertake due
diligence as part of their ‘know your customer’ regimes – essential
to highlight instances of potential identity fraud and limit
potential fraudsters from gaining access to the UK finance
market.
Few organisations, however,
recognise the risk of data compromise or data theft from within
their own organisations.
Data held by firms is incredibly
valuable if obtained by criminals – especially where the victim has
already been approved for credit. Organisations have legal and
regulatory responsibilities to safeguard data and should ensure
adequate systems and controls are in place to limit unnecessary
staff access.
The consequences of bad data
protection not only affect reputation, but can also lead to
regulatory and legal penalties.
The threat of financial crime will
always be present, especially in the case of identity theft, given
the current financial climate and our increasing use of mobile
technologies to conduct our financial affairs.
It is therefore essential that
organisations minimise the opportunities for financial crime and
identity fraud, in particular through continuous focus on
developing and implementing effective financial crime
identification systems and controls.
Emma Stirk is an associate
solicitor at Optima Legal
